<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[32188] branches/3.7: Merge the query sanity checks from #21212 to the 3.7 branch.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="https://core.trac.wordpress.org/changeset/32188">32188</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"https://core.trac.wordpress.org/changeset/32188","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>pento</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2015-04-20 11:51:13 +0000 (Mon, 20 Apr 2015)</dd>
</dl>
<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>Merge the query sanity checks from <a href="https://core.trac.wordpress.org/ticket/21212">#21212</a> to the 3.7 branch.
Props pento, nacin, mdawaffe, DrewAPicture.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branches37srcwpadminincludespostphp">branches/3.7/src/wp-admin/includes/post.php</a></li>
<li><a href="#branches37srcwpincludeswpdbphp">branches/3.7/src/wp-includes/wp-db.php</a></li>
<li><a href="#branches37testsphpunitincludesutilsphp">branches/3.7/tests/phpunit/includes/utils.php</a></li>
<li><a href="#branches37testsphpunittestsdbphp">branches/3.7/tests/phpunit/tests/db.php</a></li>
<li><a href="#branches37testsphpunittestspostphp">branches/3.7/tests/phpunit/tests/post.php</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li>branches/3.7/tests/phpunit/tests/db/</li>
<li><a href="#branches37testsphpunittestsdbcharsetphp">branches/3.7/tests/phpunit/tests/db/charset.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branches37srcwpadminincludespostphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/3.7/src/wp-admin/includes/post.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/3.7/src/wp-admin/includes/post.php 2015-04-20 11:32:18 UTC (rev 32187)
+++ branches/3.7/src/wp-admin/includes/post.php 2015-04-20 11:51:13 UTC (rev 32188)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -166,6 +166,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return int Post ID.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function edit_post( $post_data = null ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ global $wpdb;
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if ( empty($post_data) )
</span><span class="cx" style="display: block; padding: 0 10px"> $post_data = &$_POST;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -295,8 +296,20 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> update_post_meta( $post_ID, '_edit_last', get_current_user_id() );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- wp_update_post( $post_data );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $success = wp_update_post( $post_data );
+ // If the save failed, see if we can sanity check the main fields and try again
+ if ( ! $success && is_callable( array( $wpdb, 'strip_invalid_text_for_column' ) ) ) {
+ $fields = array( 'post_title', 'post_content', 'post_excerpt' );
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ foreach( $fields as $field ) {
+ if ( isset( $post_data[ $field ] ) ) {
+ $post_data[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->posts, $field, $post_data[ $field ] );
+ }
+ }
+
+ wp_update_post( $post_data );
+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> // Now that we have an ID we can fix any attachment anchor hrefs
</span><span class="cx" style="display: block; padding: 0 10px"> _fix_attachment_links( $post_ID );
</span><span class="cx" style="display: block; padding: 0 10px">
</span></span></pre></div>
<a id="branches37srcwpincludeswpdbphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/3.7/src/wp-includes/wp-db.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/3.7/src/wp-includes/wp-db.php 2015-04-20 11:32:18 UTC (rev 32187)
+++ branches/3.7/src/wp-includes/wp-db.php 2015-04-20 11:51:13 UTC (rev 32188)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -140,6 +140,43 @@
</span><span class="cx" style="display: block; padding: 0 10px"> protected $result;
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Cached column info, for sanity checking data before inserting
+ *
+ * @since 4.2.0
+ * @access protected
+ * @var array
+ */
+ protected $col_meta = array();
+
+ /**
+ * Calculated character sets on tables
+ *
+ * @since 4.2.0
+ * @access protected
+ * @var array
+ */
+ protected $table_charset = array();
+
+ /**
+ * Whether text fields in the current query need to be sanity checked.
+ *
+ * @since 4.2.0
+ * @access protected
+ * @var bool
+ */
+ protected $check_current_query = true;
+
+ /**
+ * Flag to ensure we don't run into recursion problems when checking the collation.
+ *
+ * @since 4.2.0
+ * @access private
+ * @see wpdb::check_safe_collation()
+ * @var boolean
+ */
+ private $checking_collation = false;
+
+ /**
</ins><span class="cx" style="display: block; padding: 0 10px"> * Saved info on the table column
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 0.71
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -575,6 +612,14 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @param mixed $value The value to set
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function __set( $name, $value ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $protected_members = array(
+ 'col_meta',
+ 'table_charset',
+ 'check_current_query',
+ );
+ if ( in_array( $name, $protected_members, true ) ) {
+ return;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px"> $this->$name = $value;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1178,8 +1223,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return int|false Number of rows affected/selected or false on error
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function query( $query ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( ! $this->ready )
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( ! $this->ready ) {
+ $this->check_current_query = true;
</ins><span class="cx" style="display: block; padding: 0 10px"> return false;
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Filter the database query.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1196,6 +1244,20 @@
</span><span class="cx" style="display: block; padding: 0 10px"> // Log how the function was called
</span><span class="cx" style="display: block; padding: 0 10px"> $this->func_call = "\$db->query(\"$query\")";
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // If we're writing to the database, make sure the query will write safely.
+ if ( $this->check_current_query && ! $this->check_ascii( $query ) ) {
+ $stripped_query = $this->strip_invalid_text_from_query( $query );
+ // strip_invalid_text_from_query() can perform queries, so we need
+ // to flush again, just to make sure everything is clear.
+ $this->flush();
+ if ( $stripped_query !== $query ) {
+ $this->insert_id = 0;
+ return false;
+ }
+ }
+
+ $this->check_current_query = true;
+
</ins><span class="cx" style="display: block; padding: 0 10px"> // Keep track of the last query for debug..
</span><span class="cx" style="display: block; padding: 0 10px"> $this->last_query = $query;
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1309,23 +1371,29 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return int|false The number of rows affected, or false on error.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function _insert_replace_helper( $table, $data, $format = null, $type = 'INSERT' ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( ! in_array( strtoupper( $type ), array( 'REPLACE', 'INSERT' ) ) )
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( ! in_array( strtoupper( $type ), array( 'REPLACE', 'INSERT' ) ) ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> return false;
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ }
+
+ $data = $this->process_fields( $table, $data, $format );
+ if ( false === $data ) {
+ return false;
+ }
+
+ $formats = $values = array();
+ foreach ( $data as $value ) {
+ $formats[] = $value['format'];
+ $values[] = $value['value'];
+ }
+
+ $fields = '`' . implode( '`, `', array_keys( $data ) ) . '`';
+ $formats = implode( ', ', $formats );
+
+ $sql = "$type INTO `$table` ($fields) VALUES ($formats)";
+
</ins><span class="cx" style="display: block; padding: 0 10px"> $this->insert_id = 0;
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $formats = $format = (array) $format;
- $fields = array_keys( $data );
- $formatted_fields = array();
- foreach ( $fields as $field ) {
- if ( !empty( $format ) )
- $form = ( $form = array_shift( $formats ) ) ? $form : $format[0];
- elseif ( isset( $this->field_types[$field] ) )
- $form = $this->field_types[$field];
- else
- $form = '%s';
- $formatted_fields[] = $form;
- }
- $sql = "{$type} INTO `$table` (`" . implode( '`,`', $fields ) . "`) VALUES (" . implode( ",", $formatted_fields ) . ")";
- return $this->query( $this->prepare( $sql, $data ) );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $this->check_current_query = false;
+ return $this->query( $this->prepare( $sql, $values ) );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1350,34 +1418,36 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return int|false The number of rows updated, or false on error.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function update( $table, $data, $where, $format = null, $where_format = null ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( ! is_array( $data ) || ! is_array( $where ) )
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( ! is_array( $data ) || ! is_array( $where ) ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> return false;
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $formats = $format = (array) $format;
- $bits = $wheres = array();
- foreach ( (array) array_keys( $data ) as $field ) {
- if ( !empty( $format ) )
- $form = ( $form = array_shift( $formats ) ) ? $form : $format[0];
- elseif ( isset($this->field_types[$field]) )
- $form = $this->field_types[$field];
- else
- $form = '%s';
- $bits[] = "`$field` = {$form}";
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $data = $this->process_fields( $table, $data, $format );
+ if ( false === $data ) {
+ return false;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $where = $this->process_fields( $table, $where, $where_format );
+ if ( false === $where ) {
+ return false;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $where_formats = $where_format = (array) $where_format;
- foreach ( (array) array_keys( $where ) as $field ) {
- if ( !empty( $where_format ) )
- $form = ( $form = array_shift( $where_formats ) ) ? $form : $where_format[0];
- elseif ( isset( $this->field_types[$field] ) )
- $form = $this->field_types[$field];
- else
- $form = '%s';
- $wheres[] = "`$field` = {$form}";
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $fields = $conditions = $values = array();
+ foreach ( $data as $field => $value ) {
+ $fields[] = "`$field` = " . $value['format'];
+ $values[] = $value['value'];
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ foreach ( $where as $field => $value ) {
+ $conditions[] = "`$field` = " . $value['format'];
+ $values[] = $value['value'];
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $sql = "UPDATE `$table` SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres );
- return $this->query( $this->prepare( $sql, array_merge( array_values( $data ), array_values( $where ) ) ) );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $fields = implode( ', ', $fields );
+ $conditions = implode( ' AND ', $conditions );
+
+ $sql = "UPDATE `$table` SET $fields WHERE $conditions";
+
+ $this->check_current_query = false;
+ return $this->query( $this->prepare( $sql, $values ) );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1399,30 +1469,135 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return int|false The number of rows updated, or false on error.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function delete( $table, $where, $where_format = null ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( ! is_array( $where ) )
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( ! is_array( $where ) ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> return false;
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $bits = $wheres = array();
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $where = $this->process_fields( $table, $where, $where_format );
+ if ( false === $where ) {
+ return false;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $where_formats = $where_format = (array) $where_format;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $conditions = $values = array();
+ foreach ( $where as $field => $value ) {
+ $conditions[] = "`$field` = " . $value['format'];
+ $values[] = $value['value'];
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- foreach ( array_keys( $where ) as $field ) {
- if ( !empty( $where_format ) ) {
- $form = ( $form = array_shift( $where_formats ) ) ? $form : $where_format[0];
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $conditions = implode( ' AND ', $conditions );
+
+ $sql = "DELETE FROM `$table` WHERE $conditions";
+
+ $this->check_current_query = false;
+ return $this->query( $this->prepare( $sql, $values ) );
+ }
+
+
+ /**
+ * Processes arrays of field/value pairs and field formats.
+ *
+ * This is a helper method for wpdb's CRUD methods, which take field/value
+ * pairs for inserts, updates, and where clauses. This method first pairs
+ * each value with a format. Then it determines the charset of that field,
+ * using that to determine if any invalid text would be stripped. If text is
+ * stripped, then field processing is rejected and the query fails.
+ *
+ * @since 4.2.0
+ * @access protected
+ *
+ * @param string $table Table name.
+ * @param array $data Field/value pair.
+ * @param mixed $format Format for each field.
+ * @return array|bool Returns an array of fields that contain paired values
+ * and formats. Returns false for invalid values.
+ */
+ protected function process_fields( $table, $data, $format ) {
+ $data = $this->process_field_formats( $data, $format );
+ $data = $this->process_field_charsets( $data, $table );
+ if ( false === $data ) {
+ return false;
+ }
+
+ $converted_data = $this->strip_invalid_text( $data );
+
+ if ( $data !== $converted_data ) {
+ return false;
+ }
+
+ return $data;
+ }
+
+ /**
+ * Prepares arrays of value/format pairs as passed to wpdb CRUD methods.
+ *
+ * @since 4.2.0
+ * @access protected
+ *
+ * @param array $data Array of fields to values.
+ * @param mixed $format Formats to be mapped to the values in $data.
+ * @return array Array, keyed by field names with values being an array
+ * of 'value' and 'format' keys.
+ */
+ protected function process_field_formats( $data, $format ) {
+ $formats = $original_formats = (array) $format;
+
+ foreach ( $data as $field => $value ) {
+ $value = array(
+ 'value' => $value,
+ 'format' => '%s',
+ );
+
+ if ( ! empty( $format ) ) {
+ $value['format'] = array_shift( $formats );
+ if ( ! $value['format'] ) {
+ $value['format'] = reset( $original_formats );
+ }
</ins><span class="cx" style="display: block; padding: 0 10px"> } elseif ( isset( $this->field_types[ $field ] ) ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $form = $this->field_types[ $field ];
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $value['format'] = $this->field_types[ $field ];
+ }
+
+ $data[ $field ] = $value;
+ }
+
+ return $data;
+ }
+
+ /**
+ * Adds field charsets to field/value/format arrays generated by
+ * the {@see wpdb::process_field_formats()} method.
+ *
+ * @since 4.2.0
+ * @access protected
+ *
+ * @param array $data As it comes from the {@see wpdb::process_field_formats()} method.
+ * @param string $table Table name.
+ * @return The same array as $data with additional 'charset' keys.
+ */
+ protected function process_field_charsets( $data, $table ) {
+ foreach ( $data as $field => $value ) {
+ if ( '%d' === $value['format'] || '%f' === $value['format'] ) {
+ // We can skip this field if we know it isn't a string.
+ // This checks %d/%f versus ! %s because it's sprintf() could take more.
+ $value['charset'] = false;
+ } elseif ( $this->check_ascii( $value['value'] ) ) {
+ // If it's ASCII, then we don't need the charset. We can skip this field.
+ $value['charset'] = false;
</ins><span class="cx" style="display: block; padding: 0 10px"> } else {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $form = '%s';
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $value['charset'] = $this->get_col_charset( $table, $field );
+ if ( is_wp_error( $value['charset'] ) ) {
+ return false;
+ }
+
+ // This isn't ASCII. Don't have strip_invalid_text() re-check.
+ $value['ascii'] = false;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $wheres[] = "$field = $form";
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $data[ $field ] = $value;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $sql = "DELETE FROM $table WHERE " . implode( ' AND ', $wheres );
- return $this->query( $this->prepare( $sql, $where ) );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ return $data;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Retrieve one variable from the database.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1439,6 +1614,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function get_var( $query = null, $x = 0, $y = 0 ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $this->func_call = "\$db->get_var(\"$query\", $x, $y)";
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ if ( $this->check_safe_collation( $query ) ) {
+ $this->check_current_query = false;
+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> if ( $query )
</span><span class="cx" style="display: block; padding: 0 10px"> $this->query( $query );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1466,6 +1646,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function get_row( $query = null, $output = OBJECT, $y = 0 ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $this->func_call = "\$db->get_row(\"$query\",$output,$y)";
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ if ( $this->check_safe_collation( $query ) ) {
+ $this->check_current_query = false;
+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> if ( $query )
</span><span class="cx" style="display: block; padding: 0 10px"> $this->query( $query );
</span><span class="cx" style="display: block; padding: 0 10px"> else
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1499,6 +1684,10 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return array Database query result. Array indexed from 0 by SQL result row number.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function get_col( $query = null , $x = 0 ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( $this->check_safe_collation( $query ) ) {
+ $this->check_current_query = false;
+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> if ( $query )
</span><span class="cx" style="display: block; padding: 0 10px"> $this->query( $query );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1526,6 +1715,10 @@
</span><span class="cx" style="display: block; padding: 0 10px"> function get_results( $query = null, $output = OBJECT ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $this->func_call = "\$db->get_results(\"$query\", $output)";
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( $this->check_safe_collation( $query ) ) {
+ $this->check_current_query = false;
+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> if ( $query )
</span><span class="cx" style="display: block; padding: 0 10px"> $this->query( $query );
</span><span class="cx" style="display: block; padding: 0 10px"> else
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1563,7 +1756,509 @@
</span><span class="cx" style="display: block; padding: 0 10px"> return null;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Retrieves the character set for the given table.
+ *
+ * @since 4.2.0
+ * @access protected
+ *
+ * @param string $table Table name.
+ * @return string|WP_Error Table character set, {@see WP_Error} object if it couldn't be found.
+ */
+ protected function get_table_charset( $table ) {
+ $tablekey = strtolower( $table );
+
+ /**
+ * Filter the table charset value before the DB is checked.
+ *
+ * Passing a non-null value to the filter will effectively short-circuit
+ * checking the DB for the charset, returning that value instead.
+ *
+ * @since 4.2.0
+ *
+ * @param string $charset The character set to use. Default null.
+ * @param string $table The name of the table being checked.
+ */
+ $charset = apply_filters( 'pre_get_table_charset', null, $table );
+ if ( null !== $charset ) {
+ return $charset;
+ }
+
+ if ( isset( $this->table_charset[ $tablekey ] ) ) {
+ return $this->table_charset[ $tablekey ];
+ }
+
+ $charsets = $columns = array();
+ $results = $this->get_results( "SHOW FULL COLUMNS FROM `$table`" );
+ if ( ! $results ) {
+ return new WP_Error( 'wpdb_get_table_charset_failure' );
+ }
+
+ foreach ( $results as $column ) {
+ $columns[ strtolower( $column->Field ) ] = $column;
+ }
+
+ $this->col_meta[ $tablekey ] = $columns;
+
+ foreach ( $columns as $column ) {
+ if ( ! empty( $column->Collation ) ) {
+ list( $charset ) = explode( '_', $column->Collation );
+ $charsets[ strtolower( $charset ) ] = true;
+ }
+
+ list( $type ) = explode( '(', $column->Type );
+
+ // A binary/blob means the whole query gets treated like this.
+ if ( in_array( strtoupper( $type ), array( 'BINARY', 'VARBINARY', 'TINYBLOB', 'MEDIUMBLOB', 'BLOB', 'LONGBLOB' ) ) ) {
+ $this->table_charset[ $tablekey ] = 'binary';
+ return 'binary';
+ }
+ }
+
+ // utf8mb3 is an alias for utf8.
+ if ( isset( $charsets['utf8mb3'] ) ) {
+ $charsets['utf8'] = true;
+ unset( $charsets['utf8mb3'] );
+ }
+
+ // Check if we have more than one charset in play.
+ $count = count( $charsets );
+ if ( 1 === $count ) {
+ $charset = key( $charsets );
+ } elseif ( 0 === $count ) {
+ // No charsets, assume this table can store whatever.
+ $charset = false;
+ } else {
+ // More than one charset. Remove latin1 if present and recalculate.
+ unset( $charsets['latin1'] );
+ $count = count( $charsets );
+ if ( 1 === $count ) {
+ // Only one charset (besides latin1).
+ $charset = key( $charsets );
+ } elseif ( 2 === $count && isset( $charsets['utf8'], $charsets['utf8mb4'] ) ) {
+ // Two charsets, but they're utf8 and utf8mb4, use utf8.
+ $charset = 'utf8';
+ } else {
+ // Two mixed character sets. ascii.
+ $charset = 'ascii';
+ }
+ }
+
+ $this->table_charset[ $tablekey ] = $charset;
+ return $charset;
+ }
+
+ /**
+ * Retrieves the character set for the given column.
+ *
+ * @since 4.2.0
+ * @access public
+ *
+ * @param string $table Table name.
+ * @param string $column Column name.
+ * @return mixed Column character set as a string. False if the column has no
+ * character set. {@see WP_Error} object if there was an error.
+ */
+ public function get_col_charset( $table, $column ) {
+ $tablekey = strtolower( $table );
+ $columnkey = strtolower( $column );
+
+ /**
+ * Filter the column charset value before the DB is checked.
+ *
+ * Passing a non-null value to the filter will short-circuit
+ * checking the DB for the charset, returning that value instead.
+ *
+ * @since 4.2.0
+ *
+ * @param string $charset The character set to use. Default null.
+ * @param string $table The name of the table being checked.
+ * @param string $column The name of the column being checked.
+ */
+ $charset = apply_filters( 'pre_get_col_charset', null, $table, $column );
+ if ( null !== $charset ) {
+ return $charset;
+ }
+
+ // Skip this entirely if this isn't a MySQL database.
+ if ( false === $this->is_mysql ) {
+ return false;
+ }
+
+ if ( empty( $this->table_charset[ $tablekey ] ) ) {
+ // This primes column information for us.
+ $table_charset = $this->get_table_charset( $table );
+ if ( is_wp_error( $table_charset ) ) {
+ return $table_charset;
+ }
+ }
+
+ // If still no column information, return the table charset.
+ if ( empty( $this->col_meta[ $tablekey ] ) ) {
+ return $this->table_charset[ $tablekey ];
+ }
+
+ // If this column doesn't exist, return the table charset.
+ if ( empty( $this->col_meta[ $tablekey ][ $columnkey ] ) ) {
+ return $this->table_charset[ $tablekey ];
+ }
+
+ // Return false when it's not a string column.
+ if ( empty( $this->col_meta[ $tablekey ][ $columnkey ]->Collation ) ) {
+ return false;
+ }
+
+ list( $charset ) = explode( '_', $this->col_meta[ $tablekey ][ $columnkey ]->Collation );
+ return $charset;
+ }
+
+ /**
+ * Check if a string is ASCII.
+ *
+ * The negative regex is faster for non-ASCII strings, as it allows
+ * the search to finish as soon as it encounters a non-ASCII character.
+ *
+ * @since 4.2.0
+ * @access protected
+ *
+ * @param string $string String to check.
+ * @return bool True if ASCII, false if not.
+ */
+ protected function check_ascii( $string ) {
+ if ( function_exists( 'mb_check_encoding' ) ) {
+ if ( mb_check_encoding( $string, 'ASCII' ) ) {
+ return true;
+ }
+ } elseif ( ! preg_match( '/[^\x00-\x7F]/', $string ) ) {
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Check if the query is accessing a collation considered safe on the current version of MySQL.
+ *
+ * @since 4.2.0
+ * @access protected
+ *
+ * @param string $query The query to check.
+ * @return bool True if the collation is safe, false if it isn't.
+ */
+ protected function check_safe_collation( $query ) {
+ if ( $this->checking_collation ) {
+ return true;
+ }
+ $table = $this->get_table_from_query( $query );
+ if ( ! $table ) {
+ return false;
+ }
+
+ $this->checking_collation = true;
+ $this->get_table_charset( $table );
+ $this->checking_collation = false;
+
+ $table = strtolower( $table );
+ if ( empty( $this->col_meta[ $table ] ) ) {
+ return false;
+ }
+
+ foreach( $this->col_meta[ $table ] as $col ) {
+ if ( empty( $col->Collation ) ) {
+ continue;
+ }
+
+ if ( ! in_array( $col->Collation, array( 'utf8_general_ci', 'utf8_bin', 'utf8mb4_general_ci', 'utf8mb4_bin' ), true ) ) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ /**
+ * Strips any invalid characters based on value/charset pairs.
+ *
+ * @since 4.2.0
+ * @access protected
+ *
+ * @param array $data Array of value arrays. Each value array has the keys
+ * 'value' and 'charset'. An optional 'ascii' key can be
+ * set to false to avoid redundant ASCII checks.
+ * @return array|WP_Error The $data parameter, with invalid characters removed from
+ * each value. This works as a passthrough: any additional keys
+ * such as 'field' are retained in each value array. If we cannot
+ * remove invalid characters, a {@see WP_Error} object is returned.
+ */
+ protected function strip_invalid_text( $data ) {
+ // Some multibyte character sets that we can check in PHP.
+ $mb_charsets = array(
+ 'ascii' => 'ASCII',
+ 'big5' => 'BIG-5',
+ 'eucjpms' => 'eucJP-win',
+ 'gb2312' => 'EUC-CN',
+ 'ujis' => 'EUC-JP',
+ 'utf32' => 'UTF-32',
+ );
+
+ $supported_charsets = array();
+ if ( function_exists( 'mb_list_encodings' ) ) {
+ $supported_charsets = mb_list_encodings();
+ }
+
+ $db_check_string = false;
+
+ foreach ( $data as &$value ) {
+ $charset = $value['charset'];
+
+ // Column isn't a string, or is latin1, which will will happily store anything.
+ if ( false === $charset || 'latin1' === $charset ) {
+ continue;
+ }
+
+ if ( ! is_string( $value['value'] ) ) {
+ continue;
+ }
+
+ // ASCII is always OK.
+ if ( ! isset( $value['ascii'] ) && $this->check_ascii( $value['value'] ) ) {
+ continue;
+ }
+
+ // Convert the text locally.
+ if ( $supported_charsets ) {
+ if ( isset( $mb_charsets[ $charset ] ) && in_array( $mb_charsets[ $charset ], $supported_charsets ) ) {
+ $value['value'] = mb_convert_encoding( $value['value'], $mb_charsets[ $charset ], $mb_charsets[ $charset ] );
+ continue;
+ }
+ }
+
+ // utf8 can be handled by regex, which is a bunch faster than a DB lookup.
+ if ( 'utf8' === $charset || 'utf8mb3' === $charset || 'utf8mb4' === $charset ) {
+ $regex = '/
+ (
+ (?: [\x00-\x7F] # single-byte sequences 0xxxxxxx
+ | [\xC2-\xDF][\x80-\xBF] # double-byte sequences 110xxxxx 10xxxxxx
+ | \xE0[\xA0-\xBF][\x80-\xBF] # triple-byte sequences 1110xxxx 10xxxxxx * 2
+ | [\xE1-\xEC][\x80-\xBF]{2}
+ | \xED[\x80-\x9F][\x80-\xBF]
+ | [\xEE-\xEF][\x80-\xBF]{2}';
+
+ if ( 'utf8mb4' === $charset) {
+ $regex .= '
+ | \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences 11110xxx 10xxxxxx * 3
+ | [\xF1-\xF3][\x80-\xBF]{3}
+ | \xF4[\x80-\x8F][\x80-\xBF]{2}
+ ';
+ }
+
+ $regex .= '){1,50} # ...one or more times
+ )
+ | . # anything else
+ /x';
+ $value['value'] = preg_replace( $regex, '$1', $value['value'] );
+ continue;
+ }
+
+ // We couldn't use any local conversions, send it to the DB.
+ $value['db'] = $db_check_string = true;
+ }
+ unset( $value ); // Remove by reference.
+
+ if ( $db_check_string ) {
+ $queries = array();
+ foreach ( $data as $col => $value ) {
+ if ( ! empty( $value['db'] ) ) {
+ if ( ! isset( $queries[ $value['charset'] ] ) ) {
+ $queries[ $value['charset'] ] = array();
+ }
+
+ // Split the CONVERT() calls by charset, so we can make sure the connection is right
+ $queries[ $value['charset'] ][ $col ] = $this->prepare( "CONVERT( %s USING {$value['charset']} )", $value['value'] );
+ }
+ }
+
+ $connection_charset = $this->charset;
+ foreach ( $queries as $charset => $query ) {
+ if ( ! $query ) {
+ continue;
+ }
+
+ // Change the charset to match the string(s) we're converting
+ if ( $charset !== $connection_charset ) {
+ $connection_charset = $charset;
+ $this->set_charset( $this->dbh, $charset );
+ }
+
+ $this->check_current_query = false;
+
+ $row = $this->get_row( "SELECT " . implode( ', ', $query ), ARRAY_N );
+ if ( ! $row ) {
+ $this->set_charset( $this->dbh, $connection_charset );
+ return new WP_Error( 'wpdb_strip_invalid_text_failure' );
+ }
+
+ $cols = array_keys( $query );
+ $col_count = count( $cols );
+ for ( $ii = 0; $ii < $col_count; $ii++ ) {
+ $data[ $cols[ $ii ] ]['value'] = $row[ $ii ];
+ }
+ }
+
+ // Don't forget to change the charset back!
+ if ( $connection_charset !== $this->charset ) {
+ $this->set_charset( $this->dbh );
+ }
+ }
+
+ return $data;
+ }
+
+ /**
+ * Strips any invalid characters from the query.
+ *
+ * @since 4.2.0
+ * @access protected
+ *
+ * @param string $query Query to convert.
+ * @return string|WP_Error The converted query, or a {@see WP_Error} object if the conversion fails.
+ */
+ protected function strip_invalid_text_from_query( $query ) {
+ $table = $this->get_table_from_query( $query );
+ if ( $table ) {
+ $charset = $this->get_table_charset( $table );
+ if ( is_wp_error( $charset ) ) {
+ return $charset;
+ }
+
+ // We can't reliably strip text from tables containing binary/blob columns
+ if ( 'binary' === $charset ) {
+ return $query;
+ }
+ } else {
+ $charset = $this->charset;
+ }
+
+ $data = array(
+ 'value' => $query,
+ 'charset' => $charset,
+ 'ascii' => false,
+ );
+
+ $data = $this->strip_invalid_text( array( $data ) );
+ if ( is_wp_error( $data ) ) {
+ return $data;
+ }
+
+ return $data[0]['value'];
+ }
+
+ /**
+ * Strips any invalid characters from the string for a given table and column.
+ *
+ * @since 4.2.0
+ * @access public
+ *
+ * @param string $table Table name.
+ * @param string $column Column name.
+ * @param string $value The text to check.
+ * @return string|WP_Error The converted string, or a `WP_Error` object if the conversion fails.
+ */
+ public function strip_invalid_text_for_column( $table, $column, $value ) {
+ if ( ! is_string( $value ) || $this->check_ascii( $value ) ) {
+ return $value;
+ }
+
+ $charset = $this->get_col_charset( $table, $column );
+ if ( ! $charset ) {
+ // Not a string column.
+ return $value;
+ } elseif ( is_wp_error( $charset ) ) {
+ // Bail on real errors.
+ return $charset;
+ }
+
+ $data = array(
+ $column => array(
+ 'value' => $value,
+ 'charset' => $charset,
+ 'ascii' => false,
+ )
+ );
+
+ $data = $this->strip_invalid_text( $data );
+ if ( is_wp_error( $data ) ) {
+ return $data;
+ }
+
+ return $data[ $column ]['value'];
+ }
+
+ /**
+ * Find the first table name referenced in a query.
+ *
+ * @since 4.2.0
+ * @access protected
+ *
+ * @param string $query The query to search.
+ * @return string|false $table The table name found, or false if a table couldn't be found.
+ */
+ protected function get_table_from_query( $query ) {
+ // Remove characters that can legally trail the table name.
+ $query = rtrim( $query, ';/-#' );
+
+ // Allow (select...) union [...] style queries. Use the first query's table name.
+ $query = ltrim( $query, "\r\n\t (" );
+
+ /*
+ * Strip everything between parentheses except nested selects and use only 1,000
+ * chars of the query.
+ */
+ $query = preg_replace( '/\((?!\s*select)[^(]*?\)/is', '()', substr( $query, 0, 1000 ) );
+
+ // Quickly match most common queries.
+ if ( preg_match( '/^\s*(?:'
+ . 'SELECT.*?\s+FROM'
+ . '|INSERT(?:\s+LOW_PRIORITY|\s+DELAYED|\s+HIGH_PRIORITY)?(?:\s+IGNORE)?(?:\s+INTO)?'
+ . '|REPLACE(?:\s+LOW_PRIORITY|\s+DELAYED)?(?:\s+INTO)?'
+ . '|UPDATE(?:\s+LOW_PRIORITY)?(?:\s+IGNORE)?'
+ . '|DELETE(?:\s+LOW_PRIORITY|\s+QUICK|\s+IGNORE)*(?:\s+FROM)?'
+ . ')\s+`?([\w-]+)`?/is', $query, $maybe ) ) {
+ return $maybe[1];
+ }
+
+ // SHOW TABLE STATUS and SHOW TABLES
+ if ( preg_match( '/^\s*(?:'
+ . 'SHOW\s+TABLE\s+STATUS.+(?:LIKE\s+|WHERE\s+Name\s*=\s*)'
+ . '|SHOW\s+(?:FULL\s+)?TABLES.+(?:LIKE\s+|WHERE\s+Name\s*=\s*)'
+ . ')\W([\w-]+)\W/is', $query, $maybe ) ) {
+ return $maybe[1];
+ }
+
+ // Big pattern for the rest of the table-related queries.
+ if ( preg_match( '/^\s*(?:'
+ . '(?:EXPLAIN\s+(?:EXTENDED\s+)?)?SELECT.*?\s+FROM'
+ . '|DESCRIBE|DESC|EXPLAIN|HANDLER'
+ . '|(?:LOCK|UNLOCK)\s+TABLE(?:S)?'
+ . '|(?:RENAME|OPTIMIZE|BACKUP|RESTORE|CHECK|CHECKSUM|ANALYZE|REPAIR).*\s+TABLE'
+ . '|TRUNCATE(?:\s+TABLE)?'
+ . '|CREATE(?:\s+TEMPORARY)?\s+TABLE(?:\s+IF\s+NOT\s+EXISTS)?'
+ . '|ALTER(?:\s+IGNORE)?\s+TABLE'
+ . '|DROP\s+TABLE(?:\s+IF\s+EXISTS)?'
+ . '|CREATE(?:\s+\w+)?\s+INDEX.*\s+ON'
+ . '|DROP\s+INDEX.*\s+ON'
+ . '|LOAD\s+DATA.*INFILE.*INTO\s+TABLE'
+ . '|(?:GRANT|REVOKE).*ON\s+TABLE'
+ . '|SHOW\s+(?:.*FROM|.*TABLE)'
+ . ')\s+\(*\s*`?([\w-]+)`?\s*\)*/is', $query, $maybe ) ) {
+ return $maybe[1];
+ }
+
+ return false;
+ }
+
+ /**
</ins><span class="cx" style="display: block; padding: 0 10px"> * Load the column metadata from the last query.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 3.5.0
</span></span></pre></div>
<a id="branches37testsphpunitincludesutilsphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/3.7/tests/phpunit/includes/utils.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/3.7/tests/phpunit/includes/utils.php 2015-04-20 11:32:18 UTC (rev 32187)
+++ branches/3.7/tests/phpunit/includes/utils.php 2015-04-20 11:51:13 UTC (rev 32188)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -363,3 +363,20 @@
</span><span class="cx" style="display: block; padding: 0 10px"> function _unregister_taxonomy( $taxonomy_name ) {
</span><span class="cx" style="display: block; padding: 0 10px"> unset( $GLOBALS['wp_taxonomies'][$taxonomy_name] );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+/**
+ * Special class for exposing protected wpdb methods we need to access
+ */
+class wpdb_exposed_methods_for_testing extends wpdb {
+ public function __construct() {
+ global $wpdb;
+ $this->dbh = $wpdb->dbh;
+ $this->ready = true;
+ $this->field_types = $wpdb->field_types;
+ $this->charset = $wpdb->charset;
+ }
+
+ public function __call( $name, $arguments ) {
+ return call_user_func_array( array( $this, $name ), $arguments );
+ }
+}
</ins></span></pre></div>
<a id="branches37testsphpunittestsdbcharsetphp"></a>
<div class="addfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Added: branches/3.7/tests/phpunit/tests/db/charset.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/3.7/tests/phpunit/tests/db/charset.php (rev 0)
+++ branches/3.7/tests/phpunit/tests/db/charset.php 2015-04-20 11:51:13 UTC (rev 32188)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -0,0 +1,525 @@
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+<?php
+
+require_once dirname( dirname( __FILE__ ) ) . '/db.php';
+
+/**
+ * Test WPDB methods
+ *
+ * @group wpdb
+ */
+class Tests_DB_Charset extends WP_UnitTestCase {
+
+ /**
+ * Our special WPDB
+ * @var resource
+ */
+ protected static $_wpdb;
+
+ public static function setUpBeforeClass() {
+ self::$_wpdb = new wpdb_exposed_methods_for_testing();
+ }
+
+ /**
+ * @ticket 21212
+ */
+ function data_strip_invalid_text() {
+ $fields = array(
+ 'latin1' => array(
+ // latin1. latin1 never changes.
+ 'charset' => 'latin1',
+ 'value' => "\xf0\x9f\x8e\xb7",
+ 'expected' => "\xf0\x9f\x8e\xb7"
+ ),
+ 'ascii' => array(
+ // ascii gets special treatment, make sure it's covered
+ 'charset' => 'ascii',
+ 'value' => 'Hello World',
+ 'expected' => 'Hello World'
+ ),
+ 'utf8' => array(
+ // utf8 only allows <= 3-byte chars
+ 'charset' => 'utf8',
+ 'value' => "H€llo\xf0\x9f\x98\x88World¢",
+ 'expected' => 'H€lloWorld¢'
+ ),
+ 'utf8mb3' => array(
+ // utf8mb3 should behave the same an utf8
+ 'charset' => 'utf8mb3',
+ 'value' => "H€llo\xf0\x9f\x98\x88World¢",
+ 'expected' => 'H€lloWorld¢'
+ ),
+ 'utf8mb4' => array(
+ // utf8mb4 allows 4-byte characters, too
+ 'charset' => 'utf8mb4',
+ 'value' => "H€llo\xf0\x9f\x98\x88World¢",
+ 'expected' => "H€llo\xf0\x9f\x98\x88World¢"
+ ),
+ 'koi8r' => array(
+ // koi8r is a character set that needs to be checked in MySQL
+ 'charset' => 'koi8r',
+ 'value' => "\xfdord\xf2ress",
+ 'expected' => "\xfdord\xf2ress",
+ 'db' => true
+ ),
+ 'hebrew' => array(
+ // hebrew needs to be checked in MySQL, too
+ 'charset' => 'hebrew',
+ 'value' => "\xf9ord\xf7ress",
+ 'expected' => "\xf9ord\xf7ress",
+ 'db' => true
+ ),
+ 'false' => array(
+ // false is a column with no character set (ie, a number column)
+ 'charset' => false,
+ 'value' => 100,
+ 'expected' => 100
+ ),
+ );
+
+ if ( function_exists( 'mb_convert_encoding' ) ) {
+ // big5 is a non-Unicode multibyte charset
+ $utf8 = "a\xe5\x85\xb1b"; // UTF-8 Character 20849
+ $big5 = mb_convert_encoding( $utf8, 'BIG-5', 'UTF-8' );
+ $conv_utf8 = mb_convert_encoding( $big5, 'UTF-8', 'BIG-5' );
+ // Make sure PHP's multibyte conversions are working correctly
+ $this->assertNotEquals( $utf8, $big5 );
+ $this->assertEquals( $utf8, $conv_utf8 );
+
+ $fields['big5'] = array(
+ 'charset' => 'big5',
+ 'value' => $big5,
+ 'expected' => $big5
+ );
+ }
+
+ // The data above is easy to edit. Now, prepare it for the data provider.
+ $data_provider = $multiple = $multiple_expected = array();
+ foreach ( $fields as $test_case => $field ) {
+ $expected = $field;
+ $expected['value'] = $expected['expected'];
+ unset( $expected['expected'], $field['expected'] );
+
+ // We're keeping track of these for our multiple-field test.
+ $multiple[] = $field;
+ $multiple_expected[] = $expected;
+
+ // strip_invalid_text() expects an array of fields. We're testing one field at a time.
+ $data = array( $field );
+ $expected = array( $expected );
+
+ // First argument is field data. Second is expected. Third is the message.
+ $data_provider[] = array( $data, $expected, $test_case );
+ }
+
+ // Time for our test of multiple fields at once.
+ $data_provider[] = array( $multiple, $multiple_expected, 'multiple fields/charsets' );
+
+ return $data_provider;
+ }
+
+ /**
+ * @dataProvider data_strip_invalid_text
+ * @ticket 21212
+ */
+ function test_strip_invalid_text( $data, $expected, $message ) {
+ $actual = self::$_wpdb->strip_invalid_text( $data );
+ $this->assertSame( $expected, $actual, $message );
+ }
+
+ /**
+ * @ticket 21212
+ */
+ function test_process_fields_failure() {
+ global $wpdb;
+
+ $charset = $wpdb->get_col_charset( $wpdb->posts, 'post_content' );
+ if ( 'utf8' !== $charset && 'utf8mb4' !== $charset ) {
+ $this->markTestSkipped( 'This test requires a utf8 character set' );
+ }
+
+ // \xf0\xff\xff\xff is invalid in utf8 and utf8mb4.
+ $data = array( 'post_content' => "H€llo\xf0\xff\xff\xffWorld¢" );
+ $this->assertFalse( self::$_wpdb->process_fields( $wpdb->posts, $data, null ) );
+ }
+
+ /**
+ * @ticket 21212
+ */
+ function data_process_field_charsets() {
+ if ( $GLOBALS['wpdb']->charset ) {
+ $charset = $GLOBALS['wpdb']->charset;
+ } else {
+ $charset = $GLOBALS['wpdb']->get_col_charset( $GLOBALS['wpdb']->posts, 'post_content' );
+ }
+
+ // 'value' and 'format' are $data, 'charset' ends up as part of $expected
+
+ $no_string_fields = array(
+ 'post_parent' => array( 'value' => 10, 'format' => '%d', 'charset' => false ),
+ 'comment_count' => array( 'value' => 0, 'format' => '%d', 'charset' => false ),
+ );
+
+ $all_ascii_fields = array(
+ 'post_content' => array( 'value' => 'foo foo foo!', 'format' => '%s', 'charset' => false ),
+ 'post_excerpt' => array( 'value' => 'bar bar bar!', 'format' => '%s', 'charset' => false ),
+ );
+
+ // This is the same data used in process_field_charsets_for_nonexistent_table()
+ $non_ascii_string_fields = array(
+ 'post_content' => array( 'value' => '¡foo foo foo!', 'format' => '%s', 'charset' => $charset, 'ascii' => false ),
+ 'post_excerpt' => array( 'value' => '¡bar bar bar!', 'format' => '%s', 'charset' => $charset, 'ascii' => false ),
+ );
+
+ $vars = get_defined_vars();
+ unset( $vars['charset'] );
+ foreach ( $vars as $var_name => $var ) {
+ $data = $expected = $var;
+ foreach ( $data as &$datum ) {
+ // 'charset' and 'ascii' are part of the expected return only.
+ unset( $datum['charset'], $datum['ascii'] );
+ }
+
+ $vars[ $var_name ] = array( $data, $expected, $var_name );
+ }
+
+ return array_values( $vars );
+ }
+
+ /**
+ * @dataProvider data_process_field_charsets
+ * @ticket 21212
+ */
+ function test_process_field_charsets( $data, $expected, $message ) {
+ $actual = self::$_wpdb->process_field_charsets( $data, $GLOBALS['wpdb']->posts );
+ $this->assertSame( $expected, $actual, $message );
+ }
+
+ /**
+ * The test this test depends on first verifies that this
+ * would normally work against the posts table.
+ *
+ * @ticket 21212
+ * @depends test_process_field_charsets
+ */
+ function test_process_field_charsets_on_nonexistent_table() {
+ $data = array( 'post_content' => array( 'value' => '¡foo foo foo!', 'format' => '%s' ) );
+ self::$_wpdb->suppress_errors( true );
+ $this->assertFalse( self::$_wpdb->process_field_charsets( $data, 'nonexistent_table' ) );
+ self::$_wpdb->suppress_errors( false );
+ }
+
+ /**
+ * @ticket 21212
+ */
+ function test_check_ascii() {
+ $ascii = "\0\t\n\r '" . '!"#$%&()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~';
+ $this->assertTrue( self::$_wpdb->check_ascii( $ascii ) );
+ }
+
+ /**
+ * @ticket 21212
+ */
+ function test_check_ascii_false() {
+ $this->assertFalse( self::$_wpdb->check_ascii( 'ABCDEFGHIJKLMNOPQRSTUVWXYZ¡©«' ) );
+ }
+
+ /**
+ * @ticket 21212
+ */
+ function test_strip_invalid_text_for_column() {
+ global $wpdb;
+
+ $charset = $wpdb->get_col_charset( $wpdb->posts, 'post_content' );
+ if ( 'utf8' !== $charset && 'utf8mb4' !== $charset ) {
+ $this->markTestSkipped( 'This test requires a utf8 character set' );
+ }
+
+ // Invalid 3-byte and 4-byte sequences
+ $value = "H€llo\xe0\x80\x80World\xf0\xff\xff\xff¢";
+ $expected = "H€lloWorld¢";
+ $actual = $wpdb->strip_invalid_text_for_column( $wpdb->posts, 'post_content', $value );
+ $this->assertEquals( $expected, $actual );
+ }
+
+ /**
+ * Set of table definitions for testing wpdb::get_table_charset and wpdb::get_column_charset
+ * @var array
+ */
+ protected $table_and_column_defs = array(
+ array(
+ 'definition' => '( a INT, b FLOAT )',
+ 'table_expected' => false,
+ 'column_expected' => array( 'a' => false, 'b' => false )
+ ),
+ array(
+ 'definition' => '( a VARCHAR(50) CHARACTER SET big5, b TEXT CHARACTER SET big5 )',
+ 'table_expected' => 'big5',
+ 'column_expected' => array( 'a' => 'big5', 'b' => 'big5' )
+ ),
+ array(
+ 'definition' => '( a VARCHAR(50) CHARACTER SET big5, b BINARY )',
+ 'table_expected' => 'binary',
+ 'column_expected' => array( 'a' => 'big5', 'b' => false )
+ ),
+ array(
+ 'definition' => '( a VARCHAR(50) CHARACTER SET latin1, b BLOB )',
+ 'table_expected' => 'binary',
+ 'column_expected' => array( 'a' => 'latin1', 'b' => false )
+ ),
+ array(
+ 'definition' => '( a VARCHAR(50) CHARACTER SET latin1, b TEXT CHARACTER SET koi8r )',
+ 'table_expected' => 'koi8r',
+ 'column_expected' => array( 'a' => 'latin1', 'b' => 'koi8r' )
+ ),
+ array(
+ 'definition' => '( a VARCHAR(50) CHARACTER SET utf8mb3, b TEXT CHARACTER SET utf8mb3 )',
+ 'table_expected' => 'utf8',
+ 'column_expected' => array( 'a' => 'utf8', 'b' => 'utf8' )
+ ),
+ array(
+ 'definition' => '( a VARCHAR(50) CHARACTER SET utf8, b TEXT CHARACTER SET utf8mb4 )',
+ 'table_expected' => 'utf8',
+ 'column_expected' => array( 'a' => 'utf8', 'b' => 'utf8mb4' )
+ ),
+ array(
+ 'definition' => '( a VARCHAR(50) CHARACTER SET big5, b TEXT CHARACTER SET koi8r )',
+ 'table_expected' => 'ascii',
+ 'column_expected' => array( 'a' => 'big5', 'b' => 'koi8r' )
+ ),
+ );
+
+ /**
+ * @ticket 21212
+ */
+ function data_test_get_table_charset() {
+ $table_name = 'test_get_table_charset';
+
+ $vars = array();
+ foreach( $this->table_and_column_defs as $value ) {
+ $this_table_name = $table_name . '_' . rand_str( 5 );
+ $drop = "DROP TABLE IF EXISTS $this_table_name";
+ $create = "CREATE TABLE $this_table_name {$value['definition']}";
+ $vars[] = array( $drop, $create, $this_table_name, $value['table_expected'] );
+ }
+
+ return $vars;
+ }
+
+ /**
+ * @dataProvider data_test_get_table_charset
+ * @ticket 21212
+ */
+ function test_get_table_charset( $drop, $create, $table, $expected_charset ) {
+ self::$_wpdb->query( $drop );
+
+ if ( ! self::$_wpdb->has_cap( 'utf8mb4' ) && preg_match( '/utf8mb[34]/i', $create ) ) {
+ $this->markTestSkipped( "This version of MySQL doesn't support utf8mb4." );
+ return;
+ }
+
+ self::$_wpdb->query( $create );
+
+ $charset = self::$_wpdb->get_table_charset( $table );
+ $this->assertEquals( $charset, $expected_charset );
+
+ $charset = self::$_wpdb->get_table_charset( strtoupper( $table ) );
+ $this->assertEquals( $charset, $expected_charset );
+
+ self::$_wpdb->query( $drop );
+ }
+
+ /**
+ * @ticket 21212
+ */
+ function data_test_get_column_charset() {
+ $table_name = 'test_get_column_charset';
+
+ $vars = array();
+ foreach( $this->table_and_column_defs as $value ) {
+ $this_table_name = $table_name . '_' . rand_str( 5 );
+ $drop = "DROP TABLE IF EXISTS $this_table_name";
+ $create = "CREATE TABLE $this_table_name {$value['definition']}";
+ $vars[] = array( $drop, $create, $this_table_name, $value['column_expected'] );
+ }
+
+ return $vars;
+ }
+
+ /**
+ * @dataProvider data_test_get_column_charset
+ * @ticket 21212
+ */
+ function test_get_column_charset( $drop, $create, $table, $expected_charset ) {
+ self::$_wpdb->query( $drop );
+
+ if ( ! self::$_wpdb->has_cap( 'utf8mb4' ) && preg_match( '/utf8mb[34]/i', $create ) ) {
+ $this->markTestSkipped( "This version of MySQL doesn't support utf8mb4." );
+ return;
+ }
+
+ self::$_wpdb->query( $create );
+
+ foreach ( $expected_charset as $column => $charset ) {
+ $this->assertEquals( $charset, self::$_wpdb->get_col_charset( $table, $column ) );
+ $this->assertEquals( $charset, self::$_wpdb->get_col_charset( strtoupper( $table ), strtoupper( $column ) ) );
+ }
+
+ self::$_wpdb->query( $drop );
+ }
+
+ /**
+ * @dataProvider data_test_get_column_charset
+ * @ticket 21212
+ */
+ function test_get_column_charset_non_mysql( $drop, $create, $table, $columns ) {
+ self::$_wpdb->query( $drop );
+
+ if ( ! self::$_wpdb->has_cap( 'utf8mb4' ) && preg_match( '/utf8mb[34]/i', $create ) ) {
+ $this->markTestSkipped( "This version of MySQL doesn't support utf8mb4." );
+ return;
+ }
+
+ self::$_wpdb->is_mysql = false;
+
+ self::$_wpdb->query( $create );
+
+ $columns = array_keys( $columns );
+ foreach ( $columns as $column => $charset ) {
+ $this->assertEquals( false, self::$_wpdb->get_col_charset( $table, $column ) );
+ }
+
+ self::$_wpdb->query( $drop );
+
+ self::$_wpdb->is_mysql = true;
+ }
+
+ /**
+ * @ticket 21212
+ */
+ function data_strip_invalid_text_from_query() {
+ $table_name = 'strip_invalid_text_from_query_table';
+ $data = array(
+ array(
+ // binary tables don't get stripped
+ "( a VARCHAR(50) CHARACTER SET utf8, b BINARY )", // create
+ "('foo\xf0\x9f\x98\x88bar', 'foo')", // query
+ "('foo\xf0\x9f\x98\x88bar', 'foo')" // expected result
+ ),
+ array(
+ // utf8/utf8mb4 tables default to utf8
+ "( a VARCHAR(50) CHARACTER SET utf8, b VARCHAR(50) CHARACTER SET utf8mb4 )",
+ "('foo\xf0\x9f\x98\x88bar', 'foo')",
+ "('foobar', 'foo')"
+ ),
+ );
+
+ foreach( $data as &$value ) {
+ $this_table_name = $table_name . '_' . rand_str( 5 );
+
+ $value[0] = "CREATE TABLE $this_table_name {$value[0]}";
+ $value[1] = "INSERT INTO $this_table_name VALUES {$value[1]}";
+ $value[2] = "INSERT INTO $this_table_name VALUES {$value[2]}";
+ $value[3] = "DROP TABLE IF EXISTS $this_table_name";
+ }
+ unset( $value );
+
+ return $data;
+ }
+
+ /**
+ * @dataProvider data_strip_invalid_text_from_query
+ * @ticket 21212
+ */
+ function test_strip_invalid_text_from_query( $create, $query, $expected, $drop ) {
+ self::$_wpdb->query( $drop );
+
+ if ( ! self::$_wpdb->has_cap( 'utf8mb4' ) && preg_match( '/utf8mb[34]/i', $create ) ) {
+ $this->markTestSkipped( "This version of MySQL doesn't support utf8mb4." );
+ return;
+ }
+
+ self::$_wpdb->query( $create );
+
+ $return = self::$_wpdb->strip_invalid_text_from_query( $query );
+ $this->assertEquals( $expected, $return );
+
+ self::$_wpdb->query( $drop );
+ }
+
+ /**
+ * @ticket 21212
+ */
+ function test_invalid_characters_in_query() {
+ global $wpdb;
+
+ $charset = $wpdb->get_col_charset( $wpdb->posts, 'post_content' );
+ if ( 'utf8' !== $charset && 'utf8mb4' !== $charset ) {
+ $this->markTestSkipped( 'This test requires a utf8 character set' );
+ }
+
+ $this->assertFalse( $wpdb->query( "INSERT INTO {$wpdb->posts} (post_content) VALUES ('foo\xf0\xff\xff\xffbar')" ) );
+ }
+
+ /**
+ * @ticket 21212
+ */
+ function data_table_collation_check() {
+ $table_name = 'table_collation_check';
+ $data = array(
+ array(
+ // utf8_bin tables don't need extra sanity checking.
+ "( a VARCHAR(50) COLLATE utf8_bin )", // create
+ true // expected result
+ ),
+ array(
+ // Neither do utf8_general_ci tables.
+ "( a VARCHAR(50) COLLATE utf8_general_ci )",
+ true
+ ),
+ array(
+ // utf8_unicode_ci tables do.
+ "( a VARCHAR(50) COLLATE utf8_unicode_ci )",
+ false
+ ),
+ array(
+ // utf8_bin tables don't need extra sanity checking,
+ // except for when they're not just utf8_bin.
+ "( a VARCHAR(50) COLLATE utf8_bin, b VARCHAR(50) COLLATE big5_chinese_ci )",
+ false
+ ),
+ array(
+ // utf8_bin tables don't need extra sanity checking
+ // when the other columns aren't strings.
+ "( a VARCHAR(50) COLLATE utf8_bin, b INT )",
+ true
+ ),
+ );
+
+ foreach( $data as &$value ) {
+ $this_table_name = $table_name . '_' . rand_str( 5 );
+
+ $value[0] = "CREATE TABLE $this_table_name {$value[0]}";
+ $value[2] = "SELECT * FROM $this_table_name";
+ $value[3] = "DROP TABLE IF EXISTS $this_table_name";
+ }
+ unset( $value );
+
+ return $data;
+ }
+
+
+ /**
+ * @dataProvider data_table_collation_check
+ * @ticket 21212
+ */
+ function test_table_collation_check( $create, $expected, $query, $drop ) {
+ self::$_wpdb->query( $drop );
+
+ self::$_wpdb->query( $create );
+
+ $return = self::$_wpdb->check_safe_collation( $query );
+ $this->assertEquals( $expected, $return );
+
+ self::$_wpdb->query( $drop );
+ }
+}
</ins><span class="cx" style="display: block; padding: 0 10px">Property changes on: branches/3.7/tests/phpunit/tests/db/charset.php
</span><span class="cx" style="display: block; padding: 0 10px">___________________________________________________________________
</span></span></pre></div>
<a id="svnexecutable"></a>
<div class="addfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Added: svn:executable</h4></div>
<ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+*
</ins><span class="cx" style="display: block; padding: 0 10px">\ No newline at end of property
</span><a id="branches37testsphpunittestsdbphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/3.7/tests/phpunit/tests/db.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/3.7/tests/phpunit/tests/db.php 2015-04-20 11:32:18 UTC (rev 32187)
+++ branches/3.7/tests/phpunit/tests/db.php 2015-04-20 11:51:13 UTC (rev 32188)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -14,6 +14,16 @@
</span><span class="cx" style="display: block; padding: 0 10px"> protected $_queries = array();
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Our special WPDB
+ * @var resource
+ */
+ protected static $_wpdb;
+
+ public static function setUpBeforeClass() {
+ self::$_wpdb = new wpdb_exposed_methods_for_testing();
+ }
+
+ /**
</ins><span class="cx" style="display: block; padding: 0 10px"> * Set up the test fixture
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function setUp() {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -26,8 +36,8 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * Tear down the test fixture
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function tearDown() {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ remove_filter( 'query', array( $this, 'query_filter' ) );
</ins><span class="cx" style="display: block; padding: 0 10px"> parent::tearDown();
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- remove_filter( 'query', array( $this, 'query_filter' ) );
</del><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -104,6 +114,21 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @ticket 21212
+ */
+ function test_wpdb_actually_protected_properties() {
+ global $wpdb;
+
+ $new_meta = "HAHA I HOPE THIS DOESN'T WORK";
+
+ $col_meta = $wpdb->col_meta;
+ $wpdb->col_meta = $new_meta;
+
+ $this->assertNotEquals( $col_meta, $new_meta );
+ $this->assertEquals( $col_meta, $wpdb->col_meta );
+ }
+
+ /**
</ins><span class="cx" style="display: block; padding: 0 10px"> * @ticket 18510
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function test_wpdb_nonexistent_properties() {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -126,4 +151,409 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $sql = $wpdb->prepare( "UPDATE test_table SET string_column = '%%f is a float, %%d is an int %d, %%s is a string', field = %s", 3, '4' );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertEquals( "UPDATE test_table SET string_column = '%f is a float, %d is an int 3, %s is a string', field = '4'", $sql );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ function test_db_version() {
+ global $wpdb;
+
+ $this->assertTrue( version_compare( $wpdb->db_version(), '5.0', '>=' ) );
+ }
+
+ function test_get_caller() {
+ global $wpdb;
+ $str = $wpdb->get_caller();
+ $calls = explode( ', ', $str );
+ $called = join( '->', array( __CLASS__, __FUNCTION__ ) );
+ $this->assertEquals( $called, end( $calls ) );
+ }
+
+ function test_has_cap() {
+ global $wpdb;
+ $this->assertTrue( $wpdb->has_cap( 'collation' ) );
+ $this->assertTrue( $wpdb->has_cap( 'group_concat' ) );
+ $this->assertTrue( $wpdb->has_cap( 'subqueries' ) );
+ $this->assertTrue( $wpdb->has_cap( 'COLLATION' ) );
+ $this->assertTrue( $wpdb->has_cap( 'GROUP_CONCAT' ) );
+ $this->assertTrue( $wpdb->has_cap( 'SUBQUERIES' ) );
+ $this->assertEquals(
+ version_compare( $wpdb->db_version(), '5.0.7', '>=' ),
+ $wpdb->has_cap( 'set_charset' )
+ );
+ $this->assertEquals(
+ version_compare( $wpdb->db_version(), '5.0.7', '>=' ),
+ $wpdb->has_cap( 'SET_CHARSET' )
+ );
+ }
+
+ /**
+ * @expectedDeprecated supports_collation
+ */
+ function test_supports_collation() {
+ global $wpdb;
+ $this->assertTrue( $wpdb->supports_collation() );
+ }
+
+ function test_check_database_version() {
+ global $wpdb;
+ $this->assertEmpty( $wpdb->check_database_version() );
+ }
+
+ /**
+ * @expectedException WPDieException
+ */
+ function test_bail() {
+ global $wpdb;
+ $wpdb->bail( 'Database is dead.' );
+ }
+
+ function test_timers() {
+ global $wpdb;
+
+ $wpdb->timer_start();
+ usleep( 5 );
+ $stop = $wpdb->timer_stop();
+
+ $this->assertNotEquals( $wpdb->time_start, $stop );
+ $this->assertGreaterThan( $stop, $wpdb->time_start );
+ }
+
+ function test_get_col_info() {
+ global $wpdb;
+
+ $wpdb->get_results( "SELECT ID FROM $wpdb->users" );
+
+ $this->assertEquals( array( 'ID' ), $wpdb->get_col_info() );
+ $this->assertEquals( array( $wpdb->users ), $wpdb->get_col_info( 'table' ) );
+ $this->assertEquals( $wpdb->users, $wpdb->get_col_info( 'table', 0 ) );
+ }
+
+ function test_query_and_delete() {
+ global $wpdb;
+ $rows = $wpdb->query( "INSERT INTO $wpdb->users (display_name) VALUES ('Walter Sobchak')" );
+ $this->assertEquals( 1, $rows );
+ $this->assertNotEmpty( $wpdb->insert_id );
+ $d_rows = $wpdb->delete( $wpdb->users, array( 'ID' => $wpdb->insert_id ) );
+ $this->assertEquals( 1, $d_rows );
+ }
+
+ function test_get_row() {
+ global $wpdb;
+ $rows = $wpdb->query( "INSERT INTO $wpdb->users (display_name) VALUES ('Walter Sobchak')" );
+ $this->assertEquals( 1, $rows );
+ $this->assertNotEmpty( $wpdb->insert_id );
+
+ $row = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->users WHERE ID = %d", $wpdb->insert_id ) );
+ $this->assertInternalType( 'object', $row );
+ $this->assertEquals( 'Walter Sobchak', $row->display_name );
+ }
+
+ function test_replace() {
+ global $wpdb;
+ $rows1 = $wpdb->insert( $wpdb->users, array( 'display_name' => 'Walter Sobchak' ) );
+ $this->assertEquals( 1, $rows1 );
+ $this->assertNotEmpty( $wpdb->insert_id );
+ $last = $wpdb->insert_id;
+
+ $rows2 = $wpdb->replace( $wpdb->users, array( 'ID' => $last, 'display_name' => 'Walter Replace Sobchak' ) );
+ $this->assertEquals( 2, $rows2 );
+ $this->assertNotEmpty( $wpdb->insert_id );
+
+ $this->assertEquals( $last, $wpdb->insert_id );
+
+ $row = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->users WHERE ID = %d", $last ) );
+ $this->assertEquals( 'Walter Replace Sobchak', $row->display_name );
+ }
+
+ /**
+ * wpdb::update() requires a WHERE condition.
+ *
+ * @ticket 26106
+ */
+ function test_empty_where_on_update() {
+ global $wpdb;
+ $suppress = $wpdb->suppress_errors( true );
+ $wpdb->update( $wpdb->posts, array( 'post_name' => 'burrito' ), array() );
+
+ $expected1 = "UPDATE `{$wpdb->posts}` SET `post_name` = 'burrito' WHERE ";
+ $this->assertNotEmpty( $wpdb->last_error );
+ $this->assertEquals( $expected1, $wpdb->last_query );
+
+ $wpdb->update( $wpdb->posts, array( 'post_name' => 'burrito' ), array( 'post_status' => 'taco' ) );
+
+ $expected2 = "UPDATE `{$wpdb->posts}` SET `post_name` = 'burrito' WHERE `post_status` = 'taco'";
+ $this->assertEmpty( $wpdb->last_error );
+ $this->assertEquals( $expected2, $wpdb->last_query );
+ $wpdb->suppress_errors( $suppress );
+ }
+
+ /**
+ * @ticket 21212
+ */
+ function data_get_table_from_query() {
+ $table = 'a_test_table_name';
+
+ $queries = array(
+ // Basic
+ "SELECT * FROM $table",
+ "SELECT * FROM `$table`",
+
+ "INSERT $table",
+ "INSERT IGNORE $table",
+ "INSERT IGNORE INTO $table",
+ "INSERT INTO $table",
+ "INSERT LOW_PRIORITY $table",
+ "INSERT DELAYED $table",
+ "INSERT HIGH_PRIORITY $table",
+ "INSERT LOW_PRIORITY IGNORE $table",
+ "INSERT LOW_PRIORITY INTO $table",
+ "INSERT LOW_PRIORITY IGNORE INTO $table",
+
+ "REPLACE $table",
+ "REPLACE INTO $table",
+ "REPLACE LOW_PRIORITY $table",
+ "REPLACE DELAYED $table",
+ "REPLACE LOW_PRIORITY INTO $table",
+
+ "UPDATE LOW_PRIORITY $table",
+ "UPDATE LOW_PRIORITY IGNORE $table",
+
+ "DELETE $table",
+ "DELETE IGNORE $table",
+ "DELETE IGNORE FROM $table",
+ "DELETE FROM $table",
+ "DELETE LOW_PRIORITY $table",
+ "DELETE QUICK $table",
+ "DELETE IGNORE $table",
+ "DELETE LOW_PRIORITY FROM $table",
+
+ // STATUS
+ "SHOW TABLE STATUS LIKE '$table'",
+ "SHOW TABLE STATUS WHERE NAME='$table'",
+
+ "SHOW TABLES LIKE '$table'",
+ "SHOW FULL TABLES LIKE '$table'",
+ "SHOW TABLES WHERE NAME='$table'",
+
+ // Extended
+ "EXPLAIN SELECT * FROM $table",
+ "EXPLAIN EXTENDED SELECT * FROM $table",
+ "EXPLAIN EXTENDED SELECT * FROM `$table`",
+
+ "DESCRIBE $table",
+ "DESC $table",
+ "EXPLAIN $table",
+ "HANDLER $table",
+
+ "LOCK TABLE $table",
+ "LOCK TABLES $table",
+ "UNLOCK TABLE $table",
+
+ "RENAME TABLE $table",
+ "OPTIMIZE TABLE $table",
+ "BACKUP TABLE $table",
+ "RESTORE TABLE $table",
+ "CHECK TABLE $table",
+ "CHECKSUM TABLE $table",
+ "ANALYZE TABLE $table",
+ "REPAIR TABLE $table",
+
+ "TRUNCATE $table",
+ "TRUNCATE TABLE $table",
+
+ "CREATE TABLE $table",
+ "CREATE TEMPORARY TABLE $table",
+ "CREATE TABLE IF NOT EXISTS $table",
+
+ "ALTER TABLE $table",
+ "ALTER IGNORE TABLE $table",
+
+ "DROP TABLE $table",
+ "DROP TABLE IF EXISTS $table",
+
+ "CREATE INDEX foo(bar(20)) ON $table",
+ "CREATE UNIQUE INDEX foo(bar(20)) ON $table",
+ "CREATE FULLTEXT INDEX foo(bar(20)) ON $table",
+ "CREATE SPATIAL INDEX foo(bar(20)) ON $table",
+
+ "DROP INDEX foo ON $table",
+
+ "LOAD DATA INFILE 'wp.txt' INTO TABLE $table",
+ "LOAD DATA LOW_PRIORITY INFILE 'wp.txt' INTO TABLE $table",
+ "LOAD DATA CONCURRENT INFILE 'wp.txt' INTO TABLE $table",
+ "LOAD DATA LOW_PRIORITY LOCAL INFILE 'wp.txt' INTO TABLE $table",
+ "LOAD DATA INFILE 'wp.txt' REPLACE INTO TABLE $table",
+ "LOAD DATA INFILE 'wp.txt' IGNORE INTO TABLE $table",
+
+ "GRANT ALL ON TABLE $table",
+ "REVOKE ALL ON TABLE $table",
+
+ "SHOW COLUMNS FROM $table",
+ "SHOW FULL COLUMNS FROM $table",
+ "SHOW CREATE TABLE $table",
+ "SHOW INDEX FROM $table",
+ );
+
+ foreach ( $queries as &$query ) {
+ $query = array( $query, $table );
+ }
+ return $queries;
+ }
+
+ /**
+ * @dataProvider data_get_table_from_query
+ * @ticket 21212
+ */
+ function test_get_table_from_query( $query, $table ) {
+ $this->assertEquals( $table, self::$_wpdb->get_table_from_query( $query ) );
+ }
+
+ function data_get_table_from_query_false() {
+ $table = 'a_test_table_name';
+ return array(
+ array( "LOL THIS ISN'T EVEN A QUERY $table" ),
+ );
+ }
+
+ /**
+ * @dataProvider data_get_table_from_query_false
+ * @ticket 21212
+ */
+ function test_get_table_from_query_false( $query ) {
+ $this->assertFalse( self::$_wpdb->get_table_from_query( $query ) );
+ }
+
+ /**
+ * @ticket 21212
+ */
+ function data_process_field_formats() {
+ $core_db_fields_no_format_specified = array(
+ array( 'post_content' => 'foo', 'post_parent' => 0 ),
+ null,
+ array(
+ 'post_content' => array( 'value' => 'foo', 'format' => '%s' ),
+ 'post_parent' => array( 'value' => 0, 'format' => '%d' ),
+ )
+ );
+
+ $core_db_fields_formats_specified = array(
+ array( 'post_content' => 'foo', 'post_parent' => 0 ),
+ array( '%d', '%s' ), // These override core field_types
+ array(
+ 'post_content' => array( 'value' => 'foo', 'format' => '%d' ),
+ 'post_parent' => array( 'value' => 0, 'format' => '%s' ),
+ )
+ );
+
+ $misc_fields_no_format_specified = array(
+ array( 'this_is_not_a_core_field' => 'foo', 'this_is_not_either' => 0 ),
+ null,
+ array(
+ 'this_is_not_a_core_field' => array( 'value' => 'foo', 'format' => '%s' ),
+ 'this_is_not_either' => array( 'value' => 0, 'format' => '%s' ),
+ )
+ );
+
+ $misc_fields_formats_specified = array(
+ array( 'this_is_not_a_core_field' => 0, 'this_is_not_either' => 1.2 ),
+ array( '%d', '%f' ),
+ array(
+ 'this_is_not_a_core_field' => array( 'value' => 0, 'format' => '%d' ),
+ 'this_is_not_either' => array( 'value' => 1.2, 'format' => '%f' ),
+ )
+ );
+
+ $misc_fields_insufficient_formats_specified = array(
+ array( 'this_is_not_a_core_field' => 0, 'this_is_not_either' => 's', 'nor_this' => 1 ),
+ array( '%d', '%s' ), // The first format is used for the third
+ array(
+ 'this_is_not_a_core_field' => array( 'value' => 0, 'format' => '%d' ),
+ 'this_is_not_either' => array( 'value' => 's', 'format' => '%s' ),
+ 'nor_this' => array( 'value' => 1, 'format' => '%d' ),
+ )
+ );
+
+ $vars = get_defined_vars();
+ // Push the variable name onto the end for assertSame $message
+ foreach ( $vars as $var_name => $var ) {
+ $vars[ $var_name ][] = $var_name;
+ }
+ return array_values( $vars );
+ }
+
+ /**
+ * @dataProvider data_process_field_formats
+ * @ticket 21212
+ */
+ function test_process_field_formats( $data, $format, $expected, $message ) {
+ $actual = self::$_wpdb->process_field_formats( $data, $format );
+ $this->assertSame( $expected, $actual, $message );
+ }
+
+ /**
+ * @ticket 21212
+ */
+ function test_process_fields() {
+ global $wpdb;
+
+ if ( $wpdb->charset ) {
+ $expected_charset = $wpdb->charset;
+ } else {
+ $expected_charset = $wpdb->get_col_charset( $wpdb->posts, 'post_content' );
+ }
+
+ if ( ! in_array( $expected_charset, array( 'utf8', 'utf8mb4', 'latin1' ) ) ) {
+ $this->markTestSkipped( "This test only works with utf8, utf8mb4 or latin1 character sets" );
+ }
+
+ $data = array( 'post_content' => '¡foo foo foo!' );
+ $expected = array(
+ 'post_content' => array(
+ 'value' => '¡foo foo foo!',
+ 'format' => '%s',
+ 'charset' => $expected_charset,
+ 'ascii' => false,
+ )
+ );
+
+ $this->assertSame( $expected, self::$_wpdb->process_fields( $wpdb->posts, $data, null ) );
+ }
+
+ /**
+ * @ticket 21212
+ * @depends test_process_fields
+ */
+ function test_process_fields_on_nonexistent_table( $data ) {
+ self::$_wpdb->suppress_errors( true );
+ $data = array( 'post_content' => '¡foo foo foo!' );
+ $this->assertFalse( self::$_wpdb->process_fields( 'nonexistent_table', $data, null ) );
+ self::$_wpdb->suppress_errors( false );
+ }
+
+ /**
+ * @ticket 21212
+ */
+ function test_pre_get_table_charset_filter() {
+ add_filter( 'pre_get_table_charset', array( $this, 'filter_pre_get_table_charset' ), 10, 2 );
+ $charset = self::$_wpdb->get_table_charset( 'some_table' );
+ remove_filter( 'pre_get_table_charset', array( $this, 'filter_pre_get_table_charset' ), 10 );
+
+ $this->assertEquals( $charset, 'fake_charset' );
+ }
+ function filter_pre_get_table_charset( $charset, $table ) {
+ return 'fake_charset';
+ }
+
+ /**
+ * @ticket 21212
+ */
+ function test_pre_get_col_charset_filter() {
+ add_filter( 'pre_get_col_charset', array( $this, 'filter_pre_get_col_charset' ), 10, 3 );
+ $charset = self::$_wpdb->get_col_charset( 'some_table', 'some_col' );
+ remove_filter( 'pre_get_col_charset', array( $this, 'filter_pre_get_col_charset' ), 10 );
+
+ $this->assertEquals( $charset, 'fake_col_charset' );
+ }
+ function filter_pre_get_col_charset( $charset, $table, $column ) {
+ return 'fake_col_charset';
+ }
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins></span></pre></div>
<a id="branches37testsphpunittestspostphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/3.7/tests/phpunit/tests/post.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/3.7/tests/phpunit/tests/post.php 2015-04-20 11:32:18 UTC (rev 32187)
+++ branches/3.7/tests/phpunit/tests/post.php 2015-04-20 11:51:13 UTC (rev 32188)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -879,4 +879,41 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $pages = get_pages( array( 'parent' => array( $page_id1, $page_id2 ) ) );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertEqualSets( array( $page_id2, $page_id3, $page_id4 ), wp_list_pluck( $pages, 'ID' ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ /**
+ * @ticket 21212
+ */
+ function test_utf8mb3_post_saves_with_emoji() {
+ global $wpdb;
+ $_wpdb = new wpdb_exposed_methods_for_testing();
+
+ if ( 'utf8' !== $_wpdb->get_col_charset( $wpdb->posts, 'post_title' ) ) {
+ $this->markTestSkipped( 'This test is only useful with the utf8 character set' );
+ }
+
+ require_once( ABSPATH . '/wp-admin/includes/post.php' );
+
+ $post_id = $this->factory->post->create();
+
+ $data = array(
+ 'post_ID' => $post_id,
+ 'post_title' => "foo\xf0\x9f\x98\x88bar",
+ 'post_content' => "foo\xf0\x9f\x98\x8ebaz",
+ 'post_excerpt' => "foo\xf0\x9f\x98\x90bat"
+ );
+
+ $expected = array(
+ 'post_title' => "foobar",
+ 'post_content' => "foobaz",
+ 'post_excerpt' => "foobat"
+ );
+
+ edit_post( $data );
+
+ $post = get_post( $post_id );
+
+ foreach( $expected as $field => $value ) {
+ $this->assertEquals( $post->$field, $value );
+ }
+ }
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre>
</div>
</div>
</body>
</html>