Commit Graph

340 Commits

Author SHA1 Message Date
Aaron Campbell 644434666e Database: Hardening for `wpdb::prepare()`
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.

Merges [41470] to 4.5 branch.


Built from https://develop.svn.wordpress.org/branches/4.5@41474


git-svn-id: http://core.svn.wordpress.org/branches/4.5@41307 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 15:01:07 +00:00
Gary Pendergast 59123b5b24 Database: Suppress connection error messages when `WP_DEBUG` isn't enabled.
This is a partial revert of [35860], which has been causing un-catchable warnings to be generated on some server configurations.

Merge of [37292] to the 4.5 branch.

Fixes #36629.
See #21870.


Built from https://develop.svn.wordpress.org/branches/4.5@37293


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37259 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-22 05:24:29 +00:00
Drew Jaynes b6d1626613 Docs: Following [37085], properly indent the markdown-formatted examples in the DocBlock for `wpdb::esc_like()`.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@37086


git-svn-id: http://core.svn.wordpress.org/trunk@37053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-27 18:27:26 +00:00
Drew Jaynes 60b9a5a48f Docs: Add missing quotes around a specifier in a query example in the DocBlock for `wpdb::esc_like()`.
Props madvic.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@37085


git-svn-id: http://core.svn.wordpress.org/trunk@37052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-27 18:25:26 +00:00
Gary Pendergast c233a88379 WPDB: Reset connection status variables when the connection is closed.
Fixes #36240.


Built from https://develop.svn.wordpress.org/trunk@36997


git-svn-id: http://core.svn.wordpress.org/trunk@36964 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-15 03:28:26 +00:00
Drew Jaynes e842a7b2e0 Docs: Remove an errant period following the `@access` tag in the DocBlock for `wpdb::close()`, mistakenly introduced in [36493].
Props markoheijnen.
See #34903. See #35986.

Built from https://develop.svn.wordpress.org/trunk@36840


git-svn-id: http://core.svn.wordpress.org/trunk@36807 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-04 00:03:27 +00:00
Drew Jaynes b0ef4d14c5 Docs: Add an `@access` tag and fix a typo in the DocBlock for `wpdb::close()`.
See #34903. See #32246.

Built from https://develop.svn.wordpress.org/trunk@36493


git-svn-id: http://core.svn.wordpress.org/trunk@36460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-07 02:03:26 +00:00
Gary Pendergast 5779ed9d8a WPDB: Add a `close()` method to `wpdb`, for when the connection needs to be manually closed.
In the event that it was closed prematurely, `wpdb::query()` will re-open the connection automatically.

Fixes #34903.


Built from https://develop.svn.wordpress.org/trunk@36433


git-svn-id: http://core.svn.wordpress.org/trunk@36400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 00:13:26 +00:00
Sergey Biryukov b0b311053e Docs: Correct `wpdb::db_version()` description.
Props luciole135.
Fixes #35588.
Built from https://develop.svn.wordpress.org/trunk@36385


git-svn-id: http://core.svn.wordpress.org/trunk@36352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-23 11:22:26 +00:00
Eric Lewis b07bb412ee Don't suppress error messages in database function calls.
Fixes #21870.

Built from https://develop.svn.wordpress.org/trunk@35860


git-svn-id: http://core.svn.wordpress.org/trunk@35824 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-11 03:40:26 +00:00
Drew Jaynes 4048bfb25c Docs: Fix mid-file separator syntax in wp-includes/wp-db.php.
Props liamdempsey.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@35787


git-svn-id: http://core.svn.wordpress.org/trunk@35751 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 20:26:24 +00:00
Gary Pendergast ffc4d6965c WPDB: Fall back to the connection charset when sanity checking strings.
If `DB_CHARSET` isn't defined (or is empty), `wpdb::$charset` will be empty, too. `wpdb::strip_invalid_text()` assumes that it isn't empty, however, so we need to fall back to the connection character set when we're running our sanity checks.

Fixes #34708.


Built from https://develop.svn.wordpress.org/trunk@35655


git-svn-id: http://core.svn.wordpress.org/trunk@35619 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-17 06:13:26 +00:00
Sergey Biryukov 123765d9c8 I18N: Add a translator comment for the string introduced in [24758] and made translatable in [29840].
Props swissspidy.
See #34249.
Built from https://develop.svn.wordpress.org/trunk@35544


git-svn-id: http://core.svn.wordpress.org/trunk@35508 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-05 21:18:25 +00:00
Sergey Biryukov 639371de09 Add `wp_load_translations_early()` to `wpdb::check_connection()`.
Fixes #29306. See #34216.
Built from https://develop.svn.wordpress.org/trunk@34943


git-svn-id: http://core.svn.wordpress.org/trunk@34908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 17:11:24 +00:00
Sergey Biryukov 50e6ef8bd7 Split database error messages into separate strings to remove unnecessary HTML tags from translations.
Add translator comments for placeholders.

Fixes #34216.
Built from https://develop.svn.wordpress.org/trunk@34942


git-svn-id: http://core.svn.wordpress.org/trunk@34907 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 16:52:24 +00:00
Gary Pendergast 3942226c90 WPDB: Allow `null` values in the CRUD functions.
Specifically, `::insert()`, `::replace()`, `::update()`, and `::delete()` can now set a column to `NULL`, or add the `IS NULL` condition to the `WHERE` clause.

This is based on [backpress 279].

Props pento, nbachiyski, sorich87.

Fixes #15158.


Built from https://develop.svn.wordpress.org/trunk@34737


git-svn-id: http://core.svn.wordpress.org/trunk@34701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-01 05:37:26 +00:00
Gary Pendergast 9347f1af71 WPDB: Make sure we don't run sanity checks on DB dropins.
Previously, we'd run the sanity checks if `is_mysql` was not set to `false`. This caused problems for DB drop-ins that didn't define `is_mysql` at all. Instead, we can just check if `is_mysql` is `empty()`.

Also fix some unit tests that accidently ran correctly because of the strict `false ===` comparison.

Fixes #33501.


Built from https://develop.svn.wordpress.org/trunk@34655


git-svn-id: http://core.svn.wordpress.org/trunk@34619 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-28 01:17:24 +00:00
Boone Gorges 8b4a5d1ec0 Introduce metadata for taxonomy terms.
Adds a new table to the database schema (`wp_termmeta`), and a set of
`*_term_meta()` API functions. `get_terms()` and `wp_get_object_terms()`
now also support 'meta_query' parameters, with syntax identical to other
uses of `WP_Meta_Query`.

When fetching terms via `get_terms()` or `wp_get_object_terms()`, metadata for
matched terms is preloaded into the cache by default. Disable this behavior
by setting the new `$update_term_meta_cache` paramater to `false`.

To maximize performance, within `WP_Query` loops, the termmeta cache is *not*
primed by default. Instead, we use a lazy-loading technique: metadata for all
terms belonging to posts in the loop is loaded into the cache the first time
that `get_term_meta()` is called within the loop.

Props boonebgorges, sirzooro.
See #10142.
Built from https://develop.svn.wordpress.org/trunk@34529


git-svn-id: http://core.svn.wordpress.org/trunk@34493 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 03:59:27 +00:00
Gary Pendergast 1b91141437 WPDB: When attempting to fall back to `ext/mysql` in `db_connect()`, return the result of the fall back.
While it doesn't affect Core, we should also be passing the `$allow_bail` parameter, for anything that uses it differently.

Props markoheijnen, johnbillion.

Fixes #33105.


Built from https://develop.svn.wordpress.org/trunk@34478


git-svn-id: http://core.svn.wordpress.org/trunk@34442 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-24 04:30:25 +00:00
Scott Taylor 84da11d918 Pass `false` as the 2nd argument to `class_exists()` to disable autoloading and to not cause problems for those who define `__autoload()`.
Fixes #20523.

Built from https://develop.svn.wordpress.org/trunk@34348


git-svn-id: http://core.svn.wordpress.org/trunk@34312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-20 03:52:25 +00:00
Drew Jaynes 13c25f5f49 Docs: Put "it's" in its place (again).
Props kitchin.
Fixes #33894.

Built from https://develop.svn.wordpress.org/trunk@34234


git-svn-id: http://core.svn.wordpress.org/trunk@34198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-16 12:46:28 +00:00
Scott Taylor 128cc02f39 In `wpdb::get_col_length()`, the final `return false` is unreachable since the default `switch` case returns.
See #33491.

Built from https://develop.svn.wordpress.org/trunk@33956


git-svn-id: http://core.svn.wordpress.org/trunk@33925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-09 00:48:26 +00:00
Scott Taylor ef87172270 `foreach` is a statement, not a function.
See #33491.

Built from https://develop.svn.wordpress.org/trunk@33734


git-svn-id: http://core.svn.wordpress.org/trunk@33702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-25 20:28:22 +00:00
Gary Pendergast eb99787e32 WPDB: `get_table_from_query()` didn't find table names with hyphens in them.
Props dustinbolton for the fix.

Fixes #33470.


Built from https://develop.svn.wordpress.org/trunk@33718


git-svn-id: http://core.svn.wordpress.org/trunk@33685 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-24 00:19:25 +00:00
Scott Taylor 029c274b86 In `wpdb::get_col_length()`, `break`s are not necessary when a `case` returns
See #33491.

Built from https://develop.svn.wordpress.org/trunk@33701


git-svn-id: http://core.svn.wordpress.org/trunk@33668 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-21 18:41:25 +00:00
Drew Jaynes 4770601d73 Docs: Standardize `@deprecated` tag formatting in the DocBlocks for several `wpdb` methods.
Props Alphawolf.
See #28806.

Built from https://develop.svn.wordpress.org/trunk@33679


git-svn-id: http://core.svn.wordpress.org/trunk@33646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-20 22:42:25 +00:00
Gary Pendergast e6904bc0e8 WPDB: When checking the encoding of strings against the database, make sure we're only relying on the return value of strings that were sent to the database. Also make sure that we're not trying to sanity check strings that've been marked as not needing sanity checking.
Fixes #32279.


Built from https://develop.svn.wordpress.org/trunk@33455


git-svn-id: http://core.svn.wordpress.org/trunk@33422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-28 06:32:24 +00:00
Gary Pendergast a6cb4b293c WPDB: `::strip_text_from_query()` doesn't pass a length to `::strip_invalid_text()`, which was causing queries to fail when they contained characters that needed to be sanity checked by MySQL.
Props dd32, mdawaffe, pento.

Fixes #32279.


Built from https://develop.svn.wordpress.org/trunk@33310


git-svn-id: http://core.svn.wordpress.org/trunk@33282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-17 07:07:26 +00:00
Gary Pendergast 6759a210ca WPDB: Remove some of the complexities in `::strip_invalid_text()` associated with switching character sets between queries. Instead of trying to dynamically change connection character sets, we now rely on the value of `::charset`. This also fixes the case where queries were being blocked when `DB_CHARSET` was `utf8`, but the column character set was non-`utf8`.
Fixes #32165.


Built from https://develop.svn.wordpress.org/trunk@33308


git-svn-id: http://core.svn.wordpress.org/trunk@33280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-17 06:34:26 +00:00
Gary Pendergast f28b182a7c WPDB: When checking that text isn't too long to insert into a column, `LONGTEXT` columns could fail, as their length is longer than `PHP_INT_MAX`. Treating their length as a `float` instead of an `int` fixes this.
See #32165.


Built from https://develop.svn.wordpress.org/trunk@33276


git-svn-id: http://core.svn.wordpress.org/trunk@33248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-15 04:33:25 +00:00
Gary Pendergast 4ee0da1798 WPDB: When extracting the table name from a query, we had a 1000 character limit on the SQL string that would be searched. This was a hangover from when the code was imported from HyperDB, and isn't appropriate for Core, where a wider range of queries are likely to be run.
Fixes #32763


Built from https://develop.svn.wordpress.org/trunk@33259


git-svn-id: http://core.svn.wordpress.org/trunk@33231 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-14 10:19:24 +00:00
Dion Hulse cbacb92dae Enable utf8mb4 for MySQL extension users. Previously utf8mb4 was limited to MySQLi users only unintentionally.
This change does the following things
 * Allows utf8mb4 for the MySQL extension
 * Re-runs the utf8->utf8mb4 conversion for single sites, this will do nothing for tables already converted
 * Re-runs the utf8->utf8mb4 conversion for global tables in multisite when the environment supports utf8mb4
 * Removes upgrade_420() calling as upgrade_430() will perform those changes now instead

The index shortenings should have still taken place on utf8 sites previously, so there's no need to run those again. 

Props kovshenin, pento, dd32
Fixes #32127 for trunk.

Built from https://develop.svn.wordpress.org/trunk@33055


git-svn-id: http://core.svn.wordpress.org/trunk@33026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-03 03:26:24 +00:00
Dominik Schilling 54424e9755 wpdb: Make "WordPress database error:" translatable.
props jrf.
see #32021.
Built from https://develop.svn.wordpress.org/trunk@33006


git-svn-id: http://core.svn.wordpress.org/trunk@32977 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-30 20:00:25 +00:00
Scott Taylor a0e373ef80 For doc block types, favor `bool` over the few remaining `boolean`s
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32964


git-svn-id: http://core.svn.wordpress.org/trunk@32935 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-27 01:03:25 +00:00
Scott Taylor 6ab487dde6 Add missing/alter existing doc blocks for `wp-db.php`.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32641


git-svn-id: http://core.svn.wordpress.org/trunk@32611 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-28 20:10:29 +00:00
Scott Taylor 2f3e567f44 Alter visibility of some properties in `wpdb`:
`num_queries` is accessed publicly in core.
`num_rows` is accessed publicly in `ms-settings.php`.
`insert_id` is accessed publicly in core.
`prefix` is accessed publicly in `upgrade.php` and `capabilities.php`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32640


git-svn-id: http://core.svn.wordpress.org/trunk@32610 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-28 16:34:25 +00:00
Scott Taylor 45d897d0e7 In `wpdb::load_col_info()`, don't fetch the number of fields in the result row on each iteration of the `for` loop. It can be stored in a var and referenced.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32515


git-svn-id: http://core.svn.wordpress.org/trunk@32485 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-19 20:30:27 +00:00
Gary Pendergast 7ca423d449 The UTF-8 regex can occasionally fail on very low memory machines. Reduce the amount of memory it uses.
See #32204.


Built from https://develop.svn.wordpress.org/trunk@32375


git-svn-id: http://core.svn.wordpress.org/trunk@32345 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 06:58:24 +00:00
Gary Pendergast c24c5923c3 WPDB: When sanity checking query character sets, there's no need to check queries that don't return user data.
See #32104.


Built from https://develop.svn.wordpress.org/trunk@32374


git-svn-id: http://core.svn.wordpress.org/trunk@32344 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 06:05:26 +00:00
Gary Pendergast 6e7fff514b WPDB: Allow queries to reference tables in the `dbname.tablename` format, and allow table names to contain any valid character, rather than just ASCII.
Props pento, willstedt for the initial patch.

See #32090.


Built from https://develop.svn.wordpress.org/trunk@32368


git-svn-id: http://core.svn.wordpress.org/trunk@32338 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 05:01:26 +00:00
Gary Pendergast 364886a5be WPDB: When checking that a string can be sent to MySQL, we shouldn't use `mb_convert_encoding()`, as it behaves differently to MySQL's character encoding conversion.
Props mdawaffe, pento, nbachiyski, jorbin, johnjamesjacoby, jeremyfelt.

See #32165.


Built from https://develop.svn.wordpress.org/trunk@32364


git-svn-id: http://core.svn.wordpress.org/trunk@32335 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 03:00:25 +00:00
Gary Pendergast 85d327d4bd In [32299], we should be using `mb_strlen()` for our string size checks.
Built from https://develop.svn.wordpress.org/trunk@32306


git-svn-id: http://core.svn.wordpress.org/trunk@32277 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-27 14:42:27 +00:00
Gary Pendergast 95d5fa28b4 WPDB: Sanity check that any strings being stored in the DB are not too long to store correctly.
Built from https://develop.svn.wordpress.org/trunk@32299


git-svn-id: http://core.svn.wordpress.org/trunk@32270 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-27 14:03:27 +00:00
Gary Pendergast 16bdf0ab2c WPDB: When sanity checking a string by sending it to MySQL for conversion checks, the incorrect data structure was being returned from `wpdb::strip_invalid_text()`, causing all write queries to fail for some character sets when the query contained non-ASCII characters.
See #32051.


Built from https://develop.svn.wordpress.org/trunk@32261


git-svn-id: http://core.svn.wordpress.org/trunk@32232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-22 15:02:28 +00:00
Gary Pendergast 5775586646 WPDB: When deciding if a query needs extra sanity checking based on collation, we can quickly return if the query is entirely ASCII characters.
See #32029.


Built from https://develop.svn.wordpress.org/trunk@32233


git-svn-id: http://core.svn.wordpress.org/trunk@32207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-21 05:24:26 +00:00
Gary Pendergast 6f38333ab2 WPDB: When deciding if a query needs extra sanity checking based on collation, we can quickly return if it's a query that will never return user data.
Fixes #32029.


Built from https://develop.svn.wordpress.org/trunk@32232


git-svn-id: http://core.svn.wordpress.org/trunk@32206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-21 05:11:27 +00:00
Gary Pendergast 2bbd21f543 WPDB: When sanity checking read queries, there are some collations we can skip, for improved performance.
Props pento, nacin.

See #21212.


Built from https://develop.svn.wordpress.org/trunk@32162


git-svn-id: http://core.svn.wordpress.org/trunk@32137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 04:46:25 +00:00
Dominik Schilling 64fc7294b6 Use HTTPS URLs for codex.wordpress.org.
see #27115.
Built from https://develop.svn.wordpress.org/trunk@32116


git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
Drew Jaynes 8f0e359618 Remove unnecessary inline `@see` tags from a variety of parameter and return descriptions in wp-includes/wp-db.php.
See #31888.

Built from https://develop.svn.wordpress.org/trunk@32050


git-svn-id: http://core.svn.wordpress.org/trunk@32029 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-05 17:17:27 +00:00
Drew Jaynes 777ad7647c Remove unnecessary inline `@see` tags from the `wpdb::process_field_charsets()` DocBlock.
See [30345]. See #31888.

Built from https://develop.svn.wordpress.org/trunk@32049


git-svn-id: http://core.svn.wordpress.org/trunk@32028 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-05 17:15:26 +00:00