Commit Graph

241 Commits

Author SHA1 Message Date
Dion Hulse 94278eddb6 WPDB: Check that `AUTH_SALT` is not empty, Fix a PHP notice when `AUTH_SALT` is undefined.
Props jsonfry, mkomar, pento.
Merges [42119] and [42120] to the 3.7 branch.
Fixes #42431 and #42401 for 3.7.

Built from https://develop.svn.wordpress.org/branches/3.7@42241


git-svn-id: http://core.svn.wordpress.org/branches/3.7@42070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-27 01:15:10 +00:00
Gary Pendergast 083e886cf7 Database: Restore numbered placeholders in `wpdb::prepare()`.
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.

This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.

Merges [41662], [42056] to the 3.7 branch.
See #41925.


Built from https://develop.svn.wordpress.org/branches/3.7@42068


git-svn-id: http://core.svn.wordpress.org/branches/3.7@41897 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-31 13:02:10 +00:00
Aaron Campbell 7b03bfc16f Database: Hardening to bring `wpdb::prepare()` inline with documentation.
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

Merges [41496] to 3.7 branch.


Built from https://develop.svn.wordpress.org/branches/3.7@41508


git-svn-id: http://core.svn.wordpress.org/branches/3.7@41341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 18:46:09 +00:00
Aaron Campbell 0a541104e3 Database: Don’t trigger `_doing_it_wrong()` for null values in `wpdb::prepare()`.
While `wpdb::prepare()` does not support null values (see #12819) they still appear in the wild like in the WordPress Importer and other plugins.

Merges [41483] to 3.7 branch.


Built from https://develop.svn.wordpress.org/branches/3.7@41495


git-svn-id: http://core.svn.wordpress.org/branches/3.7@41328 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 16:30:22 +00:00
Aaron Campbell 029d279155 Database: Hardening for `wpdb::prepare()`
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.

Merges [41470] to 3.7 branch.


Built from https://develop.svn.wordpress.org/branches/3.7@41482


git-svn-id: http://core.svn.wordpress.org/branches/3.7@41315 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-19 15:06:09 +00:00
Gary Pendergast d56d0b0e2c WPDB: `get_table_from_query()` didn't find table names with hyphens in them.
Merge of [33718] to the 3.8 branch.

Props dustinbolton, pento.

See #33470.


Built from https://develop.svn.wordpress.org/branches/3.7@33997


git-svn-id: http://core.svn.wordpress.org/branches/3.7@33966 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-10 07:20:08 +00:00
John Blackbourn a8bf70c382 WPDB: Allow queries to reference tables in the dbname.tablename format, and allow table names to contain any valid character, rather than just ASCII.
Merge of [32368] to the 3.7 branch.

Props pento, willstedt for the initial patch.

See #32090.

Built from https://develop.svn.wordpress.org/branches/3.7@32416


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32386 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 21:14:10 +00:00
Dominik Schilling 8cb1387688 WPDB: When sanity checking query character sets, there's no need to check queries that don't return user data.
Merges [32374] to the 3.7 branch.

props pento.
fixes #32104.
Built from https://develop.svn.wordpress.org/branches/3.7@32407


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 20:08:09 +00:00
Helen Hou-Sandí 0697563967 The UTF-8 regex can occasionally fail on very low memory machines. Reduce the amount of memory it uses.
Merges [32375] to the 3.7 branch.

props pento.
fixes #32204.

Built from https://develop.svn.wordpress.org/branches/3.7@32400


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32370 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 19:44:19 +00:00
Michael Adams 18fcca2916 WPDB: When checking that a string can be sent to MySQL, we shouldn't use `mb_convert_encoding()`, as it behaves differently to MySQL's character encoding conversion.
Merge of [32364] to the 3.7 branch.

Props mdawaffe, pento, nbachiyski, jorbin, johnjamesjacoby, jeremyfelt.

See #32165.

Built from https://develop.svn.wordpress.org/branches/3.7@32391


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32361 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 19:17:09 +00:00
Michael Adams cd63ed5102 3.7:
- WPDB: Sanity check that any strings being stored in the DB are not too long to store correctly.
- When upgrading, remove any suspicious comments.

Built from https://develop.svn.wordpress.org/branches/3.7@32318


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32289 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-27 18:35:09 +00:00
Gary Pendergast 2e7a66f15f WPDB: When sanity checking a string by sending it to MySQL for conversion checks, the incorrect data structure was being returned from wpdb::strip_invalid_text(), causing all write queries to fail for some character sets when the query contained non-ASCII characters.
Merge of [32261] to the 3.7 branch.

See #32051.


Built from https://develop.svn.wordpress.org/branches/3.7@32275


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32246 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-23 11:56:10 +00:00
Gary Pendergast 8490921af3 WPDB: When deciding if a query needs extra sanity checking based on collation, return early when we can. Merges [32232] and [32233] to the 3.7 branch.
See #32029.


Built from https://develop.svn.wordpress.org/branches/3.7@32241


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32212 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-21 07:06:10 +00:00
Gary Pendergast 5236e251a3 Merge the query sanity checks from #21212 to the 3.7 branch.
Props pento, nacin, mdawaffe, DrewAPicture.


Built from https://develop.svn.wordpress.org/branches/3.7@32188


git-svn-id: http://core.svn.wordpress.org/branches/3.7@32161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 11:52:10 +00:00
Andrew Nacin 20b0153753 Document the 'query' filter in wp-db.
props natejacobs.
see #25229.

Built from https://develop.svn.wordpress.org/trunk@25284


git-svn-id: http://core.svn.wordpress.org/trunk@25248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-06 17:07:09 +00:00
Andrew Nacin f39e2c28ce Reset $wpdb->insert_id on a failed INSERT or REPLACE. See [24459] [24494].
git-svn-id: http://core.svn.wordpress.org/trunk@24872 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 18:14:05 +00:00
Andrew Nacin eb822723ae Check that we have a database connection in wpdb::_real_escape(). see #24773.
git-svn-id: http://core.svn.wordpress.org/trunk@24758 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-20 20:16:21 +00:00
Andrew Nacin 0cb7fbacc8 Ensure _deprecated_function() exists before calling it. wpdb currently does not have a full functions.php dependency, and this can break external inclusions. see #24774.
git-svn-id: http://core.svn.wordpress.org/trunk@24724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-17 21:08:05 +00:00
Andrew Nacin 3b4f3dea29 Deprecate wpdb::escape() in favor of wpdb::prepare() and esc_sql(). fixes #24774.
git-svn-id: http://core.svn.wordpress.org/trunk@24718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-16 17:44:42 +00:00
Andrew Nacin dffd2b1bd9 Always use mysql_real_escape_string(), even when DB_CHARSET is not properly set. fixes #24773.
git-svn-id: http://core.svn.wordpress.org/trunk@24712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-16 14:07:53 +00:00
Andrew Nacin 2ac8311b74 Partially revert [24459] and only flush insert_id on the next insert or replace query, as we had been doing before. (Yes, this is not how mysql_insert_id() works.)
git-svn-id: http://core.svn.wordpress.org/trunk@24494 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 18:22:26 +00:00
Andrew Nacin 9f10b33324 Have wpdb::flush() reset more variables.
git-svn-id: http://core.svn.wordpress.org/trunk@24459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 01:32:54 +00:00
Sergey Biryukov e65c4190f1 Remove extraneous function parameters in the wpdb class. props rlerdorf. see #24210.
git-svn-id: http://core.svn.wordpress.org/trunk@24121 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-04-29 00:31:56 +00:00
Sergey Biryukov 2bcf4b8802 Only show database errors if WP_DEBUG_DISPLAY is enabled. props cheeserolls, storkontheroof, crazycoders. fixes #22203.
git-svn-id: http://core.svn.wordpress.org/trunk@24027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-04-18 09:51:02 +00:00
Andrew Nacin e588812a49 Enforce a minimum of two arguments for wpdb::prepare(). The first argument is the query (or fragment thereof), which is required. Additional arguments are values to substitute into placeholders.
This will generate E_WARNINGs for insufficient arguments when prepare() is called with no additional arguments. This should discourage improper uses of prepare() under the guise of safely running a query.

props xknown. fixes #22262.



git-svn-id: http://core.svn.wordpress.org/trunk@22429 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-07 19:30:59 +00:00
Andrew Nacin d85554c5f1 When replacing floats in wpdb::prepare(), avoid escaped placeholders (%%f). props SergeyBiryukov. fixes #19861.
git-svn-id: http://core.svn.wordpress.org/trunk@22304 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-25 20:52:50 +00:00
Ryan Boren 8ae2c51069 Correct phpdoc for wpdb::bail(). wp_die() is issued when show_errors is true, not false. Props SergeyBiryukov. fixes #22211
git-svn-id: http://core.svn.wordpress.org/trunk@22254 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-17 13:11:45 +00:00
Ryan Boren 77518e9c71 Objects no longer need to be explicitly passed by ref to call_user_func*() to be callable. Props wonderboymusic. fixes #21865
git-svn-id: http://core.svn.wordpress.org/trunk@22118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-04 20:00:16 +00:00
Andrew Nacin 1508b46bb4 Call error_log() in wp-db without unnecessary conditionals. fixes #21103.
git-svn-id: http://core.svn.wordpress.org/trunk@21807 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-11 01:35:43 +00:00
Andrew Nacin e225c12704 Basic support for the mysql_connect() new_link and client_flags arguments. props Otto42, fixes #19324.
git-svn-id: http://core.svn.wordpress.org/trunk@21609 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-24 17:44:21 +00:00
Ryan Boren 7342291b01 Update @since for various wpdb properties. Props SergeyBiryukov. fixes #21582
git-svn-id: http://core.svn.wordpress.org/trunk@21521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-15 15:32:35 +00:00
Andrew Nacin 2b21b814a1 @since for wpdb's result property. props SergeyBiryukov. see #21533.
git-svn-id: http://core.svn.wordpress.org/trunk@21513 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-14 20:34:12 +00:00
Andrew Nacin f965d758fc Add magic set, isset, and unset to wpdb. props pento.
These magic methods allow us to mark properties as protected or private, without breaking compatibility, as they were once accessible. The joys of PHP4.

fixes #18510.



git-svn-id: http://core.svn.wordpress.org/trunk@21512 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-14 20:26:04 +00:00
Andrew Nacin c11a4c09e8 Eliminate error suppression for mysql_free_result() and only call it when the result is actually a resource. Depending on the query, mysql_query() can return a boolean rather than a resource, hence the original use of error suppression.
Fixes a warning introduced in [21472] when calling mysql_free_result() was moved to flush().

fixes #20838.



git-svn-id: http://core.svn.wordpress.org/trunk@21511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-14 20:21:10 +00:00
nacin f02bacd9f1 Declare, document, and protect $dbuser, $dbpassword, $dbname, $dbhost and $dbh in wpdb.
These properties, while protected, are still accessible thanks to the magic getter added in [21472].

props pento, nvartolomei, joelhardi. fixes #18510.



git-svn-id: http://core.svn.wordpress.org/trunk@21473 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-08 06:28:57 +00:00
nacin 1425762319 Lazy-load column info in wpdb. props pento. fixes #20838.
git-svn-id: http://core.svn.wordpress.org/trunk@21472 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-08 06:24:59 +00:00
nacin 4e5fd4de46 Introduce wpdb::get_charset_collate() to return the DEFAULT CHARACTER SET and COLLATE for use in table schemas.
props simonwheatley, pento. fixes #18451.



git-svn-id: http://core.svn.wordpress.org/trunk@21471 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-08 06:13:48 +00:00
nacin 73c74cf8f7 Deprecate wpdb::supports_collation() in favor of wpdb::has_cap().
props hakre, pento. fixes #16757.



git-svn-id: http://core.svn.wordpress.org/trunk@21470 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-08 06:06:57 +00:00
nacin 3e8fe0e2e0 Correctly identify queries where a line break follows a keyword, rather than a space. props GeertDD, fixes #19467.
git-svn-id: http://core.svn.wordpress.org/trunk@21178 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-29 15:08:17 +00:00
nacin 9810e75d46 Handle localized floats in $wpdb->prepare(). props kurtpayne. fixes #19861.
git-svn-id: http://core.svn.wordpress.org/trunk@21161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-28 19:57:31 +00:00
nacin 9501ff721d Escape special characters when outputting DB failures. see #13839.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20483 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-16 21:55:47 +00:00
duck_ a280584422 Correct @since and remove invalid code example in wpdb::delete() documentation. Props GaryJ, scribu. See #18948.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-27 12:00:39 +00:00
nacin 0730535015 Introduce $wpdb->delete(). props justindgivens, scribu. fixes #18948.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-24 15:24:31 +00:00
westi cff0e266a4 Refactor WPDB::get_caller() into wp_debug_backtrace_summary() and improve the functionality to provide enhanced context and a standardised default pretty format. Fixes #19589
git-svn-id: http://svn.automattic.com/wordpress/trunk@19773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-28 11:56:50 +00:00
nacin 81ed9a7563 Introduce wp_load_translations_early(), which can be used before the locale is properly loaded in order to translate early error strings. Internationalize setup-config.php -- translators no longer have a reason to modify this file. fixes #18180.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19760 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-26 20:34:27 +00:00
ryan e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
duck_ a95ad847db Stop quotes being incorrectly added to prepare placeholders in wpdb::_insert_replace_helper(). Fixes #19016.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-05 21:29:57 +00:00
nacin 6424c5b733 Ask for a float from microtime() for timer_start(), timer_stop(). Clarify docs. props solarissmoke, fixes #19157.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19611 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-20 21:36:53 +00:00
ryan 07ff8b216b Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-13 23:45:31 +00:00
nacin e39245936f Remove reference to get_last_error(), it doesn't exist. props mitchoyoshitaka, fixes #19002.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-15 00:18:41 +00:00