[wp-trac] [WordPress Trac] #38751: WPDB: get_table_from_query leaves SHOW results LIKE-escaped
WordPress Trac
noreply at wordpress.org
Thu Nov 10 22:03:37 UTC 2016
#38751: WPDB: get_table_from_query leaves SHOW results LIKE-escaped
--------------------------+-----------------------------
Reporter: andy | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Database | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Consider the statement `SHOW TABLES LIKE 'wp_123_%'`. The percent symbol
is an unbounded wildcard. What might be less obvious is that the
underscore is a wildcard matching one character. So this statement matches
`wp_123_posts` as well as `wp_1234_posts`, `wp_1234`. The underscores in
that `LIKE` string should be escaped.
The correct pattern is `SHOW TABLES LIKE 'wp\_123\_%'`.
However, all `wpdb::get_table_from_query()` gets from that statement is
`'wp'` since its subpattern stops matching at the first backslash. From
the unescaped version it gets `'wp_123_'` which is more useful. In fact,
the latter is what hyperdb has always used to correctly map the table to a
server when such a query was encountered. The liability of this workaround
is that unwanted tables might be included in the results, as shown above.
To be more useful, `wpdb::get_table_from_query()` should unescape
underscores when the match is being used with `LIKE`.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38751>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list