Make WordPress Core

Changeset 33479


Ignore:
Timestamp:
07/29/2015 06:45:12 AM (9 years ago)
Author:
pento
Message:

WPDB: ::strip_text_from_query() doesn't pass a length to ::strip_invalid_text(), which was causing queries to fail when they contained characters that needed to be sanity checked by MySQL.

Props dd32, mdawaffe, pento.

Merges [33310] to the 4.1 branch.

See #32279.

Location:
branches/4.1
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.1/src/wp-includes/wp-db.php

    r33478 r33479  
    25712571            if ( is_array( $value['length'] ) ) {
    25722572                $length = $value['length']['length'];
     2573                $truncate_by_byte_length = 'byte' === $value['length']['type'];
    25732574            } else {
    25742575                $length = false;
     2576                // Since we have no length, we'll never truncate.
     2577                // Initialize the variable to false. true would take us
     2578                // through an unnecessary (for this case) codepath below.
     2579                $truncate_by_byte_length = false;
    25752580            }
    25762581
     
    25842589                continue;
    25852590            }
    2586 
    2587             $truncate_by_byte_length = 'byte' === $value['length']['type'];
    25882591
    25892592            $needs_validation = true;
     
    26602663                    }
    26612664
    2662                     $queries[ $col ] = $this->prepare( "CONVERT( LEFT( CONVERT( %s USING $charset ), %.0f ) USING {$this->charset} )", $value['value'], $value['length']['length'] );
     2665                    if ( is_array( $value['length'] ) ) {
     2666                        $queries[ $col ] = $this->prepare( "CONVERT( LEFT( CONVERT( %s USING $charset ), %.0f ) USING {$this->charset} )", $value['value'], $value['length']['length'] );
     2667                    } else if ( 'binary' !== $charset ) {
     2668                        // If we don't have a length, there's no need to convert binary - it will always return the same result.
     2669                        $queries[ $col ] = $this->prepare( "CONVERT( CONVERT( %s USING $charset ) USING {$this->charset} )", $value['value'] );
     2670                    }
    26632671
    26642672                    unset( $data[ $col ]['db'] );
  • branches/4.1/tests/phpunit/tests/db/charset.php

    r33478 r33479  
    214214                'expected' => "\xd8ord\xd0ress",
    215215                'length'   => array( 'type' => 'char', 'length' => 100 ),
     216            ),
     217            'cp1251_no_length' => array(
     218                'charset'  => 'cp1251',
     219                'value'    => "\xd8ord\xd0ress",
     220                'expected' => "\xd8ord\xd0ress",
     221                'length'   => false,
     222            ),
     223            'cp1251_no_length_ascii' => array(
     224                'charset'  => 'cp1251',
     225                'value'    => "WordPress",
     226                'expected' => "WordPress",
     227                'length'   => false,
     228                // Don't set 'ascii' => true/false.
     229                // That's a different codepath than it being unset even if
     230                // three's only only ASCII in the value.
    216231            ),
    217232            'cp1251_char_length' => array(
     
    804819        $this->assertEquals( 255, strlen( $stripped ) );
    805820    }
     821
     822    /**
     823     * @ticket 32279
     824     */
     825    function test_strip_invalid_text_from_query_cp1251_is_safe() {
     826        $tablename = 'test_cp1251_query_' . rand_str( 5 );
     827        if ( ! self::$_wpdb->query( "CREATE TABLE $tablename ( a VARCHAR(50) ) DEFAULT CHARSET 'cp1251'" ) ) {
     828            $this->markTestSkipped( "Test requires the 'cp1251' charset" );
     829        }
     830
     831        $safe_query = "INSERT INTO $tablename( `a` ) VALUES( 'safe data' )";
     832        $stripped_query = self::$_wpdb->strip_invalid_text_from_query( $safe_query );
     833
     834        self::$_wpdb->query( "DROP TABLE $tablename" );
     835
     836        $this->assertEquals( $safe_query, $stripped_query );
     837    }
    806838}
Note: See TracChangeset for help on using the changeset viewer.