- WPDB: Sanity check that any strings being stored in the DB are not too long to store correctly.
- When upgrading, remove any suspicious comments.

Built from https://develop.svn.wordpress.org/branches/3.9@32316


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Michael Adams 2015-04-27 18:30:15 +00:00
parent ad0a3701d4
commit 10be03b2d7
5 changed files with 152 additions and 3 deletions

View File

@ -9,7 +9,7 @@
<body> <body>
<h1 id="logo"> <h1 id="logo">
<a href="https://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /></a> <a href="https://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /></a>
<br /> Version 3.9.5 <br /> Version 3.9.6
</h1> </h1>
<p style="text-align: center">Semantic Personal Publishing Platform</p> <p style="text-align: center">Semantic Personal Publishing Platform</p>

View File

@ -39,7 +39,11 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
</h2> </h2>
<div class="changelog point-releases"> <div class="changelog point-releases">
<h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 5 ); ?></h3> <h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 6 ); ?></h3>
<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
'<strong>Version %1$s</strong> addressed some security issues.', 1 ), '3.9.6' ); ?>
<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_3.9.6' ); ?>
</p>
<p><?php printf( _n( '<strong>Version %1$s</strong> addressed %2$s bug.', <p><?php printf( _n( '<strong>Version %1$s</strong> addressed %2$s bug.',
'<strong>Version %1$s</strong> addressed %2$s bugs.', 1 ), '3.9.5', number_format_i18n( 1 ) ); ?> '<strong>Version %1$s</strong> addressed %2$s bugs.', 1 ), '3.9.5', number_format_i18n( 1 ) ); ?>
<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.9.5' ); ?> <?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.9.5' ); ?>

View File

@ -430,6 +430,9 @@ function upgrade_all() {
if ( $wp_current_db_version < 26691 ) if ( $wp_current_db_version < 26691 )
upgrade_380(); upgrade_380();
if ( $wp_current_db_version < 27917 )
upgrade_396();
maybe_disable_link_manager(); maybe_disable_link_manager();
maybe_disable_automattic_widgets(); maybe_disable_automattic_widgets();
@ -1270,6 +1273,34 @@ function upgrade_380() {
deactivate_plugins( array( 'mp6/mp6.php' ), true ); deactivate_plugins( array( 'mp6/mp6.php' ), true );
} }
} }
/**
* Execute changes made in WordPress 3.9.6.
*
* @since 3.9.6
*/
function upgrade_396() {
global $wp_current_db_version, $wpdb;
if ( $wp_current_db_version < 27917 ) {
$content_length = $wpdb->get_col_length( $wpdb->comments, 'comment_content' );
if ( ! $content_length ) {
$content_length = 65535;
}
$comments = $wpdb->get_results(
"SELECT comment_ID FROM $wpdb->comments
WHERE comment_date_gmt > '2015-04-26'
AND CHAR_LENGTH( comment_content ) >= $content_length
AND ( comment_content LIKE '%<%' OR comment_content LIKE '%>%' )"
);
foreach ( $comments as $comment ) {
wp_delete_comment( $comment->comment_ID, true );
}
}
}
/** /**
* Execute network level changes * Execute network level changes
* *

View File

@ -11,7 +11,7 @@ $wp_version = '3.9.6';
* *
* @global int $wp_db_version * @global int $wp_db_version
*/ */
$wp_db_version = 27916; $wp_db_version = 27917;
/** /**
* Holds the TinyMCE version * Holds the TinyMCE version

View File

@ -1893,11 +1893,20 @@ class wpdb {
*/ */
protected function process_fields( $table, $data, $format ) { protected function process_fields( $table, $data, $format ) {
$data = $this->process_field_formats( $data, $format ); $data = $this->process_field_formats( $data, $format );
if ( false === $data ) {
return false;
}
$data = $this->process_field_charsets( $data, $table ); $data = $this->process_field_charsets( $data, $table );
if ( false === $data ) { if ( false === $data ) {
return false; return false;
} }
$data = $this->process_field_lengths( $data, $table );
if ( false === $data ) {
return false;
}
$converted_data = $this->strip_invalid_text( $data ); $converted_data = $this->strip_invalid_text( $data );
if ( $data !== $converted_data ) { if ( $data !== $converted_data ) {
@ -1978,6 +1987,40 @@ class wpdb {
return $data; return $data;
} }
/**
* For string fields, record the maximum string length that field can safely save.
*
* @since 4.2.1
* @access protected
*
* @param array $data As it comes from the wpdb::process_field_charsets() method.
* @param string $table Table name.
* @return array|False The same array as $data with additional 'length' keys, or false if
* any of the values were too long for their corresponding field.
*/
protected function process_field_lengths( $data, $table ) {
foreach ( $data as $field => $value ) {
if ( '%d' === $value['format'] || '%f' === $value['format'] ) {
// We can skip this field if we know it isn't a string.
// This checks %d/%f versus ! %s because it's sprintf() could take more.
$value['length'] = false;
} else {
$value['length'] = $this->get_col_length( $table, $field );
if ( is_wp_error( $value['length'] ) ) {
return false;
}
}
if ( false !== $value['length'] && strlen( $value['value'] ) > $value['length'] ) {
return false;
}
$data[ $field ] = $value;
}
return $data;
}
/** /**
* Retrieve one variable from the database. * Retrieve one variable from the database.
* *
@ -2298,6 +2341,77 @@ class wpdb {
return $charset; return $charset;
} }
/**
* Retrieve the maximum string length allowed in a given column.
*
* @since 4.2.1
* @access public
*
* @param string $table Table name.
* @param string $column Column name.
* @return mixed Max column length as an int. False if the column has no
* length. WP_Error object if there was an error.
*/
public function get_col_length( $table, $column ) {
$tablekey = strtolower( $table );
$columnkey = strtolower( $column );
// Skip this entirely if this isn't a MySQL database.
if ( false === $this->is_mysql ) {
return false;
}
if ( empty( $this->col_meta[ $tablekey ] ) ) {
// This primes column information for us.
$table_charset = $this->get_table_charset( $table );
if ( is_wp_error( $table_charset ) ) {
return $table_charset;
}
}
if ( empty( $this->col_meta[ $tablekey ][ $columnkey ] ) ) {
return false;
}
$typeinfo = explode( '(', $this->col_meta[ $tablekey ][ $columnkey ]->Type );
$type = strtolower( $typeinfo[0] );
if ( ! empty( $typeinfo[1] ) ) {
$length = trim( $typeinfo[1], ')' );
} else {
$length = false;
}
switch( $type ) {
case 'binary':
case 'char':
case 'varbinary':
case 'varchar':
return $length;
break;
case 'tinyblob':
case 'tinytext':
return 255; // 2^8 - 1
break;
case 'blob':
case 'text':
return 65535; // 2^16 - 1
break;
case 'mediumblob':
case 'mediumtext':
return 16777215; // 2^24 - 1
break;
case 'longblob':
case 'longtext':
return 4294967295; // 2^32 - 1
break;
default:
return false;
}
return false;
}
/** /**
* Check if a string is ASCII. * Check if a string is ASCII.
* *