3.8:

mdawaffe · mdawaffe · commit 5afd7cdb2248 · 2015-04-27T18:33:43.000Z
- WPDB: Sanity check that any strings being stored in the DB are not too long to store correctly. - When upgrading, remove any suspicious comments. git-svn-id: https://develop.svn.wordpress.org/branches/3.8@32317 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "WordPress",
-  "version": "3.8.7",
+  "version": "3.8.8",
   "description": "WordPress is web software you can use to create a beautiful website or blog.",
   "repository": {
     "type": "svn",
diff --git a/src/readme.html b/src/readme.html
@@ -9,7 +9,7 @@
 <body>
 <h1 id="logo">
 	<a href="http://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /></a>
-	<br /> Version 3.8.7
+	<br /> Version 3.8.8
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 
diff --git a/src/wp-admin/about.php b/src/wp-admin/about.php
@@ -39,7 +39,11 @@
 </h2>
 
 <div class="changelog point-releases">
-	<h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 7 ); ?></h3>
+	<h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 8 ); ?></h3>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 1 ), '3.8.8' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_3.8.8' ); ?>
+ 	</p>
 	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed %2$s bug.',
          '<strong>Version %1$s</strong> addressed %2$s bugs.', 1 ), '3.8.7', number_format_i18n( 1 ) ); ?>
 		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.8.7' ); ?>
diff --git a/src/wp-admin/includes/upgrade.php b/src/wp-admin/includes/upgrade.php
@@ -414,6 +414,9 @@ function upgrade_all() {
 	if ( $wp_current_db_version < 26692 )
 		upgrade_383();
 
+	if ( $wp_current_db_version < 26693 )
+		upgrade_388();
+
 	maybe_disable_link_manager();
 
 	maybe_disable_automattic_widgets();
@@ -1284,6 +1287,33 @@ function upgrade_383() {
 	}
 }
 
+/**
+ * Execute changes made in WordPress 3.8.8.
+ *
+ * @since 3.8.8
+ */
+function upgrade_388() {
+	global $wp_current_db_version, $wpdb;
+
+	if ( $wp_current_db_version < 26693 ) {
+		$content_length = $wpdb->get_col_length( $wpdb->comments, 'comment_content' );
+		if ( ! $content_length ) {
+			$content_length = 65535;
+		}
+
+		$comments = $wpdb->get_results(
+			"SELECT comment_ID FROM $wpdb->comments
+			WHERE comment_date_gmt > '2015-04-26'
+			AND CHAR_LENGTH( comment_content ) >= $content_length
+			AND ( comment_content LIKE '%<%' OR comment_content LIKE '%>%' )"
+		);
+
+		foreach ( $comments as $comment ) {
+			wp_delete_comment( $comment->comment_ID, true );
+		}
+	}
+}
+
 /**
  * Execute network level changes
  *
diff --git a/src/wp-includes/version.php b/src/wp-includes/version.php
@@ -11,7 +11,7 @@
  *
  * @global int $wp_db_version
  */
-$wp_db_version = 26692;
+$wp_db_version = 26693;
 
 /**
  * Holds the TinyMCE version
diff --git a/src/wp-includes/wp-db.php b/src/wp-includes/wp-db.php
@@ -1521,11 +1521,20 @@ function delete( $table, $where, $where_format = null ) {
 	 */
 	protected function process_fields( $table, $data, $format ) {
 		$data = $this->process_field_formats( $data, $format );
+		if ( false === $data ) {
+			return false;
+		}
+
 		$data = $this->process_field_charsets( $data, $table );
 		if ( false === $data ) {
 			return false;
 		}
 
+		$data = $this->process_field_lengths( $data, $table );
+		if ( false === $data ) {
+			return false;
+		}
+
 		$converted_data = $this->strip_invalid_text( $data );
 
 		if ( $data !== $converted_data ) {
@@ -1606,6 +1615,40 @@ protected function process_field_charsets( $data, $table ) {
 		return $data;
 	}
 
+	/**
+	 * For string fields, record the maximum string length that field can safely save.
+	 *
+	 * @since 4.2.1
+	 * @access protected
+	 *
+	 * @param array  $data  As it comes from the wpdb::process_field_charsets() method.
+	 * @param string $table Table name.
+	 * @return array|False The same array as $data with additional 'length' keys, or false if
+	 *                     any of the values were too long for their corresponding field.
+	 */
+	protected function process_field_lengths( $data, $table ) {
+		foreach ( $data as $field => $value ) {
+			if ( '%d' === $value['format'] || '%f' === $value['format'] ) {
+				// We can skip this field if we know it isn't a string.
+				// This checks %d/%f versus ! %s because it's sprintf() could take more.
+				$value['length'] = false;
+			} else {
+				$value['length'] = $this->get_col_length( $table, $field );
+				if ( is_wp_error( $value['length'] ) ) {
+					return false;
+				}
+			}
+
+			if ( false !== $value['length'] && strlen( $value['value'] ) > $value['length'] ) {
+				return false;
+			}
+
+			$data[ $field ] = $value;
+		}
+
+		return $data;
+	}
+
 	/**
 	 * Retrieve one variable from the database.
 	 *
@@ -1921,6 +1964,77 @@ public function get_col_charset( $table, $column ) {
 		return $charset;
 	}
 
+	/**
+	 * Retrieve the maximum string length allowed in a given column.
+	 *
+	 * @since 4.2.1
+	 * @access public
+	 *
+	 * @param string $table  Table name.
+	 * @param string $column Column name.
+	 * @return mixed Max column length as an int. False if the column has no
+	 *               length. WP_Error object if there was an error.
+	 */
+	public function get_col_length( $table, $column ) {
+		$tablekey = strtolower( $table );
+		$columnkey = strtolower( $column );
+
+		// Skip this entirely if this isn't a MySQL database.
+		if ( false === $this->is_mysql ) {
+			return false;
+		}
+
+		if ( empty( $this->col_meta[ $tablekey ] ) ) {
+			// This primes column information for us.
+			$table_charset = $this->get_table_charset( $table );
+			if ( is_wp_error( $table_charset ) ) {
+				return $table_charset;
+			}
+		}
+
+		if ( empty( $this->col_meta[ $tablekey ][ $columnkey ] ) ) {
+			return false;
+		}
+
+		$typeinfo = explode( '(', $this->col_meta[ $tablekey ][ $columnkey ]->Type );
+
+		$type = strtolower( $typeinfo[0] );
+		if ( ! empty( $typeinfo[1] ) ) {
+			$length = trim( $typeinfo[1], ')' );
+		} else {
+			$length = false;
+		}
+
+		switch( $type ) {
+			case 'binary':
+			case 'char':
+			case 'varbinary':
+			case 'varchar':
+				return $length;
+				break;
+			case 'tinyblob':
+			case 'tinytext':
+				return 255; // 2^8 - 1
+				break;
+			case 'blob':
+			case 'text':
+				return 65535; // 2^16 - 1
+				break;
+			case 'mediumblob':
+			case 'mediumtext':
+				return 16777215; // 2^24 - 1
+				break;
+			case 'longblob':
+			case 'longtext':
+				return 4294967295; // 2^32 - 1
+				break;
+			default:
+				return false;
+		}
+
+		return false;
+	}
+
 	/**
 	 * Check if a string is ASCII.
 	 *
diff --git a/tests/phpunit/tests/comment.php b/tests/phpunit/tests/comment.php
@@ -14,4 +14,37 @@ function test_wp_update_comment() {
 		$result = wp_update_comment( array( 'comment_ID' => $comments[0], 'comment_parent' => $comments[1] ) );
 		$this->assertEquals( 0, $result );
 	}
+
+	public function test_comment_content_length() {
+		// `wp_new_comment()` checks REMOTE_ADDR, so we fake it to avoid PHP notices.
+		if ( isset( $_SERVER['REMOTE_ADDR'] ) ) {
+			$remote_addr = $_SERVER['REMOTE_ADDR'];
+		} else {
+			$_SERVER['REMOTE_ADDR'] = '';
+		}
+
+		$post_id = $this->factory->post->create();
+
+		$data = array(
+			'comment_post_ID' => $post_id,
+			'comment_author' => rand_str(),
+			'comment_author_url' => '',
+			'comment_author_email' => '',
+			'comment_type' => '',
+			'comment_content' => str_repeat( 'A', 65536 ),
+			'comment_date' => '2011-01-01 10:00:00',
+			'comment_date_gmt' => '2011-01-01 10:00:00',
+		);
+
+		$id = wp_new_comment( $data );
+
+		$this->assertFalse( $id );
+
+		// Cleanup.
+		if ( isset( $remote_addr ) ) {
+			$_SERVER['REMOTE_ADDR'] = $remote_addr;
+		} else {
+			unset( $_SERVER['REMOTE_ADDR'] );
+		}
+	}
 }
diff --git a/tests/phpunit/tests/db.php b/tests/phpunit/tests/db.php
@@ -511,6 +511,7 @@ function test_process_fields() {
 				'format' => '%s',
 				'charset' => $expected_charset,
 				'ascii' => false,
+				'length' => $wpdb->get_col_length( $wpdb->posts, 'post_content' ),
 			)
 		);
 

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "WordPress",`
`3`		`- "version": "3.8.7",`
	`3`	`+ "version": "3.8.8",`
`4`	`4`	`"description": "WordPress is web software you can use to create a beautiful website or blog.",`
`5`	`5`	`"repository": {`
`6`	`6`	`"type": "svn",`
Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@`
`11`	`11`	`*`
`12`	`12`	`* @global int $wp_db_version`
`13`	`13`	`*/`
`14`		`-$wp_db_version = 26692;`
	`14`	`+$wp_db_version = 26693;`
`15`	`15`
`16`	`16`	`/**`
`17`	`17`	`* Holds the TinyMCE version`
Original file line number	Diff line number	Diff line change
`@@ -511,6 +511,7 @@ function test_process_fields() {`
`511`	`511`	`'format' => '%s',`
`512`	`512`	`'charset' => $expected_charset,`
`513`	`513`	`'ascii' => false,`
	`514`	`+ 'length' => $wpdb->get_col_length( $wpdb->posts, 'post_content' ),`
`514`	`515`	`)`
`515`	`516`	`);`
`516`	`517`