diff --git src/wp-includes/wp-db.php src/wp-includes/wp-db.php
index 2f6d4f4..ca8cf25 100644
|
|
class wpdb { |
2629 | 2629 | |
2630 | 2630 | if ( is_array( $value['length'] ) ) { |
2631 | 2631 | $length = $value['length']['length']; |
| 2632 | $truncate_by_byte_length = 'byte' === $value['length']['type']; |
2632 | 2633 | } else { |
2633 | 2634 | $length = false; |
| 2635 | // Since we have no length, we'll never truncate. |
| 2636 | // Initialize the variable to false. true would take us |
| 2637 | // through an unnecessary (for this case) codepath below. |
| 2638 | $truncate_by_byte_length = false; |
2634 | 2639 | } |
2635 | 2640 | |
2636 | 2641 | // There's no charset to work with. |
… |
… |
class wpdb { |
2643 | 2648 | continue; |
2644 | 2649 | } |
2645 | 2650 | |
2646 | | $truncate_by_byte_length = 'byte' === $value['length']['type']; |
2647 | | |
2648 | 2651 | $needs_validation = true; |
2649 | 2652 | if ( |
2650 | 2653 | // latin1 can store any byte sequence |
… |
… |
class wpdb { |
2714 | 2717 | $queries[ $value['charset'] ] = array(); |
2715 | 2718 | } |
2716 | 2719 | |
2717 | | // We're going to need to truncate by characters or bytes, depending on the length value we have. |
2718 | | if ( 'byte' === $value['length']['type'] ) { |
2719 | | // Split the CONVERT() calls by charset, so we can make sure the connection is right |
2720 | | $queries[ $value['charset'] ][ $col ] = $this->prepare( "CONVERT( LEFT( CONVERT( %s USING binary ), %d ) USING {$value['charset']} )", $value['value'], $value['length']['length'] ); |
| 2720 | if ( is_array( $value['length'] ) ) { |
| 2721 | // We're going to need to truncate by characters or bytes, depending on the length value we have. |
| 2722 | if ( 'byte' === $value['length']['type'] ) { |
| 2723 | // Split the CONVERT() calls by charset, so we can make sure the connection is right |
| 2724 | $queries[ $value['charset'] ][ $col ] = $this->prepare( "CONVERT( LEFT( CONVERT( %s USING binary ), %d ) USING {$value['charset']} )", $value['value'], $value['length']['length'] ); |
| 2725 | } else { |
| 2726 | $queries[ $value['charset'] ][ $col ] = $this->prepare( "LEFT( CONVERT( %s USING {$value['charset']} ), %d )", $value['value'], $value['length']['length'] ); |
| 2727 | } |
2721 | 2728 | } else { |
2722 | | $queries[ $value['charset'] ][ $col ] = $this->prepare( "LEFT( CONVERT( %s USING {$value['charset']} ), %d )", $value['value'], $value['length']['length'] ); |
| 2729 | $queries[ $value['charset'] ][ $col ] = $this->prepare( "CONVERT( %s USING {$value['charset']} )", $value['value'] ); |
2723 | 2730 | } |
2724 | 2731 | |
2725 | 2732 | unset( $data[ $col ]['db'] ); |
diff --git tests/phpunit/tests/db/charset.php tests/phpunit/tests/db/charset.php
index 0478766..faca3f5 100755
|
|
class Tests_DB_Charset extends WP_UnitTestCase { |
214 | 214 | 'expected' => "\xd8ord\xd0ress", |
215 | 215 | 'length' => array( 'type' => 'char', 'length' => 100 ), |
216 | 216 | ), |
| 217 | 'cp1251_no_length' => array( |
| 218 | 'charset' => 'cp1251', |
| 219 | 'value' => "\xd8ord\xd0ress", |
| 220 | 'expected' => "\xd8ord\xd0ress", |
| 221 | 'length' => false, |
| 222 | ), |
| 223 | 'cp1251_no_length_ascii' => array( |
| 224 | 'charset' => 'cp1251', |
| 225 | 'value' => "WordPress", |
| 226 | 'expected' => "WordPress", |
| 227 | 'length' => false, |
| 228 | // Don't set 'ascii' => false. That's a different codepath than having only ASCII in the value. |
| 229 | ), |
217 | 230 | 'cp1251_char_length' => array( |
218 | 231 | 'charset' => 'cp1251', |
219 | 232 | 'value' => str_repeat( "\xd8\xd0", 10 ), |
… |
… |
class Tests_DB_Charset extends WP_UnitTestCase { |
774 | 787 | $stripped = $wpdb->strip_invalid_text_for_column( $wpdb->comments, 'comment_agent', str_repeat( 'A', 256 ) ); |
775 | 788 | $this->assertEquals( 255, strlen( $stripped ) ); |
776 | 789 | } |
| 790 | |
| 791 | /** |
| 792 | * @ticket 32279 |
| 793 | */ |
| 794 | function test_strip_invalid_text_from_query_cp1251_is_safe() { |
| 795 | $tablename = 'test_cp1251_query_' . rand_str( 5 ); |
| 796 | if ( ! self::$_wpdb->query( "CREATE TABLE $tablename ( a VARCHAR(50) ) DEFAULT CHARSET 'cp1251'" ) ) { |
| 797 | $this->markTestSkipped( "Test requires the 'cp1251' charset" ); |
| 798 | } |
| 799 | |
| 800 | $safe_query = "INSERT INTO $tablename( `a` ) VALUES( 'safe data' )"; |
| 801 | $stripped_query = self::$_wpdb->strip_invalid_text_from_query( $safe_query ); |
| 802 | |
| 803 | self::$_wpdb->query( "DROP TABLE $tablename" ); |
| 804 | |
| 805 | $this->assertEquals( $safe_query, $stripped_query ); |
| 806 | } |
777 | 807 | } |