From cabcace53cc12fc423e00528f1ef3528217f1d56 Mon Sep 17 00:00:00 2001 From: Gary Pendergast Date: Thu, 20 Nov 2014 01:45:10 +0000 Subject: [PATCH] WPDB: Force `STRICT_ALL_TABLES` to be enabled as soon as we connect to the MySQL server. This improves data integrity when inserting and updating rows in the database, particularly when trying to insert emoji into posts stored with character sets that don't support emoji. See #21212. git-svn-id: https://develop.svn.wordpress.org/trunk@30400 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/wp-db.php | 71 +++++++++-------- tests/phpunit/tests/db.php | 159 +++++++++++++++++++++++++++++++++++-- 2 files changed, 187 insertions(+), 43 deletions(-) diff --git a/src/wp-includes/wp-db.php b/src/wp-includes/wp-db.php index 924ea5dcc0..0948a84b21 100644 --- a/src/wp-includes/wp-db.php +++ b/src/wp-includes/wp-db.php @@ -566,8 +566,16 @@ class wpdb { * @access protected * @var array */ - protected $incompatible_modes = array( 'NO_ZERO_DATE', 'ONLY_FULL_GROUP_BY', - 'STRICT_TRANS_TABLES', 'STRICT_ALL_TABLES', 'TRADITIONAL' ); + protected $incompatible_modes = array( 'NO_ZERO_DATE', 'ONLY_FULL_GROUP_BY', 'TRADITIONAL' ); + + /** + * A list of required SQL modes. + * + * @since 4.1.0 + * @access protected + * @var array + */ + protected $required_modes = array( 'STRICT_ALL_TABLES' ); /** * Whether to use mysqli over mysql. @@ -778,31 +786,12 @@ class wpdb { */ public function set_sql_mode( $modes = array() ) { if ( empty( $modes ) ) { - if ( $this->use_mysqli ) { - $res = mysqli_query( $this->dbh, 'SELECT @@SESSION.sql_mode' ); + $modes = $this->get_var( "SELECT @@SESSION.sql_mode" ); + if ( $modes ) { + $modes = $original_modes = explode( ',', $modes ); } else { - $res = mysql_query( 'SELECT @@SESSION.sql_mode', $this->dbh ); + $modes = $original_modes = array(); } - - if ( empty( $res ) ) { - return; - } - - if ( $this->use_mysqli ) { - $modes_array = mysqli_fetch_array( $res ); - if ( empty( $modes_array[0] ) ) { - return; - } - $modes_str = $modes_array[0]; - } else { - $modes_str = mysql_result( $res, 0 ); - } - - if ( empty( $modes_str ) ) { - return; - } - - $modes = explode( ',', $modes_str ); } $modes = array_change_key_case( $modes, CASE_UPPER ); @@ -812,24 +801,36 @@ class wpdb { * * @since 3.9.0 * - * @see wpdb::$incompatible_modes - * * @param array $incompatible_modes An array of incompatible modes. */ $incompatible_modes = (array) apply_filters( 'incompatible_sql_modes', $this->incompatible_modes ); - foreach( $modes as $i => $mode ) { - if ( in_array( $mode, $incompatible_modes ) ) { - unset( $modes[ $i ] ); + /** + * Filter the list of required SQL modes to include. + * + * @since 4.1.0 + * + * @param array $required_modes An array of required modes. + */ + $required_modes = (array) apply_filters( 'required_sql_modes', $this->required_modes ); + + $modes = array_diff( $modes, $incompatible_modes ); + $modes = array_unique( array_merge( $modes, $required_modes ) ); + + // Don't run SET SESSION if we have nothing to change. + if ( isset( $original_modes ) ) { + sort( $original_modes ); + sort( $modes ); + if ( $original_modes === $modes ) { + return; } } $modes_str = implode( ',', $modes ); - if ( $this->use_mysqli ) { - mysqli_query( $this->dbh, "SET SESSION sql_mode='$modes_str'" ); - } else { - mysql_query( "SET SESSION sql_mode='$modes_str'", $this->dbh ); + $this->query( "SET SESSION sql_mode='$modes_str'" ); + if ( $this->last_error ) { + dead_db(); } } @@ -1482,8 +1483,8 @@ class wpdb { } else if ( $this->dbh ) { $this->has_connected = true; $this->set_charset( $this->dbh ); - $this->set_sql_mode(); $this->ready = true; + $this->set_sql_mode(); $this->select( $this->dbname, $this->dbh ); return true; diff --git a/tests/phpunit/tests/db.php b/tests/phpunit/tests/db.php index 757fe9127b..8df0cd9b78 100644 --- a/tests/phpunit/tests/db.php +++ b/tests/phpunit/tests/db.php @@ -276,15 +276,18 @@ class Tests_DB extends WP_UnitTestCase { * Test that SQL modes are set correctly * @ticket 26847 */ - public function test_set_sql_mode() { + function test_set_sql_mode() { global $wpdb; $current_modes = $wpdb->get_var( 'SELECT @@SESSION.sql_mode;' ); - $new_modes = array( 'IGNORE_SPACE', 'NO_AUTO_CREATE_USER' ); + $new_modes = $expected_modes = array( 'IGNORE_SPACE', 'NO_AUTO_CREATE_USER' ); + $expected_modes[] = 'STRICT_ALL_TABLES'; + $wpdb->set_sql_mode( $new_modes ); + $check_new_modes = $wpdb->get_var( 'SELECT @@SESSION.sql_mode;' ); - $this->assertEquals( implode( ',', $new_modes ), $check_new_modes ); + $this->assertEqualSets( $expected_modes, explode( ',', $check_new_modes ) ); $wpdb->set_sql_mode( explode( ',', $current_modes ) ); } @@ -293,7 +296,7 @@ class Tests_DB extends WP_UnitTestCase { * Test that incompatible SQL modes are blocked * @ticket 26847 */ - public function test_set_incompatible_sql_mode() { + function test_set_incompatible_sql_mode() { global $wpdb; $current_modes = $wpdb->get_var( 'SELECT @@SESSION.sql_mode;' ); @@ -301,7 +304,7 @@ class Tests_DB extends WP_UnitTestCase { $new_modes = array( 'IGNORE_SPACE', 'NO_ZERO_DATE', 'NO_AUTO_CREATE_USER' ); $wpdb->set_sql_mode( $new_modes ); $check_new_modes = $wpdb->get_var( 'SELECT @@SESSION.sql_mode;' ); - $this->assertFalse( in_array( 'NO_ZERO_DATE', explode( ',', $check_new_modes ) ) ); + $this->assertNotContains( 'NO_ZERO_DATE', explode( ',', $check_new_modes ) ); $wpdb->set_sql_mode( explode( ',', $current_modes ) ); } @@ -310,7 +313,7 @@ class Tests_DB extends WP_UnitTestCase { * Test that incompatible SQL modes can be changed * @ticket 26847 */ - public function test_set_allowed_incompatible_sql_mode() { + function test_set_allowed_incompatible_sql_mode() { global $wpdb; $current_modes = $wpdb->get_var( 'SELECT @@SESSION.sql_mode;' ); @@ -322,7 +325,7 @@ class Tests_DB extends WP_UnitTestCase { remove_filter( 'incompatible_sql_modes', array( $this, 'filter_allowed_incompatible_sql_mode' ), 1 ); $check_new_modes = $wpdb->get_var( 'SELECT @@SESSION.sql_mode;' ); - $this->assertTrue( in_array( 'NO_ZERO_DATE', explode( ',', $check_new_modes ) ) ); + $this->assertContains( 'NO_ZERO_DATE', explode( ',', $check_new_modes ) ); $wpdb->set_sql_mode( explode( ',', $current_modes ) ); } @@ -339,6 +342,146 @@ class Tests_DB extends WP_UnitTestCase { return $modes; } + /** + * @ticket 21212 + */ + function test_set_sql_mode_strict() { + global $wpdb; + $wpdb->set_sql_mode(); + $sql_modes = $wpdb->get_var( 'SELECT @@SESSION.sql_mode;' ); + $this->assertContains( 'STRICT_ALL_TABLES', explode( ',', $sql_modes ) ); + } + + /** + * @ticket 21212 + */ + function test_strict_mode_numeric_strings() { + global $wpdb; + $post_id = $this->factory->post->create(); + $wpdb->update( $wpdb->posts, array( 'post_parent' => 4 ), array( 'ID' => $post_id ), array( '%s' ) ); + $this->assertContains( "`post_parent` = '4'", $wpdb->last_query ); + $this->assertEmpty( $wpdb->last_error ); + } + + /** + * @ticket 21212 + */ + function test_strict_mode_numeric_strings_using_query() { + global $wpdb; + $post_id = $this->factory->post->create(); + $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_parent = %s WHERE ID = %s", '4', $post_id ) ); + $this->assertEmpty( $wpdb->last_error ); + } + + /** + * @ticket 21212 + */ + function test_strict_mode_nan() { + global $wpdb; + $post_id = $this->factory->post->create(); + $suppress = $wpdb->suppress_errors( true ); + $wpdb->update( $wpdb->posts, array( 'post_parent' => 'foo' ), array( 'ID' => $post_id ), array( '%s' ) ); + $this->assertContains( "`post_parent` = 'foo'", $wpdb->last_query ); + $this->assertContains( 'Incorrect integer value', $wpdb->last_error ); + $wpdb->suppress_errors( $suppress ); + } + + /** + * @ticket 21212 + */ + function test_strict_mode_nan_using_query() { + global $wpdb; + $post_id = $this->factory->post->create(); + $suppress = $wpdb->suppress_errors( true ); + $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_parent = %s WHERE ID = %s", 'foo', $post_id ) ); + $this->assertContains( 'Incorrect integer value', $wpdb->last_error ); + $wpdb->suppress_errors( $suppress ); + } + + /** + * @ticket 21212 + */ + function test_strict_mode_number_start_of_string() { + global $wpdb; + $post_id = $this->factory->post->create(); + $suppress = $wpdb->suppress_errors( true ); + $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_parent = %s WHERE ID = %s", '4foo', $post_id ) ); + $this->assertContains( "Data truncated for column 'post_parent'", $wpdb->last_error ); + $wpdb->suppress_errors( $suppress ); + } + + /** + * @ticket 21212 + */ + function test_strict_mode_booleans_true() { + global $wpdb; + $user_id = $this->factory->user->create(); + $wpdb->query( "UPDATE $wpdb->users SET user_status = true WHERE ID = $user_id" ); + $this->assertEmpty( $wpdb->last_error ); + $user = get_userdata( $user_id ); + $this->assertSame( '1', $user->user_status ); + } + + /** + * @ticket 21212 + */ + function test_strict_mode_booleans_false() { + global $wpdb; + $user_id = $this->factory->user->create(); + $wpdb->query( "UPDATE $wpdb->users SET user_status = false WHERE ID = $user_id" ); + $this->assertEmpty( $wpdb->last_error ); + $user = get_userdata( $user_id ); + $this->assertEquals( '0', $user->user_status ); + } + + /** + * @ticket 21212 + */ + function test_strict_mode_zero_date_is_valid() { + global $wpdb; + $user_id = $this->factory->user->create(); + $wpdb->query( "UPDATE $wpdb->users SET user_registered = '0000-00-00' WHERE ID = $user_id" ); + $this->assertEmpty( $wpdb->last_error ); + $user = get_userdata( $user_id ); + $this->assertEquals( '0000-00-00 00:00:00', $user->user_registered ); + } + + /** + * @ticket 21212 + */ + function test_strict_mode_zero_datetime_is_valid() { + global $wpdb; + $user_id = $this->factory->user->create(); + $wpdb->query( "UPDATE $wpdb->users SET user_registered = '0000-00-00 00:00:00' WHERE ID = $user_id" ); + $this->assertEmpty( $wpdb->last_error ); + $user = get_userdata( $user_id ); + $this->assertEquals( '0000-00-00 00:00:00', $user->user_registered ); + } + + /** + * @ticket 21212 + */ + function test_strict_mode_invalid_dates_are_invalid() { + global $wpdb; + $user_id = $this->factory->user->create(); + $suppress = $wpdb->suppress_errors( true ); + $wpdb->query( "UPDATE $wpdb->users SET user_registered = '2014-02-29 00:00:00' WHERE ID = $user_id" ); + $this->assertContains( 'Incorrect datetime value', $wpdb->last_error ); + $wpdb->suppress_errors( $suppress ); + } + + /** + * @ticket 21212 + */ + function test_strict_mode_nulls_are_invalid() { + global $wpdb; + $user_id = $this->factory->user->create(); + $suppress = $wpdb->suppress_errors( true ); + $wpdb->query( "UPDATE $wpdb->users SET user_nicename = NULL WHERE ID = $user_id" ); + $this->assertContains( 'cannot be null', $wpdb->last_error ); + $wpdb->suppress_errors( $suppress ); + } + /** * @ticket 25604 * @expectedIncorrectUsage wpdb::prepare @@ -766,7 +909,7 @@ class Tests_DB extends WP_UnitTestCase { } /** - * @ ticket 21212 + * @ticket 21212 */ function test_pre_get_col_charset_filter() { add_filter( 'pre_get_col_charset', array( $this, 'filter_pre_get_col_charset' ), 10, 3 );