[wp-trac] [WordPress Trac] #38751: WPDB: get_table_from_query leaves SHOW results LIKE-escaped

WordPress Trac noreply at wordpress.org
Thu Nov 10 22:03:37 UTC 2016


#38751: WPDB: get_table_from_query leaves SHOW results LIKE-escaped
--------------------------+-----------------------------
 Reporter:  andy          |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Database      |    Version:  trunk
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 Consider the statement `SHOW TABLES LIKE 'wp_123_%'`. The percent symbol
 is an unbounded wildcard. What might be less obvious is that the
 underscore is a wildcard matching one character. So this statement matches
 `wp_123_posts` as well as `wp_1234_posts`, `wp_1234`. The underscores in
 that `LIKE` string should be escaped.

 The correct pattern is `SHOW TABLES LIKE 'wp\_123\_%'`.

 However, all `wpdb::get_table_from_query()` gets from that statement is
 `'wp'` since its subpattern stops matching at the first backslash. From
 the unescaped version it gets `'wp_123_'` which is more useful. In fact,
 the latter is what hyperdb has always used to correctly map the table to a
 server when such a query was encountered. The liability of this workaround
 is that unwanted tables might be included in the results, as shown above.

 To be more useful, `wpdb::get_table_from_query()` should unescape
 underscores when the match is being used with `LIKE`.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/38751>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list