Merge pull request #203 from rollybueno/fix/issue/180

Fix: Prevents invalid wp-config.php when passwords contain double quotes

Author: mrsdizzie

features/config-create.feature

@@ -243,6 +243,38 @@ Feature: Create a wp-config file
       PasswordWith'SingleQuotes'
       """
 
+  Scenario: Passwords with special characters and double quotes
+    Given an empty directory
+    And WP files
+
+    When I run `wp config create --skip-check --dbname=somedb --dbuser=someuser --dbpass='p@(ss){w0r?d><}"!With"DoubleQuotes'`
+    Then the wp-config.php file should contain:
+      """
+      define( 'DB_PASSWORD', 'p@(ss){w0r?d><}"!With"DoubleQuotes' )
+      """
+
+    When I run `wp config get DB_PASSWORD`
+    Then STDOUT should be:
+      """
+      p@(ss){w0r?d><}"!With"DoubleQuotes
+      """
+
+  Scenario: Passwords with backslash should properly escaped
+    Given an empty directory
+    And WP files
+  
+    When I run `wp config create --skip-check --dbname=somedb --dbuser=someuser --dbpass='my\\password'`
+    Then the wp-config.php file should contain:
+      """
+      define( 'DB_PASSWORD', 'my\\\\password' )
+      """
+    
+    When I run `wp config get DB_PASSWORD`
+    Then STDOUT should be:
+      """
+      my\\password
+      """
+
   @require-mysql @require-mysql-5.7
   Scenario: Configure with required SSL connection
     Given an empty directory

src/Config_Command.php

@@ -1240,7 +1240,9 @@ private function escape_config_value( $key, $value ) {
 		}
 
 		if ( is_string( $value ) ) {
-			return addslashes( $value );
+			$value = str_replace( '\\', '\\\\', $value );  // Escape backslashes first
+			$value = str_replace( "'", "\\'", $value );    // Then escape single quotes
+			return $value;
 		}
 
 		return $value;