Fix ENGINE escaping

Signed-off-by: Kamil Tekiela <tekiela246@gmail.com>
phpmyadmin · Mar 13, 2023 · e0e3748 · e0e3748
1 parent 869ecea
commit e0e3748
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 4 deletions.
diff --git a/libraries/classes/CreateAddField.php b/libraries/classes/CreateAddField.php
@@ -397,8 +397,12 @@ public function getTableCreationQuery(string $db, string $table): string
             . Util::backquote(trim($table)) . ' (' . $sqlStatement . ')';
 
         // Adds table type, character set, comments and partition definition
-        if (! empty($_POST['tbl_storage_engine']) && ($_POST['tbl_storage_engine'] !== 'Default')) {
-            $sqlQuery .= ' ENGINE = ' . $this->dbi->escapeString($_POST['tbl_storage_engine']);
+        if (
+            ! empty($_POST['tbl_storage_engine'])
+            && ($_POST['tbl_storage_engine'] !== 'Default')
+            && StorageEngine::isValid($_POST['tbl_storage_engine'])
+        ) {
+            $sqlQuery .= ' ENGINE = ' . $_POST['tbl_storage_engine'];
         }
 
         if (! empty($_POST['tbl_collation'])) {

diff --git a/psalm-baseline.xml b/psalm-baseline.xml
@@ -4652,13 +4652,14 @@
     <PossiblyInvalidIterator occurrences="1">
       <code>$_POST['partitions']</code>
     </PossiblyInvalidIterator>
-    <PossiblyInvalidOperand occurrences="6">
+    <PossiblyInvalidOperand occurrences="7">
       <code>$_POST['partition_by']</code>
       <code>$_POST['partition_count']</code>
       <code>$_POST['partition_expr']</code>
       <code>$_POST['subpartition_by']</code>
       <code>$_POST['subpartition_count']</code>
       <code>$_POST['subpartition_expr']</code>
+      <code>$_POST['tbl_storage_engine']</code>
     </PossiblyInvalidOperand>
   </file>
   <file src="libraries/classes/Crypto/Crypto.php">

diff --git a/test/classes/CreateAddFieldTest.php b/test/classes/CreateAddFieldTest.php
@@ -263,7 +263,24 @@ public function providerGetTableCreationQuery(): array
                 ],
             ],
             [
-                'CREATE TABLE `db`.`table` () ENGINE = Inno\\\'DB CHARSET=armscii8 COMMENT = \'my \\\'table\';',
+                'CREATE TABLE `db`.`table` () ENGINE = dummy CHARSET=armscii8 COMMENT = \'my \\\'table\';',
+                'db',
+                'table',
+                [
+                    'field_name' => [],
+                    'primary_indexes' => '{}',
+                    'indexes' => '{}',
+                    'unique_indexes' => '{}',
+                    'fulltext_indexes' => '{}',
+                    'spatial_indexes' => '{}',
+                    'tbl_storage_engine' => 'dummy',
+                    'tbl_collation' => 'armscii8',
+                    'connection' => 'aaaa',
+                    'comment' => 'my \'table',
+                ],
+            ],
+            [
+                'CREATE TABLE `db`.`table` () CHARSET=armscii8 COMMENT = \'my \\\'table\';',
                 'db',
                 'table',
                 [