WPDB: get_table_from_query leaves SHOW results LIKE-escaped
|Reported by:||andy||Owned by:||pento|
|Component:||Database||Keywords:||has-patch has-unit-tests fixed-major|
Consider the statement SHOW TABLES LIKE 'wp_123_%'. The percent symbol is an unbounded wildcard. What might be less obvious is that the underscore is a wildcard matching one character. So this statement matches wp_123_posts as well as wp_1234_posts, wp_1234. The underscores in that LIKE string should be escaped.
The correct pattern is SHOW TABLES LIKE 'wp\_123\_%'.
However, all wpdb::get_table_from_query() gets from that statement is 'wp' since its subpattern stops matching at the first backslash. From the unescaped version it gets 'wp_123_' which is more useful. In fact, the latter is what hyperdb has always used to correctly map the table to a server when such a query was encountered. The liability of this workaround is that unwanted tables might be included in the results, as shown above.
To be more useful, wpdb::get_table_from_query() should unescape underscores when the match is being used with LIKE.
Change History (10)
- Keywords has-patch reporter-feedback has-unit-tests added
- Milestone changed from Awaiting Review to 4.6.2
- Owner set to pento
- Status changed from new to assigned
- Keywords fixed-major added
- Resolution fixed deleted
- Status changed from closed to reopened