Make WordPress Core

Changeset 32403


Ignore:
Timestamp:
05/06/2015 08:03:22 PM (10 years ago)
Author:
ocean90
Message:

WPDB: When sanity checking query character sets, there's no need to check queries that don't return user data.

Merges [32374] to the 4.0 branch.

props pento.
see #32104.

Location:
branches/4.0
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.0/src/wp-includes/wp-db.php

    r32397 r32403  
    25022502        // We don't need to check the collation for queries that don't read data.
    25032503        $query = ltrim( $query, "\r\n\t (" );
    2504         if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN)\s/i', $query ) ) {
     2504        if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN|CREATE)\s/i', $query ) ) {
    25052505            return true;
    25062506        }
     
    27132713     */
    27142714    protected function strip_invalid_text_from_query( $query ) {
     2715        // We don't need to check the collation for queries that don't read data.
     2716        $trimmed_query = ltrim( $query, "\r\n\t (" );
     2717        if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN|CREATE)\s/i', $trimmed_query ) ) {
     2718            return $query;
     2719        }
     2720
    27152721        $table = $this->get_table_from_query( $query );
    27162722        if ( $table ) {
  • branches/4.0/tests/phpunit/tests/db/charset.php

    r32388 r32403  
    640640
    641641    /**
     642     * @ticket 32104
     643     */
     644    function data_dont_strip_text_from_schema_queries() {
     645        // An obviously invalid and fake table name.
     646        $table_name = "\xff\xff\xff\xff";
     647
     648        $queries = array(
     649            "SHOW CREATE TABLE $table_name",
     650            "DESCRIBE $table_name",
     651            "DESC $table_name",
     652            "EXPLAIN SELECT * FROM $table_name",
     653            "CREATE $table_name( a VARCHAR(100))",
     654        );
     655
     656        foreach ( $queries as &$query ) {
     657            $query = array( $query );
     658        }
     659        unset( $query );
     660
     661        return $queries;
     662    }
     663
     664    /**
     665     * @dataProvider data_dont_strip_text_from_schema_queries
     666     * @ticket 32104
     667     */
     668    function test_dont_strip_text_from_schema_queries( $query ) {
     669        $return = self::$_wpdb->strip_invalid_text_from_query( $query );
     670        $this->assertEquals( $query, $return );
     671    }
     672
     673    /**
    642674     * @ticket 21212
    643675     */
Note: See TracChangeset for help on using the changeset viewer.