| 398 | |
| 399 | /** |
| 400 | * @ticket 42040 |
| 401 | * @expectedIncorrectUsage wpdb::prepare |
| 402 | */ |
| 403 | public function test_prepare_invalid_args_count() |
| 404 | { |
| 405 | global $wpdb; |
| 406 | |
| 407 | /* |
| 408 | * cases with more number of argument than the patterns found |
| 409 | */ |
| 410 | $prepared = @$wpdb->prepare("SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s", 1, "admin", "extra-arg"); |
| 411 | $this->assertEquals("SELECT * FROM $wpdb->users WHERE id = 1 AND user_login = 'admin'", $prepared); |
| 412 | |
| 413 | $prepared = @$wpdb->prepare("SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s", array( 1,"admin", "extra-arg")); |
| 414 | $this->assertEquals("SELECT * FROM $wpdb->users WHERE id = 1 AND user_login = 'admin'", $prepared); |
| 415 | |
| 416 | |
| 417 | //case with double IncorrectUsage |
| 418 | $prepared = @$wpdb->prepare("SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s", array( 1 ), "admin", "extra-arg"); |
| 419 | $this->assertEquals("SELECT * FROM $wpdb->users WHERE id = 0 AND user_login = 'admin'", $prepared); |
| 420 | |
| 421 | //random case to check if it ignores %% |
| 422 | $prepared = @$wpdb->prepare("SELECT * FROM $wpdb->users WHERE id = %d AND %% AND user_login = %s", 1, "admin", "extra-arg"); |
| 423 | $this->assertEquals("SELECT * FROM $wpdb->users WHERE id = 1 AND % AND user_login = 'admin'", $prepared); |
| 424 | |
| 425 | //case with multiple patterns clubbed together and also Testing %F pattern detection |
| 426 | // Note: Floats getting converted to 6 decimal place after - which is not 42040 patch is about |
| 427 | $prepared = @$wpdb->prepare("SELECT * FROM $wpdb->users WHERE id = %%%d AND %F AND %f AND user_login = %s", 1, 2.3, "4.5", "admin", "extra-arg"); |
| 428 | $this->assertEquals("SELECT * FROM wptests_users WHERE id = %1 AND 2.300000 AND 4.500000 AND user_login = 'admin'", $prepared); |
| 429 | |
| 430 | |
| 431 | |
| 432 | /* |
| 433 | * cases with less number of argument than the patterns found |
| 434 | */ |
| 435 | $prepared = @$wpdb->prepare("SELECT * FROM $wpdb->users WHERE id = %d and user_nicename = %s and user_status =%d and user_login = %s", 1, "admin", 0); |
| 436 | $this->assertEquals("", $prepared); |
| 437 | |
| 438 | $prepared = @$wpdb->prepare("SELECT * FROM $wpdb->users WHERE id = %d and user_nicename = %s and user_status =%d and user_login = %s", array( 1,"admin", 0 )); |
| 439 | $this->assertEquals("", $prepared); |
| 440 | |
| 441 | //case with double notices |
| 442 | $prepared = @$wpdb->prepare("SELECT * FROM $wpdb->users WHERE id = %d and user_nicename = %s and user_status =%d and user_login = %s", array( 1 ), "admin", 0); |
| 443 | $this->assertEquals("", $prepared); |
| 444 | |
| 445 | $prepared = @$wpdb->prepare("SELECT * FROM $wpdb->users WHERE id = %d and %% and user_login = %s and user_status =%d and user_login = %s", 1, "admin", "extra-arg"); |
| 446 | $this->assertEquals("", $prepared); |
| 447 | |
| 448 | // $prepared = @$wpdb->prepare("SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s", 1, "admin"); |
| 449 | // $this->assertEquals("SELECT * FROM $wpdb->users WHERE id = 1 AND user_login = 'admin'", $prepared); |
| 450 | } |
| 451 | |
| 452 | |