From c24c5923c3cfb4df978a5594297edaee1a7c3c13 Mon Sep 17 00:00:00 2001 From: Gary Pendergast Date: Wed, 6 May 2015 06:05:26 +0000 Subject: [PATCH] WPDB: When sanity checking query character sets, there's no need to check queries that don't return user data. See #32104. Built from https://develop.svn.wordpress.org/trunk@32374 git-svn-id: http://core.svn.wordpress.org/trunk@32344 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/version.php | 2 +- wp-includes/wp-db.php | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/wp-includes/version.php b/wp-includes/version.php index 85d74d90e0..9212781ef5 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.3-alpha-32368'; +$wp_version = '4.3-alpha-32374'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. diff --git a/wp-includes/wp-db.php b/wp-includes/wp-db.php index c6ceabab1c..91b21b7599 100644 --- a/wp-includes/wp-db.php +++ b/wp-includes/wp-db.php @@ -2531,7 +2531,7 @@ class wpdb { // We don't need to check the collation for queries that don't read data. $query = ltrim( $query, "\r\n\t (" ); - if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN)\s/i', $query ) ) { + if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN|CREATE)\s/i', $query ) ) { return true; } @@ -2741,6 +2741,12 @@ class wpdb { * @return string|WP_Error The converted query, or a WP_Error object if the conversion fails. */ protected function strip_invalid_text_from_query( $query ) { + // We don't need to check the collation for queries that don't read data. + $trimmed_query = ltrim( $query, "\r\n\t (" ); + if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN|CREATE)\s/i', $trimmed_query ) ) { + return $query; + } + $table = $this->get_table_from_query( $query ); if ( $table ) { $charset = $this->get_table_charset( $table );