WordPress.org

Make WordPress Core

Changeset 33311


Ignore:
Timestamp:
07/17/2015 07:09:32 AM (5 years ago)
Author:
pento
Message:

WPDB: ::strip_text_from_query() doesn't pass a length to ::strip_invalid_text(), which was causing queries to fail when they contained characters that needed to be sanity checked by MySQL.

Props dd32, mdawaffe, pento.

Merges [33310] to the 4.2 branch.

Fixes #32279.

Location:
branches/4.2
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.2/src/wp-includes/wp-db.php

    r33309 r33311  
    25952595            if ( is_array( $value['length'] ) ) {
    25962596                $length = $value['length']['length'];
     2597                $truncate_by_byte_length = 'byte' === $value['length']['type'];
    25972598            } else {
    25982599                $length = false;
     2600                // Since we have no length, we'll never truncate.
     2601                // Initialize the variable to false. true would take us
     2602                // through an unnecessary (for this case) codepath below.
     2603                $truncate_by_byte_length = false;
    25992604            }
    26002605
     
    26082613                continue;
    26092614            }
    2610 
    2611             $truncate_by_byte_length = 'byte' === $value['length']['type'];
    26122615
    26132616            $needs_validation = true;
     
    26842687                    }
    26852688
    2686                     $queries[ $col ] = $this->prepare( "CONVERT( LEFT( CONVERT( %s USING $charset ), %.0f ) USING {$this->charset} )", $value['value'], $value['length']['length'] );
     2689                    if ( is_array( $value['length'] ) ) {
     2690                        $queries[ $col ] = $this->prepare( "CONVERT( LEFT( CONVERT( %s USING $charset ), %.0f ) USING {$this->charset} )", $value['value'], $value['length']['length'] );
     2691                    } else if ( 'binary' !== $charset ) {
     2692                        // If we don't have a length, there's no need to convert binary - it will always return the same result.
     2693                        $queries[ $col ] = $this->prepare( "CONVERT( CONVERT( %s USING $charset ) USING {$this->charset} )", $value['value'] );
     2694                    }
    26872695
    26882696                    unset( $data[ $col ]['db'] );
  • branches/4.2/tests/phpunit/tests/db/charset.php

    r33309 r33311  
    214214                'expected' => "\xd8ord\xd0ress",
    215215                'length'   => array( 'type' => 'char', 'length' => 100 ),
     216            ),
     217            'cp1251_no_length' => array(
     218                'charset'  => 'cp1251',
     219                'value'    => "\xd8ord\xd0ress",
     220                'expected' => "\xd8ord\xd0ress",
     221                'length'   => false,
     222            ),
     223            'cp1251_no_length_ascii' => array(
     224                'charset'  => 'cp1251',
     225                'value'    => "WordPress",
     226                'expected' => "WordPress",
     227                'length'   => false,
     228                // Don't set 'ascii' => true/false.
     229                // That's a different codepath than it being unset even if
     230                // three's only only ASCII in the value.
    216231            ),
    217232            'cp1251_char_length' => array(
     
    808823        $this->assertEquals( 255, strlen( $stripped ) );
    809824    }
     825
     826    /**
     827     * @ticket 32279
     828     */
     829    function test_strip_invalid_text_from_query_cp1251_is_safe() {
     830        $tablename = 'test_cp1251_query_' . rand_str( 5 );
     831        if ( ! self::$_wpdb->query( "CREATE TABLE $tablename ( a VARCHAR(50) ) DEFAULT CHARSET 'cp1251'" ) ) {
     832            $this->markTestSkipped( "Test requires the 'cp1251' charset" );
     833        }
     834
     835        $safe_query = "INSERT INTO $tablename( `a` ) VALUES( 'safe data' )";
     836        $stripped_query = self::$_wpdb->strip_invalid_text_from_query( $safe_query );
     837
     838        self::$_wpdb->query( "DROP TABLE $tablename" );
     839
     840        $this->assertEquals( $safe_query, $stripped_query );
     841    }
    810842}
Note: See TracChangeset for help on using the changeset viewer.