WPDB: When sanity checking query character sets, there's no need to check queries that don't return user data.

See #32104. git-svn-id: https://develop.svn.wordpress.org/trunk@32374 602fd350-edb4-49c9-b593-d223f7449a82
2015-05-06 06:04:50 +00:00 · 2015-05-06 06:04:50 +00:00 · ed53ad2c53
commit ed53ad2c53
parent 923c6c981b
2 changed files with 39 additions and 1 deletions
--- a/src/wp-includes/wp-db.php
+++ b/src/wp-includes/wp-db.php
@ -2531,7 +2531,7 @@ class wpdb {

 		// We don't need to check the collation for queries that don't read data.
 		$query = ltrim( $query, "\r\n\t (" );
-		if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN)\s/i', $query ) ) {
+		if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN|CREATE)\s/i', $query ) ) {
 			return true;
 		}

@ -2741,6 +2741,12 @@ class wpdb {
 	 * @return string|WP_Error The converted query, or a WP_Error object if the conversion fails.
 	 */
 	protected function strip_invalid_text_from_query( $query ) {
+		// We don't need to check the collation for queries that don't read data.
+		$trimmed_query = ltrim( $query, "\r\n\t (" );
+		if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN|CREATE)\s/i', $trimmed_query ) ) {
+			return $query;
+		}
+
 		$table = $this->get_table_from_query( $query );
 		if ( $table ) {
 			$charset = $this->get_table_charset( $table );
--- a/tests/phpunit/tests/db/charset.php
+++ b/tests/phpunit/tests/db/charset.php
@ -642,6 +642,38 @@ class Tests_DB_Charset extends WP_UnitTestCase {
 		self::$_wpdb->query( $drop );
 	}

+	/**
+	 * @ticket 32104
+	 */
+	function data_dont_strip_text_from_schema_queries() {
+		// An obviously invalid and fake table name.
+		$table_name = "\xff\xff\xff\xff";
+
+		$queries = array(
+			"SHOW CREATE TABLE $table_name",
+			"DESCRIBE $table_name",
+			"DESC $table_name",
+			"EXPLAIN SELECT * FROM $table_name",
+			"CREATE $table_name( a VARCHAR(100))",
+		);
+
+		foreach ( $queries as &$query ) {
+			$query = array( $query );
+		}
+		unset( $query );
+
+		return $queries;
+	}
+
+	/**
+	 * @dataProvider data_dont_strip_text_from_schema_queries
+	 * @ticket 32104
+	 */
+	function test_dont_strip_text_from_schema_queries( $query ) {
+		$return = self::$_wpdb->strip_invalid_text_from_query( $query );
+		$this->assertEquals( $query, $return );
+	}
+
 	/**
 	 * @ticket 21212
 	 */