Changeset 32388 for branches/4.0/src/wp-includes/wp-db.php

Timestamp:

05/06/2015 07:08:42 PM (10 years ago)

Author:

mdawaffe

Message:

WPDB: When checking that a string can be sent to MySQL, we shouldn't use mb_convert_encoding(), as it behaves differently to MySQL's character encoding conversion.

Merge of [32364] to the 4.0 branch.

Props mdawaffe, pento, nbachiyski, jorbin, johnjamesjacoby, jeremyfelt.

See #32165.

File:

• branches/4.0/src/wp-includes/wp-db.php (modified) (19 diffs)

branches/4.0/src/wp-includes/wp-db.php

@@ -1788 +1788 @@
      */
     function _insert_replace_helper( $table, $data, $format = null, $type = 'INSERT' ) {
+        $this->insert_id = 0;
+
         if ( ! in_array( strtoupper( $type ), array( 'REPLACE', 'INSERT' ) ) ) {
             return false;
@@ -1808 +1810 @@
         $sql = "$type INTO `$table` ($fields) VALUES ($formats)";
 
-        $this->insert_id = 0;
         $this->check_current_query = false;
         return $this->query( $this->prepare( $sql, $values ) );
@@ -2004 +2005 @@
                 // This checks %d/%f versus ! %s because it's sprintf() could take more.
                 $value['charset'] = false;
-            } elseif ( $this->check_ascii( $value['value'] ) ) {
-                // If it's ASCII, then we don't need the charset. We can skip this field.
-                $value['charset'] = false;
             } else {
                 $value['charset'] = $this->get_col_charset( $table, $field );
@@ -2012 +2010 @@
                     return false;
                 }
-
-                // This isn't ASCII. Don't have strip_invalid_text() re-check.
-                $value['ascii'] = false;
             }
 
@@ -2045 +2040 @@
                     return false;
                 }
-            }
-
-            if ( false !== $value['length'] && strlen( $value['value'] ) > $value['length'] ) {
-                return false;
             }
 
@@ -2380 +2371 @@
     /**
      * Retrieve the maximum string length allowed in a given column.
+     * The length may either be specified as a byte length or a character length.
      *
      * @since 4.2.1
@@ -2386 +2378 @@
      * @param string $table  Table name.
      * @param string $column Column name.
-     * @return mixed Max column length as an int. False if the column has no
-     *               length. WP_Error object if there was an error.
+     * @return mixed array( 'length' => (int), 'type' => 'byte' | 'char' )
+     *               false if the column has no length (for example, numeric column)
+     *               WP_Error object if there was an error.
      */
     public function get_col_length( $table, $column ) {
@@ -2420 +2413 @@
 
         switch( $type ) {
+            case 'char':
+            case 'varchar':
+                return array(
+                    'type'   => 'char',
+                    'length' => (int) $length,
+                );
+                break;
             case 'binary':
-            case 'char':
             case 'varbinary':
-            case 'varchar':
-                return $length;
+                return array(
+                    'type'   => 'byte',
+                    'length' => (int) $length,
+                );
                 break;
             case 'tinyblob':
             case 'tinytext':
-                return 255; // 2^8 - 1
+                return array(
+                    'type'   => 'byte',
+                    'length' => 255,        // 2^8 - 1
+                );
                 break;
             case 'blob':
             case 'text':
-                return 65535; // 2^16 - 1
+                return array(
+                    'type'   => 'byte',
+                    'length' => 65535,      // 2^16 - 1
+                );
                 break;
             case 'mediumblob':
             case 'mediumtext':
-                return 16777215; // 2^24 - 1
+                return array(
+                    'type'   => 'byte',
+                    'length' => 16777215,   // 2^24 - 1
+                );
                 break;
             case 'longblob':
             case 'longtext':
-                return 4294967295; // 2^32 - 1
+                return array(
+                    'type'   => 'byte',
+                    'length' => 4294967295, // 2^32 - 1
+                );
                 break;
             default:
@@ -2547 +2560 @@
         // If any of the columns don't have one of these collations, it needs more sanity checking.
     protected function strip_invalid_text( $data ) {
-        // Some multibyte character sets that we can check in PHP.
-        $mb_charsets = array(
-            'ascii'   => 'ASCII',
-            'big5'    => 'BIG-5',
-            'eucjpms' => 'eucJP-win',
-            'gb2312'  => 'EUC-CN',
-            'ujis'    => 'EUC-JP',
-            'utf32'   => 'UTF-32',
-        );
-
-        $supported_charsets = array();
-        if ( function_exists( 'mb_list_encodings' ) ) {
-            $supported_charsets = mb_list_encodings();
-        }
-
         $db_check_string = false;
 
@@ -2567 +2565 @@
             $charset = $value['charset'];
 
-            // Column isn't a string, or is latin1, which will will happily store anything.
-            if ( false === $charset || 'latin1' === $charset ) {
+            if ( is_array( $value['length'] ) ) {
+                $length = $value['length']['length'];
+            } else {
+                $length = false;
+            }
+
+            // There's no charset to work with.
+            if ( false === $charset ) {
                 continue;
             }
 
+            // Column isn't a string.
             if ( ! is_string( $value['value'] ) ) {
                 continue;
             }
 
-            // ASCII is always OK.
-            if ( ! isset( $value['ascii'] ) && $this->check_ascii( $value['value'] ) ) {
-                continue;
-            }
-
-            // Convert the text locally.
-            if ( $supported_charsets ) {
-                if ( isset( $mb_charsets[ $charset ] ) && in_array( $mb_charsets[ $charset ], $supported_charsets ) ) {
-                    $value['value'] = mb_convert_encoding( $value['value'], $mb_charsets[ $charset ], $mb_charsets[ $charset ] );
+            $truncate_by_byte_length = 'byte' === $value['length']['type'];
+
+            $needs_validation = true;
+            if (
+                // latin1 can store any byte sequence
+                'latin1' === $charset
+            ||
+                // ASCII is always OK.
+                ( ! isset( $value['ascii'] ) && $this->check_ascii( $value['value'] ) )
+            ) {
+                $truncate_by_byte_length = true;
+                $needs_validation = false;
+            }
+
+            if ( $truncate_by_byte_length ) {
+                mbstring_binary_safe_encoding();
+                if ( false !== $length && strlen( $value['value'] ) > $length ) {
+                    $value['value'] = substr( $value['value'], 0, $length );
+                }
+                reset_mbstring_encoding();
+
+                if ( ! $needs_validation ) {
                     continue;
                 }
@@ -2590 +2608 @@
 
             // utf8 can be handled by regex, which is a bunch faster than a DB lookup.
-            if ( 'utf8' === $charset || 'utf8mb3' === $charset || 'utf8mb4' === $charset ) {
+            if ( ( 'utf8' === $charset || 'utf8mb3' === $charset || 'utf8mb4' === $charset ) && function_exists( 'mb_strlen' ) ) {
                 $regex = '/
                     (
@@ -2600 +2618 @@
                         |   [\xEE-\xEF][\x80-\xBF]{2}';
 
-                if ( 'utf8mb4' === $charset) {
+                if ( 'utf8mb4' === $charset ) {
                     $regex .= '
                         |    \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
@@ -2613 +2631 @@
                     /x';
                 $value['value'] = preg_replace( $regex, '$1', $value['value'] );
+
+
+                if ( false !== $length && mb_strlen( $value['value'], 'UTF-8' ) > $length ) {
+                    $value['value'] = mb_substr( $value['value'], 0, $length, 'UTF-8' );
+                }
                 continue;
             }
@@ -2629 +2652 @@
                     }
 
-                    // Split the CONVERT() calls by charset, so we can make sure the connection is right
-                    $queries[ $value['charset'] ][ $col ] = $this->prepare( "CONVERT( %s USING {$value['charset']} )", $value['value'] );
+                    // We're going to need to truncate by characters or bytes, depending on the length value we have.
+                    if ( 'byte' === $value['length']['type'] ) {
+                        // Split the CONVERT() calls by charset, so we can make sure the connection is right
+                        $queries[ $value['charset'] ][ $col ] = $this->prepare( "CONVERT( LEFT( CONVERT( %s USING binary ), %d ) USING {$value['charset']} )", $value['value'], $value['length']['length'] );
+                    } else {
+                        $queries[ $value['charset'] ][ $col ] = $this->prepare( "LEFT( CONVERT( %s USING {$value['charset']} ), %d )", $value['value'], $value['length']['length'] );
+                    }
+
                     unset( $data[ $col ]['db'] );
                 }
@@ -2649 +2678 @@
                 $this->check_current_query = false;
 
-                $row = $this->get_row( "SELECT " . implode( ', ', $query ), ARRAY_N );
+                $sql = array();
+                foreach ( $query as $column => $column_query ) {
+                    $sql[] = $column_query . " AS x_$column";
+                }
+
+                $row = $this->get_row( "SELECT " . implode( ', ', $sql ), ARRAY_A );
                 if ( ! $row ) {
                     $this->set_charset( $this->dbh, $connection_charset );
@@ -2655 +2689 @@
                 }
 
-                $cols = array_keys( $query );
-                $col_count = count( $cols );
-                for ( $ii = 0; $ii < $col_count; $ii++ ) {
-                    $data[ $cols[ $ii ] ]['value'] = $row[ $ii ];
+                foreach ( array_keys( $query ) as $column ) {
+                    $data[ $column ]['value'] = $row["x_$column"];
                 }
             }
@@ -2700 +2732 @@
             'charset' => $charset,
             'ascii'   => false,
+            'length'  => false,
         );
 
@@ -2722 +2755 @@
      */
     public function strip_invalid_text_for_column( $table, $column, $value ) {
-        if ( ! is_string( $value ) || $this->check_ascii( $value ) ) {
+        if ( ! is_string( $value ) ) {
             return $value;
         }
@@ -2739 +2772 @@
                 'value'   => $value,
                 'charset' => $charset,
-                'ascii'   => false,
+                'length'  => $this->get_col_length( $table, $column ),
             )
         );