Ticket #32279: 32279.diff
| File 32279.diff, 3.7 KB (added by , 10 years ago) |
|---|
-
src/wp-includes/wp-db.php
class wpdb { 2693 2693 } 2694 2694 2695 2695 // We couldn't use any local conversions, send it to the DB. 2696 2696 $value['db'] = $db_check_string = true; 2697 2697 } 2698 2698 unset( $value ); // Remove by reference. 2699 2699 2700 2700 if ( $db_check_string ) { 2701 2701 $queries = array(); 2702 2702 foreach ( $data as $col => $value ) { 2703 2703 if ( ! empty( $value['db'] ) ) { 2704 2704 if ( ! isset( $queries[ $value['charset'] ] ) ) { 2705 2705 $queries[ $value['charset'] ] = array(); 2706 2706 } 2707 2707 2708 // We're going to need to truncate by characters or bytes, depending on the length value we have. 2709 if ( 'byte' === $value['length']['type'] ) { 2710 // Split the CONVERT() calls by charset, so we can make sure the connection is right 2711 $queries[ $value['charset'] ][ $col ] = $this->prepare( "CONVERT( LEFT( CONVERT( %s USING binary ), %d ) USING {$value['charset']} )", $value['value'], $value['length']['length'] ); 2708 if ( is_array( $value['length'] ) ) { 2709 // We're going to need to truncate by characters or bytes, depending on the length value we have. 2710 if ( 'byte' === $value['length']['type'] ) { 2711 // Split the CONVERT() calls by charset, so we can make sure the connection is right 2712 $queries[ $value['charset'] ][ $col ] = $this->prepare( "CONVERT( LEFT( CONVERT( %s USING binary ), %d ) USING {$value['charset']} )", $value['value'], $value['length']['length'] ); 2713 } else { 2714 $queries[ $value['charset'] ][ $col ] = $this->prepare( "LEFT( CONVERT( %s USING {$value['charset']} ), %d )", $value['value'], $value['length']['length'] ); 2715 } 2712 2716 } else { 2713 $queries[ $value['charset'] ][ $col ] = $this->prepare( " LEFT( CONVERT( %s USING {$value['charset']} ), %d )", $value['value'], $value['length']['length'] );2717 $queries[ $value['charset'] ][ $col ] = $this->prepare( "CONVERT( %s USING {$value['charset']} )", $value['value'] ); 2714 2718 } 2715 2719 2716 2720 unset( $data[ $col ]['db'] ); 2717 2721 } 2718 2722 } 2719 2723 2720 2724 $connection_charset = $this->charset; 2721 2725 foreach ( $queries as $charset => $query ) { 2722 2726 if ( ! $query ) { 2723 2727 continue; 2724 2728 } 2725 2729 2726 2730 // Change the charset to match the string(s) we're converting 2727 2731 if ( $charset !== $connection_charset ) { 2728 2732 $connection_charset = $charset; -
tests/phpunit/tests/db/charset.php
class Tests_DB_Charset extends WP_UnitTe 762 762 763 763 self::$_wpdb->query( $drop ); 764 764 } 765 765 766 766 function test_strip_invalid_text_for_column_bails_if_ascii_input_too_long() { 767 767 global $wpdb; 768 768 769 769 // TEXT column 770 770 $stripped = $wpdb->strip_invalid_text_for_column( $wpdb->comments, 'comment_content', str_repeat( 'A', 65536 ) ); 771 771 $this->assertEquals( 65535, strlen( $stripped ) ); 772 772 773 773 // VARCHAR column 774 774 $stripped = $wpdb->strip_invalid_text_for_column( $wpdb->comments, 'comment_agent', str_repeat( 'A', 256 ) ); 775 775 $this->assertEquals( 255, strlen( $stripped ) ); 776 776 } 777 778 /** 779 * @ticket 32279 780 */ 781 function test_strip_invalid_text_from_query_cp1251_is_safe() { 782 $tablename = 'test_cp1251_query_' . rand_str( 5 ); 783 if ( ! self::$_wpdb->query( "CREATE TABLE $tablename ( a VARCHAR(50) ) DEFAULT CHARSET 'cp1251'" ) ) { 784 $this->markTestSkipped( "Test requires the 'cp1251' charset" ); 785 } 786 787 $safe_query = "INSERT INTO $tablename( `a` ) VALUES( 'safe data' )"; 788 $stripped_query = self::$_wpdb->strip_invalid_text_from_query( $safe_query ); 789 790 self::$_wpdb->query( "DROP TABLE $tablename" ); 791 792 $this->assertEquals( $safe_query, $stripped_query ); 793 } 794 777 795 }