Changeset 32402
- Timestamp:
- 05/06/2015 08:01:59 PM (8 years ago)
- Location:
- branches/4.1
- Files:
-
- 2 edited
-
src/wp-includes/wp-db.php (modified) (2 diffs)
-
tests/phpunit/tests/db/charset.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
branches/4.1/src/wp-includes/wp-db.php
r32396 r32402 2503 2503 // We don't need to check the collation for queries that don't read data. 2504 2504 $query = ltrim( $query, "\r\n\t (" ); 2505 if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN )\s/i', $query ) ) {2505 if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN|CREATE)\s/i', $query ) ) { 2506 2506 return true; 2507 2507 } … … 2714 2714 */ 2715 2715 protected function strip_invalid_text_from_query( $query ) { 2716 // We don't need to check the collation for queries that don't read data. 2717 $trimmed_query = ltrim( $query, "\r\n\t (" ); 2718 if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN|CREATE)\s/i', $trimmed_query ) ) { 2719 return $query; 2720 } 2721 2716 2722 $table = $this->get_table_from_query( $query ); 2717 2723 if ( $table ) { -
branches/4.1/tests/phpunit/tests/db/charset.php
r32387 r32402 640 640 641 641 /** 642 * @ticket 32104 643 */ 644 function data_dont_strip_text_from_schema_queries() { 645 // An obviously invalid and fake table name. 646 $table_name = "\xff\xff\xff\xff"; 647 648 $queries = array( 649 "SHOW CREATE TABLE $table_name", 650 "DESCRIBE $table_name", 651 "DESC $table_name", 652 "EXPLAIN SELECT * FROM $table_name", 653 "CREATE $table_name( a VARCHAR(100))", 654 ); 655 656 foreach ( $queries as &$query ) { 657 $query = array( $query ); 658 } 659 unset( $query ); 660 661 return $queries; 662 } 663 664 /** 665 * @dataProvider data_dont_strip_text_from_schema_queries 666 * @ticket 32104 667 */ 668 function test_dont_strip_text_from_schema_queries( $query ) { 669 $return = self::$_wpdb->strip_invalid_text_from_query( $query ); 670 $this->assertEquals( $query, $return ); 671 } 672 673 /** 642 674 * @ticket 21212 643 675 */
Note: See TracChangeset
for help on using the changeset viewer.