Merge pull request #59 from wp-cli/58-fix-regex-table-quoting

Quote SQL values in --regex code

Author: gitlost

features/search-replace.feature

@@ -977,3 +977,33 @@ Feature: Do global search/replace
       > Just another WP site
       """
     And STDERR should be empty
+
+  # Regression test for https://github.com/wp-cli/search-replace-command/issues/58
+  Scenario: The parameters --regex and --all-tables-with-prefix produce valid SQL
+    Given a WP install
+    And a test_db.sql file:
+      """
+      DROP TABLE IF EXISTS `wp_123_test`;
+      CREATE TABLE `wp_123_test` (
+        `name` varchar(50),
+        `value` varchar(5000),
+        `created_at` datetime NOT NULL,
+        `updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+        PRIMARY KEY (`name`)
+      ) ENGINE=InnoDB;
+      INSERT INTO `wp_123_test` VALUES ('test_val','off','2016-11-15 14:41:33','2016-11-15 21:41:33');
+      INSERT INTO `wp_123_test` VALUES ('123.','off','2016-11-15 14:41:33','2016-11-15 21:41:33');
+      INSERT INTO `wp_123_test` VALUES ('quote\'quote','off','2016-11-15 14:41:33','2016-11-15 21:41:33');
+      INSERT INTO `wp_123_test` VALUES ('0','off','2016-11-15 14:41:33','2016-11-15 21:41:33');
+      INSERT INTO `wp_123_test` VALUES ('','off','2016-11-15 14:41:33','2016-11-15 21:41:33');
+      """
+
+    When I run `wp db query "SOURCE test_db.sql;"`
+    Then STDERR should be empty
+
+    When I run `wp search-replace --dry-run --regex 'mytestdomain.com\/' 'mytestdomain2.com/' --all-tables-with-prefix --skip-columns=guid,domain`
+    Then STDERR should be empty
+    And STDOUT should contain:
+      """
+      Success: 0 replacements to be made.
+      """

src/Search_Replace_Command.php

@@ -492,7 +492,7 @@ private function php_handle_col( $col, $primary_keys, $table, $old, $new ) {
 				if ( strlen( $where_sql ) ) {
 					$where_sql .= ' AND ';
 				}
-				$where_sql .= self::esc_sql_ident( $k ) . ' = ' . esc_sql( $v );
+				$where_sql .= self::esc_sql_ident( $k ) . ' = ' . self::esc_sql_value( $v );
 			}
 			$col_value = $wpdb->get_var( "SELECT {$col_sql} FROM {$table_sql} WHERE {$where_sql}" );
 			if ( '' === $col_value )
@@ -649,6 +649,30 @@ private static function esc_sql_ident( $idents ) {
 		return array_map( $backtick, $idents );
 	}
 
+	/**
+	 * Puts MySQL string values in single quotes, to avoid them being interpreted as column names.
+	 *
+	 * @param string|array $values A single value or an array of values.
+	 * @return string|array A quoted string if given a string, or an array of quoted strings if given an array of strings.
+	 */
+	private static function esc_sql_value( $values ) {
+		$quote = function ( $v ) {
+			// Don't quote integer values to avoid MySQL's implicit type conversion.
+			if ( (string)(int) $v === (string) $v ) {
+				return esc_sql( $v );
+			}
+
+			// Put any string values between single quotes.
+			return "'" . esc_sql( $v ) . "'";
+		};
+
+		if ( is_array( $values ) ) {
+			return array_map( $quote, $values );
+		}
+
+		return $quote( $values );
+	}
+
 	/**
 	 * Gets the color codes from the options if any, and returns the passed in array colorized with 2 elements per entry, a color code (or '') and a reset (or '').
 	 *