From a2a84539dc14ab50899022eff0feaaec1f19a1df Mon Sep 17 00:00:00 2001 From: Mac McDonald Date: Sat, 2 Apr 2016 15:20:39 -0400 Subject: [PATCH 1/4] A '404 Not Found' error was caused by the inclusion of '/wp-admin/install.php' in the URL created in the 'install_wp' and 'install_theme' functions. The incorrect URL was of the form: 'http://mysite/wp-quick-install//wp-admin/install.php?action=install_wp' The correct URL is: 'http://mysite/wp-quick-install?action=install_wp' --- wp-quick-install/assets/js/script.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/wp-quick-install/assets/js/script.js b/wp-quick-install/assets/js/script.js index c29e7d3..ab2c12e 100644 --- a/wp-quick-install/assets/js/script.js +++ b/wp-quick-install/assets/js/script.js @@ -214,7 +214,7 @@ $(document).ready(function() { $('#debug').removeAttr('checked'); } } - + if ( typeof data.wp_config.wpcom_api_key !='undefined' ) { $('#wpcom_api_key').val(data.wp_config.wpcom_api_key); } @@ -311,7 +311,7 @@ $(document).ready(function() { function install_wp() { $response.html("

Database Installation in Progress...

"); $('.progress-bar').animate({width: "49.5%"}); - $.post(window.location.href + '/wp-admin/install.php?action=install_wp', $('form').serialize(), function(data) { + $.post(window.location.href + '?action=install_wp', $('form').serialize(), function(data) { install_theme(); }); } @@ -320,7 +320,7 @@ $(document).ready(function() { function install_theme() { $response.html("

Theme Installation in Progress...

"); $('.progress-bar').animate({width: "66%"}); - $.post(window.location.href + '/wp-admin/install.php?action=install_theme', $('form').serialize(), function(data) { + $.post(window.location.href + '?action=install_theme', $('form').serialize(), function(data) { install_plugins(); }); } @@ -347,4 +347,4 @@ $(document).ready(function() { $.get( 'http://wp-quick-install.com/inc/incr-counter.php' ); } -}); \ No newline at end of file +}); From cd7ed66e64517812442e43855ed262f8c95083ca Mon Sep 17 00:00:00 2001 From: Mac McDonald Date: Sat, 2 Apr 2016 16:09:16 -0400 Subject: [PATCH 2/4] Fix hang during "Database Installation in Progress..." The application hung while "Database Installation in Progress..." was displayed in the progress panel. The database was not installed. A '404 Not Found' error was caused by the inclusion of '/wp-admin/install.php' in the URL created in the 'install_wp' and 'install_theme' functions. The incorrect URL was of the form: 'http://mysite/wp-quick-install//wp-admin/install.php?action=install_wp' The correct URL is: 'http://mysite/wp-quick-install?action=install_wp' --- wp-quick-install/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wp-quick-install/index.php b/wp-quick-install/index.php index 89a0a9f..a7a3480 100755 --- a/wp-quick-install/index.php +++ b/wp-quick-install/index.php @@ -285,7 +285,7 @@ // We update the options with the right siteurl et homeurl value $protocol = ! is_ssl() ? 'http' : 'https'; - $get = basename( dirname( __FILE__ ) ) . '/index.php/wp-admin/install.php?action=install_wp'; + $get = basename( dirname( __FILE__ ) ); $dir = str_replace( '../', '', $directory ); $link = $protocol . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; $url = str_replace( $get, $dir, $link ); From b9c4f717fca61e2157db5292072b739d064e01cc Mon Sep 17 00:00:00 2001 From: Mac McDonald Date: Sat, 2 Apr 2016 16:28:02 -0400 Subject: [PATCH 3/4] Incorrect values for wp-options 'siteurl' and 'home' The options 'siteurl' and 'home' had '?action=install_wp' added to them: http://mysite/wp-quick-install/?action=install_wp' --- wp-quick-install/index.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/wp-quick-install/index.php b/wp-quick-install/index.php index a7a3480..5924375 100755 --- a/wp-quick-install/index.php +++ b/wp-quick-install/index.php @@ -285,11 +285,11 @@ // We update the options with the right siteurl et homeurl value $protocol = ! is_ssl() ? 'http' : 'https'; - $get = basename( dirname( __FILE__ ) ); - $dir = str_replace( '../', '', $directory ); - $link = $protocol . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; - $url = str_replace( $get, $dir, $link ); - $url = trim( $url, '/' ); + $get = basename( dirname( __FILE__ ) ); + $dir = str_replace( '../', '', $directory ); + $link = $protocol . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; + $url = preg_replace( "#$get.*$#", $dir, $link ); + $url = trim( $url, '/' ); update_option( 'siteurl', $url ); update_option( 'home', $url ); From f19dcbcfea345c3c9d1b57d284ae8eb7fc868375 Mon Sep 17 00:00:00 2001 From: Mac McDonald Date: Tue, 5 Apr 2016 22:25:01 -0400 Subject: [PATCH 4/4] Correct some spellings and add random password suggestion. 'Information' was spelled 'Informations' in several places. Added random password and random WordPress database prefix suggestions to help harden installations. Added language argument to call to wp_install(). --- wp-quick-install/inc/functions.php | 84 +++++++++++++++++++++++++++++- wp-quick-install/index.php | 38 ++++++++------ 2 files changed, 105 insertions(+), 17 deletions(-) diff --git a/wp-quick-install/inc/functions.php b/wp-quick-install/inc/functions.php index 9a198d2..554d8db 100644 --- a/wp-quick-install/inc/functions.php +++ b/wp-quick-install/inc/functions.php @@ -8,4 +8,86 @@ function _( $str ) { function sanit( $str ) { return addcslashes( str_replace( array( ';', "\n" ), '', $str ), '\\' ); -} \ No newline at end of file +} + +function random_capletters( $number = 0, &$excludes ) { + // Capital letters except I, L, O, Q + $letters = array_merge( range('A', 'H'), range('J', 'N'), array('P'), range('R', 'Z') ); + if ( is_array( $excludes ) ) { + $letters = array_diff( $letters, $excludes ); + } + shuffle($letters); + if ( $number == 0 || $number > sizeof( $letters ) ) { + return $letters; + } else { + return array_slice( $letters, 0, $number ); + } + +} +function random_lcaseletters( $number = 0, &$excludes ) { + // Lowercase letters except I, L, O, Q + $letters = array_merge( range('a', 'h'), range('j', 'n'), array('p'), range('r', 'z') ); + if ( is_array( $excludes ) ) { + $letters = array_diff( $letters, $excludes ); + } + shuffle( $letters ); + if ( $number == 0 || $number > sizeof( $letters ) ) { + return $letters; + } else { + return array_slice( $letters, 0, $number ); + } +} +function random_digits( $number = 0, &$excludes ) { + // Omit 0 and 1 as too similar to O and L + $numbers = range( '2','9'); + if ( is_array( $excludes ) ) { + $numbers = array_diff( $numbers, $excludes ); + } + $numbers = array_diff( $numbers, $excludes ); + shuffle($numbers); + if ( $number == 0 || $number > sizeof( $numbers ) ) { + return $numbers; + } else { + return array_slice( $numbers, 0, $number ); + } +} +function random_specialchars( $number = 0, &$excludes ) { + $chars = array( '!', '@', '#', '%', '=', '-', '_', '?', '<', '>' ) ; + if ( is_array( $excludes ) ) { + $chars = array_diff( $chars, $excludes ); + } + shuffle( $chars ); + if ( $number == 0 || $number > sizeof( $chars ) ) { + return $chars; + } else { + return array_slice( $chars, 0, $number ); + } +} +function random_pw( $length = 8, array $excludes = array() ) { + // Min length is 8 + $length = $length < 8 ? 8 : $length; + + $getlength = rand( 2, intval( $length / 4 ) ); // Allow at least two of each type + $remainder = $length - $getlength; + $special = random_specialchars( $getlength, $excludes ); + + $getlength = rand( 2, intval( $remainder / 3 ) ); // Allow at least two of each type + $remainder = $remainder - $getlength; + $digits = random_digits( $getlength, $excludes ); + + $getlength = rand( 2, intval( $remainder / 2 ) ); // Allow at least two of each type + $remainder = $remainder - $getlength; + $caps = random_capletters( $getlength, $excludes ); + + $lower = random_lcaseletters( $remainder, $excludes ); + + $pw = array_merge( $caps, $lower, $digits, $special ); + shuffle( $pw ); + return implode( '', $pw ); +} +function random_table_prefix() { + $first2 = random_lcaseletters(2); + $last2 = random_digits(2); + $prefix = implode( '', $first2) . implode( '', $last2) . '_'; + return $prefix; +} diff --git a/wp-quick-install/index.php b/wp-quick-install/index.php index 5924375..19dda69 100755 --- a/wp-quick-install/index.php +++ b/wp-quick-install/index.php @@ -7,6 +7,7 @@ Version: 1.4.1 Licence: GPLv3 Last Update: 08 jan 15 + */ @set_time_limit( 0 ); @@ -280,8 +281,11 @@ /** Load wpdb */ require_once( $directory . 'wp-includes/wp-db.php' ); + // Get WordPress language + $language = substr( $_POST['language'], 0, 6 ); + // WordPress installation - wp_install( $_POST[ 'weblog_title' ], $_POST['user_login'], $_POST['admin_email'], (int) $_POST[ 'blog_public' ], '', $_POST['admin_password'] ); + wp_install( $_POST[ 'weblog_title' ], $_POST['user_login'], $_POST['admin_email'], (int) $_POST[ 'blog_public' ], '', $_POST['admin_password'], $language ); // We update the options with the right siteurl et homeurl value $protocol = ! is_ssl() ? 'http' : 'https'; @@ -482,9 +486,9 @@ foreach ( $plugins as $plugin ) { // We retrieve the plugin XML file to get the link to downlad it - $plugin_repo = file_get_contents( "http://api.wordpress.org/plugins/info/1.0/$plugin.json" ); + $plugin_repo = file_get_contents( "http://api.wordpress.org/plugins/info/1.0/$plugin.json" ); - if ( $plugin_repo && $plugin = json_decode( $plugin_repo ) ) { + if ( $plugin_repo && $plugin = json_decode( $plugin_repo ) ) { $plugin_path = WPQI_CACHE_PLUGINS_PATH . $plugin->slug . '-' . $plugin->version . '.zip'; @@ -492,15 +496,16 @@ // We download the lastest version if ( $download_link = file_get_contents( $plugin->download_link ) ) { file_put_contents( $plugin_path, $download_link ); - } } + } + } - // We unzip it - $zip = new ZipArchive; + // We unzip it + $zip = new ZipArchive; if ( $zip->open( $plugin_path ) === true ) { $zip->extractTo( $plugins_dir ); $zip->close(); } - } + } } } @@ -616,7 +621,7 @@

-

+

@@ -654,7 +659,7 @@
-

+

@@ -700,8 +705,9 @@

@@ -715,7 +721,7 @@
+ -

.

+

Suggested PW: " . htmlspecialchars( $pw ) . "
Be sure to copy the password to a safe place." );?>
-

+

@@ -737,7 +743,7 @@ -

+

@@ -746,7 +752,7 @@

wordpress-seo)');?>

@@ -765,7 +771,7 @@
- +

-

+

number of tags are available.'), 'http://codex.wordpress.org/Using_Permalinks'); ?>

@@ -781,7 +787,7 @@ -

+

@@ -826,7 +832,7 @@ -

+

wp-config.php');?>