WordPress.org

Make WordPress Core

Ticket #14273: maybe_create_table.diff

File maybe_create_table.diff, 968 bytes (added by dragoonis, 4 years ago)

Sanitisation of table name

  • install-helper.php

     
    6565 */ 
    6666function maybe_create_table($table_name, $create_ddl) { 
    6767        global $wpdb; 
    68         foreach ($wpdb->get_col("SHOW TABLES",0) as $table ) { 
    69                 if ($table == $table_name) { 
    70                         return true; 
    71                 } 
     68        $clean_table_name = $wpdb->escape($table_name); 
     69        if(strtolower($wpdb->get_var("SHOW TABLES LIKE '$clean_table_name'")) == strtolower($table_name)) { 
     70                return true; 
    7271        } 
    73         //didn't find it try to create it. 
     72        // didn't find it try to create it. 
    7473        $wpdb->query($create_ddl); 
    7574        // we cannot directly tell that whether this succeeded! 
    76         foreach ($wpdb->get_col("SHOW TABLES",0) as $table ) { 
    77                 if ($table == $table_name) { 
    78                         return true; 
    79                 } 
    80         } 
    81         return false; 
     75        return strtolower($wpdb->get_var("SHOW TABLES LIKE '$clean_table_name'")) == strtolower($table_name); 
    8276} 
    8377endif; 
    8478