WordPress.org

Make WordPress Core

Changeset 32402


Ignore:
Timestamp:
05/06/2015 08:01:59 PM (4 years ago)
Author:
ocean90
Message:

WPDB: When sanity checking query character sets, there's no need to check queries that don't return user data.

Merges [32374] to the 4.1 branch.

props pento.
see #32104.

Location:
branches/4.1
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.1/src/wp-includes/wp-db.php

    r32396 r32402  
    25032503        // We don't need to check the collation for queries that don't read data.
    25042504        $query = ltrim( $query, "\r\n\t (" );
    2505         if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN)\s/i', $query ) ) {
     2505        if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN|CREATE)\s/i', $query ) ) {
    25062506            return true;
    25072507        }
     
    27142714     */
    27152715    protected function strip_invalid_text_from_query( $query ) {
     2716        // We don't need to check the collation for queries that don't read data.
     2717        $trimmed_query = ltrim( $query, "\r\n\t (" );
     2718        if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN|CREATE)\s/i', $trimmed_query ) ) {
     2719            return $query;
     2720        }
     2721
    27162722        $table = $this->get_table_from_query( $query );
    27172723        if ( $table ) {
  • branches/4.1/tests/phpunit/tests/db/charset.php

    r32387 r32402  
    640640
    641641    /**
     642     * @ticket 32104
     643     */
     644    function data_dont_strip_text_from_schema_queries() {
     645        // An obviously invalid and fake table name.
     646        $table_name = "\xff\xff\xff\xff";
     647
     648        $queries = array(
     649            "SHOW CREATE TABLE $table_name",
     650            "DESCRIBE $table_name",
     651            "DESC $table_name",
     652            "EXPLAIN SELECT * FROM $table_name",
     653            "CREATE $table_name( a VARCHAR(100))",
     654        );
     655
     656        foreach ( $queries as &$query ) {
     657            $query = array( $query );
     658        }
     659        unset( $query );
     660
     661        return $queries;
     662    }
     663
     664    /**
     665     * @dataProvider data_dont_strip_text_from_schema_queries
     666     * @ticket 32104
     667     */
     668    function test_dont_strip_text_from_schema_queries( $query ) {
     669        $return = self::$_wpdb->strip_invalid_text_from_query( $query );
     670        $this->assertEquals( $query, $return );
     671    }
     672
     673    /**
    642674     * @ticket 21212
    643675     */
Note: See TracChangeset for help on using the changeset viewer.