WordPress.org

Make WordPress Core

Changeset 32374


Ignore:
Timestamp:
05/06/2015 06:04:50 AM (5 years ago)
Author:
pento
Message:

WPDB: When sanity checking query character sets, there's no need to check queries that don't return user data.

See #32104.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/wp-db.php

    r32368 r32374  
    25322532        // We don't need to check the collation for queries that don't read data.
    25332533        $query = ltrim( $query, "\r\n\t (" );
    2534         if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN)\s/i', $query ) ) {
     2534        if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN|CREATE)\s/i', $query ) ) {
    25352535            return true;
    25362536        }
     
    27422742     */
    27432743    protected function strip_invalid_text_from_query( $query ) {
     2744        // We don't need to check the collation for queries that don't read data.
     2745        $trimmed_query = ltrim( $query, "\r\n\t (" );
     2746        if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN|CREATE)\s/i', $trimmed_query ) ) {
     2747            return $query;
     2748        }
     2749
    27442750        $table = $this->get_table_from_query( $query );
    27452751        if ( $table ) {
  • trunk/tests/phpunit/tests/db/charset.php

    r32364 r32374  
    644644
    645645    /**
     646     * @ticket 32104
     647     */
     648    function data_dont_strip_text_from_schema_queries() {
     649        // An obviously invalid and fake table name.
     650        $table_name = "\xff\xff\xff\xff";
     651
     652        $queries = array(
     653            "SHOW CREATE TABLE $table_name",
     654            "DESCRIBE $table_name",
     655            "DESC $table_name",
     656            "EXPLAIN SELECT * FROM $table_name",
     657            "CREATE $table_name( a VARCHAR(100))",
     658        );
     659
     660        foreach ( $queries as &$query ) {
     661            $query = array( $query );
     662        }
     663        unset( $query );
     664
     665        return $queries;
     666    }
     667
     668    /**
     669     * @dataProvider data_dont_strip_text_from_schema_queries
     670     * @ticket 32104
     671     */
     672    function test_dont_strip_text_from_schema_queries( $query ) {
     673        $return = self::$_wpdb->strip_invalid_text_from_query( $query );
     674        $this->assertEquals( $query, $return );
     675    }
     676
     677    /**
    646678     * @ticket 21212
    647679     */
Note: See TracChangeset for help on using the changeset viewer.