From 365241878f946a56fd07699eff0bff5add644e1d Mon Sep 17 00:00:00 2001 From: Gary Pendergast Date: Thu, 17 Nov 2016 04:20:22 +0000 Subject: [PATCH] Database: Add support for `LIKE`-escaped tables in `::get_table_from_query()`. The `SHOW TABLES LIKE` query can be used to search for tables that match a pattern, `wp\_123\_%`, for example. While this isn't the name of an actual table, the `wp_123_` prefix can be used by database drop-ins to direct the query correctly. This change removes the escaping and `%` modifier, to provide this usable prefix. Props andy, pento. Fixes #38751. git-svn-id: https://develop.svn.wordpress.org/trunk@39275 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/wp-db.php | 18 ++++++++++++------ tests/phpunit/tests/db.php | 35 +++++++++++++++++++++++++++-------- 2 files changed, 39 insertions(+), 14 deletions(-) diff --git a/src/wp-includes/wp-db.php b/src/wp-includes/wp-db.php index 8bfd9f5bfd..84dc482a55 100644 --- a/src/wp-includes/wp-db.php +++ b/src/wp-includes/wp-db.php @@ -3037,12 +3037,18 @@ class wpdb { return str_replace( '`', '', $maybe[1] ); } - // SHOW TABLE STATUS and SHOW TABLES - if ( preg_match( '/^\s*(?:' - . 'SHOW\s+TABLE\s+STATUS.+(?:LIKE\s+|WHERE\s+Name\s*=\s*)' - . '|SHOW\s+(?:FULL\s+)?TABLES.+(?:LIKE\s+|WHERE\s+Name\s*=\s*)' - . ')\W((?:[0-9a-zA-Z$_.`-]|[\xC2-\xDF][\x80-\xBF])+)\W/is', $query, $maybe ) ) { - return str_replace( '`', '', $maybe[1] ); + // SHOW TABLE STATUS and SHOW TABLES WHERE Name = 'wp_posts' + if ( preg_match( '/^\s*SHOW\s+(?:TABLE\s+STATUS|(?:FULL\s+)?TABLES).+WHERE\s+Name\s*=\s*("|\')((?:[0-9a-zA-Z$_.-]|[\xC2-\xDF][\x80-\xBF])+)\\1/is', $query, $maybe ) ) { + return $maybe[2]; + } + + // SHOW TABLE STATUS LIKE and SHOW TABLES LIKE 'wp\_123\_%' + // This quoted LIKE operand seldom holds a full table name. + // It is usually a pattern for matching a prefix so we just + // strip the trailing % and unescape the _ to get 'wp_123_' + // which drop-ins can use for routing these SQL statements. + if ( preg_match( '/^\s*SHOW\s+(?:TABLE\s+STATUS|(?:FULL\s+)?TABLES)\s+(?:WHERE\s+Name\s+)?LIKE\s*("|\')((?:[\\\\0-9a-zA-Z$_.-]|[\xC2-\xDF][\x80-\xBF])+)%?\\1/is', $query, $maybe ) ) { + return str_replace( '\\_', '_', $maybe[2] ); } // Big pattern for the rest of the table-related queries. diff --git a/tests/phpunit/tests/db.php b/tests/phpunit/tests/db.php index 0710965367..beac5f2e89 100644 --- a/tests/phpunit/tests/db.php +++ b/tests/phpunit/tests/db.php @@ -565,14 +565,6 @@ class Tests_DB extends WP_UnitTestCase { "DELETE a FROM $table a", "DELETE `a` FROM $table a", - // STATUS - "SHOW TABLE STATUS LIKE '$table'", - "SHOW TABLE STATUS WHERE NAME='$table'", - - "SHOW TABLES LIKE '$table'", - "SHOW FULL TABLES LIKE '$table'", - "SHOW TABLES WHERE NAME='$table'", - // Extended "EXPLAIN SELECT * FROM $table", "EXPLAIN EXTENDED SELECT * FROM $table", @@ -670,6 +662,33 @@ class Tests_DB extends WP_UnitTestCase { $this->assertFalse( self::$_wpdb->get_table_from_query( $query ) ); } + /** + * @ticket 38751 + */ + function data_get_escaped_table_from_show_query() { + return array( + // Equality + array( "SHOW TABLE STATUS WHERE Name = 'test_name'", 'test_name' ), + array( "SHOW TABLE STATUS WHERE NAME=\"test_name\"", 'test_name' ), + array( "SHOW TABLES WHERE Name = \"test_name\"", 'test_name' ), + array( "SHOW FULL TABLES WHERE Name='test_name'", 'test_name' ), + + // LIKE + array( "SHOW TABLE STATUS LIKE 'test\_prefix\_%'", 'test_prefix_' ), + array( "SHOW TABLE STATUS LIKE \"test\_prefix\_%\"", 'test_prefix_' ), + array( "SHOW TABLES LIKE 'test\_prefix\_%'", 'test_prefix_' ), + array( "SHOW FULL TABLES LIKE \"test\_prefix\_%\"", 'test_prefix_' ), + ); + } + + /** + * @dataProvider data_get_escaped_table_from_show_query + * @ticket 38751 + */ + function test_get_escaped_table_from_show_query( $query, $table ) { + $this->assertEquals( $table, self::$_wpdb->get_table_from_query( $query ) ); + } + /** * @ticket 21212 */