Fix: Prevents invalid wp-config.php when passwords contain double quotes

rollybueno · rollybueno · commit 1c7186138b8d · 2025-10-15T09:47:19.000+08:00
diff --git a/features/config-create.feature b/features/config-create.feature
@@ -243,6 +243,22 @@ Feature: Create a wp-config file
       PasswordWith'SingleQuotes'
       """
 
+  Scenario: Passwords with special characters and double quotes
+    Given an empty directory
+    And WP files
+
+    When I run `wp config create --skip-check --dbname=somedb --dbuser=someuser --dbpass='p@(ss){w0r?d><}"!With"DoubleQuotes'`
+    Then the wp-config.php file should contain:
+      """
+      define( 'DB_PASSWORD', 'p@(ss){w0r?d><}"!With"DoubleQuotes' )
+      """
+
+    When I run `wp config get DB_PASSWORD`
+    Then STDOUT should be:
+      """
+      p@(ss){w0r?d><}"!With"DoubleQuotes
+      """
+
   @require-mysql @require-mysql-5.7
   Scenario: Configure with required SSL connection
     Given an empty directory
diff --git a/src/Config_Command.php b/src/Config_Command.php
@@ -1240,7 +1240,8 @@ private function escape_config_value( $key, $value ) {
 		}
 
 		if ( is_string( $value ) ) {
-			return addslashes( $value );
+			// For single-quoted strings, only escape single quotes; double quotes don't need escaping
+			return str_replace( "'", "\\'", $value );
 		}
 
 		return $value;

Original file line number	Diff line number	Diff line change
`@@ -1240,7 +1240,8 @@ private function escape_config_value( $key, $value ) {`
`1240`	`1240`	`}`
`1241`	`1241`
`1242`	`1242`	`if ( is_string( $value ) ) {`
`1243`		`- return addslashes( $value );`
	`1243`	`+ // For single-quoted strings, only escape single quotes; double quotes don't need escaping`
	`1244`	`+ return str_replace( "'", "\\'", $value );`
`1244`	`1245`	`}`
`1245`	`1246`
`1246`	`1247`	`return $value;`