Index: wp-includes/query.php =================================================================== --- wp-includes/query.php (revision 6253) +++ wp-includes/query.php (revision 6510) @@ -33,7 +33,7 @@ function is_admin () { - global $wp_query; - - return ($wp_query->is_admin || (stripos($_SERVER['REQUEST_URI'], 'wp-admin/') !== false)); + if ( defined('WP_ADMIN') ) + return WP_ADMIN; + return false; } @@ -643,5 +643,5 @@ $this->is_preview = true; - if ( strpos($_SERVER['PHP_SELF'], 'wp-admin/') !== false ) + if ( is_admin() ) $this->is_admin = true; Index: wp-includes/wp-db.php =================================================================== --- wp-includes/wp-db.php (revision 6110) +++ wp-includes/wp-db.php (revision 6470) @@ -16,9 +16,10 @@ class wpdb { - var $show_errors = true; + var $show_errors = false; var $num_queries = 0; var $last_query; var $col_info; var $queries; + var $ready = false; // Our tables @@ -57,4 +58,7 @@ register_shutdown_function(array(&$this, "__destruct")); + if ( defined('WP_DEBUG') and WP_DEBUG == true ) + $this->show_errors(); + if ( defined('DB_CHARSET') ) $this->charset = DB_CHARSET; @@ -75,5 +79,8 @@

If you're unsure what these terms mean you should probably contact your host. If you still need help you can always visit the WordPress Support Forums.

"); - } + return; + } + + $this->ready = true; if ( !empty($this->charset) && version_compare(mysql_get_server_info(), '4.1.0', '>=') ) @@ -93,4 +100,5 @@ function select($db) { if (!@mysql_select_db($db, $this->dbh)) { + $this->ready = false; $this->bail("

Can’t select database

@@ -98,7 +106,9 @@

Are you sure it exists?
Does the user ".DB_USER." have permission to use the $db database?
On some systems the name of your database is prefixed with your username, so it would be like username_wordpress. Could that be the problem?

If you don't know how to setup a database you should contact your host. If all else fails you may find help at the WordPress Support Forums.

"); + return; } } @@ -150,16 +160,19 @@ array ('query' => $this->last_query, 'error_str' => $str); + $error_str = "WordPress database error $str for query $this->last_query"; + error_log($error_str, 0); + + // Is error output turned on or not.. + if ( !$this->show_errors ) + return false; + $str = htmlspecialchars($str, ENT_QUOTES); $query = htmlspecialchars($this->last_query, ENT_QUOTES); - // Is error output turned on or not.. - if ( $this->show_errors ) { - // If there is an error then take note of it - print "

WordPress database error: [$str]
- $query

"; - } else { - return false; - } + + // If there is an error then take note of it + print "

WordPress database error: [$str]
+ $query

"; } @@ -167,10 +180,14 @@ // Turn error handling on or off.. - function show_errors() { - $this->show_errors = true; + function show_errors( $show = true ) { + $errors = $this->show_errors; + $this->show_errors = $show; + return $errors; } function hide_errors() { + $show = $this->show_errors; $this->show_errors = false; + return $show; } @@ -188,4 +205,7 @@ function query($query) { + if ( ! $this->ready ) + return false; + // filter the query, if filters are available // NOTE: some queries are made before the plugins have been loaded, and thus cannot be filtered with this method @@ -400,6 +420,11 @@ */ function bail($message) { // Just wraps errors in a nice header and footer - if ( !$this->show_errors ) + if ( !$this->show_errors ) { + if ( class_exists('WP_Error') ) + $this->error = new WP_Error('500', $message); + else + $this->error = $message; return false; + } wp_die($message); } Index: wp-includes/formatting.php =================================================================== --- wp-includes/formatting.php (revision 6183) +++ wp-includes/formatting.php (revision 6453) @@ -623,16 +623,33 @@ } +function _make_url_clickable_cb($matches) { + $url = $matches[2]; + $url = clean_url($url); + if ( empty($url) ) + return $matches[0]; + return $matches[1] . "$url"; +} + +function _make_web_ftp_clickable_cb($matches) { + $dest = $matches[2]; + $dest = 'http://' . $dest; + $dest = clean_url($dest); + if ( empty($dest) ) + return $matches[0]; + + return $matches[1] . "$dest"; +} + +function _make_email_clickable_cb($matches) { + $email = $matches[2] . '@' . $matches[3]; + return $matches[1] . "$email"; +} + function make_clickable($ret) { $ret = ' ' . $ret; // in testing, using arrays here was found to be faster - $ret = preg_replace( - array( - '#([\s>])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is', - '#([\s>])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is', - '#([\s>])([a-z0-9\-_.]+)@([^,< \n\r]+)#i'), - array( - '$1$2', - '$1$2', - '$1$2@$3'),$ret); + $ret = preg_replace_callback('#([\s>])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is', '_make_url_clickable_cb', $ret); + $ret = preg_replace_callback('#([\s>])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is', '_make_web_ftp_clickable_cb', $ret); + $ret = preg_replace_callback('#([\s>])([.0-9a-z_+-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,})#i', '_make_email_clickable_cb', $ret); // this one is not in an array because we need it to run last, for cleanup of accidental links within links $ret = preg_replace("#(]+?>|>))]+?>([^>]+?)#i", "$1$3", $ret); Index: wp-includes/taxonomy.php =================================================================== --- wp-includes/taxonomy.php (revision 6253) +++ wp-includes/taxonomy.php (revision 6322) @@ -664,4 +664,8 @@ */ function sanitize_term($term, $taxonomy, $context = 'display') { + + if ( 'raw' == $context ) + return $term; + $fields = array('term_id', 'name', 'description', 'slug', 'count', 'parent', 'term_group'); Index: wp-includes/post.php =================================================================== --- wp-includes/post.php (revision 6205) +++ wp-includes/post.php (revision 6492) @@ -429,4 +429,8 @@ function sanitize_post($post, $context = 'display') { + + if ( 'raw' == $context ) + return $post; + // TODO: Use array keys instead of hard coded list $fields = array('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_date', 'post_date_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'post_category'); @@ -1140,4 +1144,5 @@ $meta_key = ''; $meta_value = ''; + $hierarchical = false; $incpages = preg_split('/[\s,]+/',$include); if ( count($incpages) ) { Index: wp-includes/version.php =================================================================== --- wp-includes/version.php (revision 6292) +++ wp-includes/version.php (revision 6523) @@ -3,5 +3,5 @@ // This holds the version number in a separate file so we can bump it without cluttering the SVN -$wp_version = '2.3.1'; +$wp_version = '2.3.2'; $wp_db_version = 6124; Index: wp-includes/pluggable.php =================================================================== --- wp-includes/pluggable.php (revision 6266) +++ wp-includes/pluggable.php (revision 6443) @@ -73,7 +73,7 @@ return false; - $wpdb->hide_errors(); + $show = $wpdb->hide_errors(); $metavalues = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'"); - $wpdb->show_errors(); + $wpdb->show_errors($show); if ($metavalues) { Index: wp-includes/functions.php =================================================================== --- wp-includes/functions.php (revision 6232) +++ wp-includes/functions.php (revision 6448) @@ -199,8 +199,8 @@ if ( false === $value ) { if ( defined('WP_INSTALLING') ) - $wpdb->hide_errors(); + $show = $wpdb->hide_errors(); $row = $wpdb->get_row("SELECT option_value FROM $wpdb->options WHERE option_name = '$setting' LIMIT 1"); if ( defined('WP_INSTALLING') ) - $wpdb->show_errors(); + $wpdb->show_errors($show); if( is_object( $row) ) { // Has to be get_row instead of get_var because of funkiness with 0, false, null values @@ -237,9 +237,9 @@ function get_alloptions() { global $wpdb, $wp_queries; - $wpdb->hide_errors(); + $show = $wpdb->hide_errors(); if ( !$options = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'") ) { $options = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options"); } - $wpdb->show_errors(); + $wpdb->show_errors($show); foreach ($options as $option) { @@ -264,8 +264,8 @@ if ( !$alloptions ) { - $wpdb->hide_errors(); + $show = $wpdb->hide_errors(); if ( !$alloptions_db = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'") ) $alloptions_db = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options"); - $wpdb->show_errors(); + $wpdb->show_errors($show); $alloptions = array(); foreach ( (array) $alloptions_db as $o ) @@ -893,7 +893,7 @@ function is_blog_installed() { global $wpdb; - $wpdb->hide_errors(); + $show = $wpdb->hide_errors(); $installed = $wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = 'siteurl'"); - $wpdb->show_errors(); + $wpdb->show_errors($show); $install_status = !empty( $installed ) ? TRUE : FALSE; @@ -1420,3 +1420,35 @@ } +function dead_db() { + global $wpdb; + + // Load custom DB error template, if present. + if ( file_exists( ABSPATH . 'wp-content/db-error.php' ) ) { + require_once( ABSPATH . 'wp-content/db-error.php' ); + die(); + } + + // If installing or in the admin, provide the verbose message. + if ( defined('WP_INSTALLING') || defined('WP_ADMIN') ) + wp_die($wpdb->error); + + // Otherwise, be terse. + status_header( 500 ); + nocache_headers(); + header( 'Content-Type: text/html; charset=utf-8' ); ?> + +> + + Database Error + + + +

Error establishing a database connection

+ + + Index: wp-app.php =================================================================== --- wp-app.php (revision 6125) +++ wp-app.php (revision 6508) @@ -160,4 +160,8 @@ function get_service() { log_app('function','get_service()'); + + if( !current_user_can( 'edit_posts' ) ) + $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) ); + $entries_url = attribute_escape($this->get_entries_url()); $categories_url = attribute_escape($this->get_categories_url()); @@ -189,6 +193,9 @@ function get_categories_xml() { - log_app('function','get_categories_xml()'); + + if( !current_user_can( 'edit_posts' ) ) + $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) ); + $home = attribute_escape(get_bloginfo_rss('home')); @@ -283,6 +290,9 @@ function get_post($postID) { - global $entry; + + if( !current_user_can( 'edit_post', $postID ) ) + $this->auth_required( __( 'Sorry, you do not have the right to access this post.' ) ); + $this->set_current_entry($postID); $output = $this->get_entry($postID); @@ -373,6 +383,7 @@ function get_attachment($postID = NULL) { - - global $entry; + if( !current_user_can( 'upload_files' ) ) + $this->auth_required( __( 'Sorry, you do not have the right to file uploads on this blog.' ) ); + if (!isset($postID)) { $this->get_attachments(); @@ -495,4 +506,8 @@ $location = get_post_meta($entry['ID'], '_wp_attached_file', true); + $filetype = wp_check_filetype($location); + + if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext'])) + $this->internal_error(__('Error ocurred while accessing post metadata for file location.')); // delete file @@ -796,5 +811,4 @@ - Index: xmlrpc.php =================================================================== --- xmlrpc.php (revision 6127) +++ xmlrpc.php (revision 6504) @@ -187,4 +187,10 @@ return($this->error); } + + set_current_user( 0, $username ); + if( !current_user_can( 'edit_page', $page_id ) ) + return new IXR_Error( 401, __( 'Sorry, you can not edit this page.' ) ); + + do_action('xmlrpc_call', 'wp.getPage'); // Lookup page info. @@ -269,4 +275,10 @@ } + set_current_user( 0, $username ); + if( !current_user_can( 'edit_pages' ) ) + return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) ); + + do_action('xmlrpc_call', 'wp.getPages'); + // Lookup info on pages. $pages = get_pages(); @@ -427,4 +439,10 @@ } + set_current_user( 0, $username ); + if( !current_user_can( 'edit_pages' ) ) + return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) ); + + do_action('xmlrpc_call', 'wp.getPageList'); + // Get list of pages ids and titles $page_list = $wpdb->get_results(" @@ -460,5 +478,4 @@ */ function wp_getAuthors($args) { - global $wpdb; $this->escape($args); @@ -472,5 +489,21 @@ } - return(get_users_of_blog()); + set_current_user(0, $username); + if(!current_user_can("edit_posts")) { + return(new IXR_Error(401, __("Sorry, you can not edit posts on this blog."))); + } + + do_action('xmlrpc_call', 'wp.getAuthors'); + + $authors = array(); + foreach( (array) get_users_of_blog() as $row ) { + $authors[] = array( + "user_id" => $row->user_id, + "user_login" => $row->user_login, + "display_name" => $row->display_name + ); + } + + return($authors); } @@ -494,5 +527,5 @@ // allowed to add a category. set_current_user(0, $username); - if(!current_user_can("manage_categories", $page_id)) { + if(!current_user_can("manage_categories")) { return(new IXR_Error(401, __("Sorry, you do not have the right to add a category."))); } @@ -548,4 +581,10 @@ } + set_current_user(0, $username); + if( !current_user_can( 'edit_posts' ) ) + return new IXR_Error( 401, __( 'Sorry, you must be able to publish to this blog in order to view categories.' ) ); + + do_action('xmlrpc_call', 'wp.suggestCategories'); + $args = array('get' => 'all', 'number' => $max_results, 'name__like' => $category); $category_suggestions = get_categories($args); @@ -598,4 +637,10 @@ } + set_current_user( 0, $user_login ); + if( !current_user_can( 'edit_posts' ) ) + return new IXR_Error( 401, __( 'Sorry, you do not have access to user data on this blog.' ) ); + + do_action('xmlrpc_call', 'blogger.getUserInfo'); + $user_data = get_userdatabylogin($user_login); @@ -604,5 +649,4 @@ 'userid' => $user_data->ID, 'url' => $user_data->user_url, - 'email' => $user_data->user_email, 'lastname' => $user_data->last_name, 'firstname' => $user_data->first_name @@ -626,5 +670,10 @@ } - $user_data = get_userdatabylogin($user_login); + set_current_user( 0, $user_login ); + if( !current_user_can( 'edit_post', $post_ID ) ) + return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); + + do_action('xmlrpc_call', 'blogger.getPost'); + $post_data = wp_get_single_post($post_ID, ARRAY_A); @@ -664,4 +713,6 @@ $posts_list = wp_get_recent_posts($num_posts); + set_current_user( 0, $user_login ); + if (!$posts_list) { $this->error = new IXR_Error(500, __('Either there are no posts, or something went wrong.')); @@ -670,4 +721,6 @@ foreach ($posts_list as $entry) { + if( !current_user_can( 'edit_post', $entry['ID'] ) ) + continue; $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); @@ -1329,76 +1382,81 @@ function mw_getPost($args) { - global $wpdb; - - $this->escape($args); - - $post_ID = (int) $args[0]; - $user_login = $args[1]; - $user_pass = $args[2]; - - if (!$this->login_pass_ok($user_login, $user_pass)) { - return $this->error; - } - - $postdata = wp_get_single_post($post_ID, ARRAY_A); - - if ($postdata['post_date'] != '') { - - $post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date']); - $post_date_gmt = mysql2date('Ymd\TH:i:s', $postdata['post_date_gmt']); - - $categories = array(); - $catids = wp_get_post_categories($post_ID); - foreach($catids as $catid) { - $categories[] = get_cat_name($catid); - } - - $tagnames = array(); - $tags = wp_get_post_tags( $post_ID ); - if ( !empty( $tags ) ) { - foreach ( $tags as $tag ) { - $tagnames[] = $tag->name; - } - $tagnames = implode( ', ', $tagnames ); + global $wpdb; + + $this->escape($args); + + $post_ID = (int) $args[0]; + $user_login = $args[1]; + $user_pass = $args[2]; + + if (!$this->login_pass_ok($user_login, $user_pass)) { + return $this->error; + } + + set_current_user( 0, $user_login ); + if( !current_user_can( 'edit_post', $post_ID ) ) + return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); + + do_action('xmlrpc_call', 'metaWeblog.getPost'); + + $postdata = wp_get_single_post($post_ID, ARRAY_A); + + if ($postdata['post_date'] != '') { + $post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date']); + $post_date_gmt = mysql2date('Ymd\TH:i:s', $postdata['post_date_gmt']); + + $categories = array(); + $catids = wp_get_post_categories($post_ID); + foreach($catids as $catid) { + $categories[] = get_cat_name($catid); + } + + $tagnames = array(); + $tags = wp_get_post_tags( $post_ID ); + if ( !empty( $tags ) ) { + foreach ( $tags as $tag ) { + $tagnames[] = $tag->name; + } + $tagnames = implode( ', ', $tagnames ); + } else { + $tagnames = ''; + } + + $post = get_extended($postdata['post_content']); + $link = post_permalink($postdata['ID']); + + // Get the author info. + $author = get_userdata($postdata['post_author']); + + $allow_comments = ('open' == $postdata['comment_status']) ? 1 : 0; + $allow_pings = ('open' == $postdata['ping_status']) ? 1 : 0; + + $resp = array( + 'dateCreated' => new IXR_Date($post_date), + 'userid' => $postdata['post_author'], + 'postid' => $postdata['ID'], + 'description' => $post['main'], + 'title' => $postdata['post_title'], + 'link' => $link, + 'permaLink' => $link, + // commented out because no other tool seems to use this + // 'content' => $entry['post_content'], + 'categories' => $categories, + 'mt_excerpt' => $postdata['post_excerpt'], + 'mt_text_more' => $post['extended'], + 'mt_allow_comments' => $allow_comments, + 'mt_allow_pings' => $allow_pings, + 'mt_keywords' => $tagnames, + 'wp_slug' => $postdata['post_name'], + 'wp_password' => $postdata['post_password'], + 'wp_author_id' => $author->ID, + 'wp_author_display_name' => $author->display_name, + 'date_created_gmt' => new IXR_Date($post_date_gmt) + ); + + return $resp; } else { - $tagnames = ''; - } - - $post = get_extended($postdata['post_content']); - $link = post_permalink($postdata['ID']); - - // Get the author info. - $author = get_userdata($postdata['post_author']); - - $allow_comments = ('open' == $postdata['comment_status']) ? 1 : 0; - $allow_pings = ('open' == $postdata['ping_status']) ? 1 : 0; - - $resp = array( - 'dateCreated' => new IXR_Date($post_date), - 'userid' => $postdata['post_author'], - 'postid' => $postdata['ID'], - 'description' => $post['main'], - 'title' => $postdata['post_title'], - 'link' => $link, - 'permaLink' => $link, -// commented out because no other tool seems to use this -// 'content' => $entry['post_content'], - 'categories' => $categories, - 'mt_excerpt' => $postdata['post_excerpt'], - 'mt_text_more' => $post['extended'], - 'mt_allow_comments' => $allow_comments, - 'mt_allow_pings' => $allow_pings, - 'mt_keywords' => $tagnames, - 'wp_slug' => $postdata['post_name'], - 'wp_password' => $postdata['post_password'], - 'wp_author_id' => $author->ID, - 'wp_author_display_name' => $author->display_name, - 'date_created_gmt' => new IXR_Date($post_date_gmt) - ); - - return $resp; - } else { - return new IXR_Error(404, __('Sorry, no such post.')); - } + return new IXR_Error(404, __('Sorry, no such post.')); + } } @@ -1425,5 +1483,9 @@ } + set_current_user( 0, $user_login ); + foreach ($posts_list as $entry) { + if( !current_user_can( 'edit_post', $entry['ID'] ) ) + continue; $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); @@ -1505,4 +1567,10 @@ } + set_current_user( 0, $user_login ); + if( !current_user_can( 'edit_posts' ) ) + return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) ); + + do_action('xmlrpc_call', 'metaWeblog.getCategories'); + $categories_struct = array(); @@ -1624,5 +1692,9 @@ } + set_current_user( 0, $user_login ); + foreach ($posts_list as $entry) { + if( !current_user_can( 'edit_post', $entry['ID'] ) ) + continue; $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); @@ -1663,7 +1735,12 @@ } + set_current_user( 0, $user_login ); + if( !current_user_can( 'edit_posts' ) ) + return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) ); + + do_action('xmlrpc_call', 'mt.getCategoryList'); + $categories_struct = array(); - // FIXME: can we avoid using direct SQL there? if ( $cats = get_categories('hide_empty=0&hierarchical=0') ) { foreach ($cats as $cat) { @@ -1691,4 +1768,10 @@ return $this->error; } + + set_current_user( 0, $user_login ); + if( !current_user_can( 'edit_post', $post_ID ) ) + return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); + + do_action('xmlrpc_call', 'mt.getPostCategories'); $categories = array(); Index: wp-mail.php =================================================================== --- wp-mail.php (revision 6280) +++ wp-mail.php (revision 6527) @@ -13,5 +13,5 @@ if (!$pop3->connect(get_option('mailserver_url'), get_option('mailserver_port'))) - wp_die($pop3->ERROR); + wp_die(wp_specialchars($pop3->ERROR)); $count = $pop3->login(get_option('mailserver_login'), get_option('mailserver_pass')); @@ -130,7 +130,4 @@ $content[1] ? $content = $content[1] : $content = $content[0]; - echo "

Content-type: $content_type, Content-Transfer-Encoding: $content_transfer_encoding, boundary: $boundary

\n"; - echo "

Raw content:

".$content.'

'; - $content = trim($content); @@ -162,10 +159,9 @@ do_action('publish_phone', $post_ID); - echo "\n

Author: $post_author

"; - echo "\n

Posted title: $post_title
"; - echo "\nPosted content:

".$content.'

'; + echo "\n

Author: " . wp_specialchars($post_author) . "

"; + echo "\n

Posted title: " . wp_specialchars($post_title) . "
"; if(!$pop3->delete($i)) { - echo '

Oops '.$pop3->ERROR.'

'; + echo '

Oops '.wp_specialchars($pop3->ERROR).'

'; $pop3->reset(); exit; Index: wp-settings.php =================================================================== --- wp-settings.php (revision 6139) +++ wp-settings.php (revision 6448) @@ -122,4 +122,7 @@ else require_once (ABSPATH . WPINC . '/wp-db.php'); + +if ( !empty($wpdb->error) ) + dead_db(); // $table_prefix is deprecated as of 2.1 Index: wp-admin/includes/file.php =================================================================== --- wp-admin/includes/file.php (revision 6116) +++ wp-admin/includes/file.php (revision 6521) @@ -44,4 +44,7 @@ function validate_file( $file, $allowed_files = '' ) { + if ( false !== strpos( $file, '..' )) + return 1; + if ( false !== strpos( $file, './' )) return 1; Index: wp-admin/admin.php =================================================================== --- wp-admin/admin.php (revision 6113) +++ wp-admin/admin.php (revision 6442) @@ -1,3 +1,5 @@ error) ) + wp_die($wpdb->error->get_error_message()); + $handle = fopen('../wp-config.php', 'w'); Index: wp-admin/install.php =================================================================== --- wp-admin/install.php (revision 6140) +++ wp-admin/install.php (revision 6470) @@ -14,4 +14,5 @@ else $step = 0; +function display_header(){ header( 'Content-Type: text/html; charset=utf-8' ); ?> @@ -25,11 +26,15 @@

+ '.__('Already Installed').'

'.__('You appear to have already installed WordPress. To reinstall please clear your old database tables first.').'

'); +if ( is_blog_installed() ) {display_header(); die('

'.__('Already Installed').'

'.__('You appear to have already installed WordPress. To reinstall please clear your old database tables first.').'

');} switch($step) { case 0: case 1: // in case people are directly linking to this + display_header(); ?>

@@ -62,4 +67,8 @@ break; case 2: + if ( !empty($wpdb->error) ) + wp_die($wpdb->error->get_error_message()); + + display_header(); // Fill in the data we gathered $weblog_title = stripslashes($_POST['weblog_title']); @@ -75,6 +84,7 @@ } - $result = wp_install($weblog_title, 'admin', $admin_email, $public); - extract($result, EXTR_SKIP); + $wpdb->show_errors(); + $result = wp_install($weblog_title, 'admin', $admin_email, $public); + extract($result, EXTR_SKIP); ?>