Make WordPress Core

Opened 6 years ago

Last modified 6 years ago

#43664 new defect (bug)

$wpdb->get_results fails in specific cases with non-latin charaters in where clause

Reported by: altert's profile altert Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.9.4
Component: Database Keywords: needs-patch has-unit-tests
Focuses: Cc:

Description

Let's say we have user with display name 'Алексей';

$wpdb->get_results("SELECT user_login FROM $wpdb->users where `display_name`='Алексей' ", ARRAY_A);

executes normally

$wpdb->get_results("SELECT user_login AS 'russian person' FROM $wpdb->users where `display_name`='Алексей' ", ARRAY_A);

executes normally as well

but

$wpdb->get_results("SELECT user_login AS 'person from Russia' FROM $wpdb->users where `display_name`='Алексей' ", ARRAY_A);

returns empty array and results in error:
[table <table_prefix> Russia.doesn't exist]
SHOW FULL COLUMNS FROM Russia

That means 'from' in 'person from Russia' somehow gets in sql

It's an obscure enough situation, but might signify that something is wrong with wpdb query handling

Attachments (1)

43664.test.diff (437 bytes) - added by soulseekah 6 years ago.
tests

Download all attachments as: .zip

Change History (3)

#1 @altert
6 years ago

most likely the culprit is regexp in get_table_from_query function in wp-includes/wp-db.php

It is called from check_safe_collation on non-asciii queries.

Possible solution would be to assume that last 'from' in query should be used and therefore non-greedy modifier should be dropped from select-from matching, so SELECT.*?\s+FROM should be SELECT.*\s+FROM

@soulseekah
6 years ago

tests

#2 @soulseekah
6 years ago

  • Keywords needs-patch has-unit-tests added

Алексей, welcome to Trac :)

43664.diff provides the breaking test case in $wpdb::get_table_from_query

Note: See TracTickets for help on using tickets.