Skip to content

Commit

Permalink
Fix ENGINE escaping
Browse files Browse the repository at this point in the history
Signed-off-by: Kamil Tekiela <tekiela246@gmail.com>
  • Loading branch information
kamil-tekiela committed Mar 13, 2023
1 parent 869ecea commit e0e3748
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 4 deletions.
8 changes: 6 additions & 2 deletions libraries/classes/CreateAddField.php
Expand Up @@ -397,8 +397,12 @@ public function getTableCreationQuery(string $db, string $table): string
. Util::backquote(trim($table)) . ' (' . $sqlStatement . ')';

// Adds table type, character set, comments and partition definition
if (! empty($_POST['tbl_storage_engine']) && ($_POST['tbl_storage_engine'] !== 'Default')) {
$sqlQuery .= ' ENGINE = ' . $this->dbi->escapeString($_POST['tbl_storage_engine']);
if (
! empty($_POST['tbl_storage_engine'])
&& ($_POST['tbl_storage_engine'] !== 'Default')
&& StorageEngine::isValid($_POST['tbl_storage_engine'])
) {
$sqlQuery .= ' ENGINE = ' . $_POST['tbl_storage_engine'];
}

if (! empty($_POST['tbl_collation'])) {
Expand Down
3 changes: 2 additions & 1 deletion psalm-baseline.xml
Expand Up @@ -4652,13 +4652,14 @@
<PossiblyInvalidIterator occurrences="1">
<code>$_POST['partitions']</code>
</PossiblyInvalidIterator>
<PossiblyInvalidOperand occurrences="6">
<PossiblyInvalidOperand occurrences="7">
<code>$_POST['partition_by']</code>
<code>$_POST['partition_count']</code>
<code>$_POST['partition_expr']</code>
<code>$_POST['subpartition_by']</code>
<code>$_POST['subpartition_count']</code>
<code>$_POST['subpartition_expr']</code>
<code>$_POST['tbl_storage_engine']</code>
</PossiblyInvalidOperand>
</file>
<file src="libraries/classes/Crypto/Crypto.php">
Expand Down
19 changes: 18 additions & 1 deletion test/classes/CreateAddFieldTest.php
Expand Up @@ -263,7 +263,24 @@ public function providerGetTableCreationQuery(): array
],
],
[
'CREATE TABLE `db`.`table` () ENGINE = Inno\\\'DB CHARSET=armscii8 COMMENT = \'my \\\'table\';',
'CREATE TABLE `db`.`table` () ENGINE = dummy CHARSET=armscii8 COMMENT = \'my \\\'table\';',
'db',
'table',
[
'field_name' => [],
'primary_indexes' => '{}',
'indexes' => '{}',
'unique_indexes' => '{}',
'fulltext_indexes' => '{}',
'spatial_indexes' => '{}',
'tbl_storage_engine' => 'dummy',
'tbl_collation' => 'armscii8',
'connection' => 'aaaa',
'comment' => 'my \'table',
],
],
[
'CREATE TABLE `db`.`table` () CHARSET=armscii8 COMMENT = \'my \\\'table\';',
'db',
'table',
[
Expand Down

0 comments on commit e0e3748

Please sign in to comment.