WordPress.org

Make WordPress Core

Changeset 33310


Ignore:
Timestamp:
07/17/2015 07:06:33 AM (5 years ago)
Author:
pento
Message:

WPDB: ::strip_text_from_query() doesn't pass a length to ::strip_invalid_text(), which was causing queries to fail when they contained characters that needed to be sanity checked by MySQL.

Props dd32, mdawaffe, pento.

Fixes #32279.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/wp-db.php

    r33308 r33310  
    26302630            if ( is_array( $value['length'] ) ) {
    26312631                $length = $value['length']['length'];
     2632                $truncate_by_byte_length = 'byte' === $value['length']['type'];
    26322633            } else {
    26332634                $length = false;
     2635                // Since we have no length, we'll never truncate.
     2636                // Initialize the variable to false. true would take us
     2637                // through an unnecessary (for this case) codepath below.
     2638                $truncate_by_byte_length = false;
    26342639            }
    26352640
     
    26432648                continue;
    26442649            }
    2645 
    2646             $truncate_by_byte_length = 'byte' === $value['length']['type'];
    26472650
    26482651            $needs_validation = true;
     
    27192722                    }
    27202723
    2721                     $queries[ $col ] = $this->prepare( "CONVERT( LEFT( CONVERT( %s USING $charset ), %.0f ) USING {$this->charset} )", $value['value'], $value['length']['length'] );
     2724                    if ( is_array( $value['length'] ) ) {
     2725                        $queries[ $col ] = $this->prepare( "CONVERT( LEFT( CONVERT( %s USING $charset ), %.0f ) USING {$this->charset} )", $value['value'], $value['length']['length'] );
     2726                    } else if ( 'binary' !== $charset ) {
     2727                        // If we don't have a length, there's no need to convert binary - it will always return the same result.
     2728                        $queries[ $col ] = $this->prepare( "CONVERT( CONVERT( %s USING $charset ) USING {$this->charset} )", $value['value'] );
     2729                    }
    27222730
    27232731                    unset( $data[ $col ]['db'] );
  • trunk/tests/phpunit/tests/db/charset.php

    r33308 r33310  
    214214                'expected' => "\xd8ord\xd0ress",
    215215                'length'   => array( 'type' => 'char', 'length' => 100 ),
     216            ),
     217            'cp1251_no_length' => array(
     218                'charset'  => 'cp1251',
     219                'value'    => "\xd8ord\xd0ress",
     220                'expected' => "\xd8ord\xd0ress",
     221                'length'   => false,
     222            ),
     223            'cp1251_no_length_ascii' => array(
     224                'charset'  => 'cp1251',
     225                'value'    => "WordPress",
     226                'expected' => "WordPress",
     227                'length'   => false,
     228                // Don't set 'ascii' => true/false.
     229                // That's a different codepath than it being unset even if
     230                // three's only only ASCII in the value.
    216231            ),
    217232            'cp1251_char_length' => array(
     
    808823        $this->assertEquals( 255, strlen( $stripped ) );
    809824    }
     825
     826    /**
     827     * @ticket 32279
     828     */
     829    function test_strip_invalid_text_from_query_cp1251_is_safe() {
     830        $tablename = 'test_cp1251_query_' . rand_str( 5 );
     831        if ( ! self::$_wpdb->query( "CREATE TABLE $tablename ( a VARCHAR(50) ) DEFAULT CHARSET 'cp1251'" ) ) {
     832            $this->markTestSkipped( "Test requires the 'cp1251' charset" );
     833        }
     834
     835        $safe_query = "INSERT INTO $tablename( `a` ) VALUES( 'safe data' )";
     836        $stripped_query = self::$_wpdb->strip_invalid_text_from_query( $safe_query );
     837
     838        self::$_wpdb->query( "DROP TABLE $tablename" );
     839
     840        $this->assertEquals( $safe_query, $stripped_query );
     841    }
    810842}
Note: See TracChangeset for help on using the changeset viewer.