WordPress.org

Make WordPress Core

Ticket #14273: maybe_create_table.diff

File maybe_create_table.diff, 968 bytes (added by dragoonis, 8 years ago)

Sanitisation of table name

  • install-helper.php

     
    6565 */
    6666function maybe_create_table($table_name, $create_ddl) {
    6767        global $wpdb;
    68         foreach ($wpdb->get_col("SHOW TABLES",0) as $table ) {
    69                 if ($table == $table_name) {
    70                         return true;
    71                 }
     68        $clean_table_name = $wpdb->escape($table_name);
     69        if(strtolower($wpdb->get_var("SHOW TABLES LIKE '$clean_table_name'")) == strtolower($table_name)) {
     70                return true;
    7271        }
    73         //didn't find it try to create it.
     72        // didn't find it try to create it.
    7473        $wpdb->query($create_ddl);
    7574        // we cannot directly tell that whether this succeeded!
    76         foreach ($wpdb->get_col("SHOW TABLES",0) as $table ) {
    77                 if ($table == $table_name) {
    78                         return true;
    79                 }
    80         }
    81         return false;
     75        return strtolower($wpdb->get_var("SHOW TABLES LIKE '$clean_table_name'")) == strtolower($table_name);
    8276}
    8377endif;
    8478