Database: Ensure MySQL port numbers are numeric in wpdb.

Ensure the database port number is recorded as an integer or `null` (the default port) when parsing the database host. This is to prevent PHP/MySQLi throwing an exception caused by ports represented as numeric strings. Props audrasjb, azouamauriac, chaion07, costdev, johnjamesjacoby, jrf, sergeybiryukov. Fixes #54877. git-svn-id: https://develop.svn.wordpress.org/trunk@53670 602fd350-edb4-49c9-b593-d223f7449a82
2025-10-16 12:05:38 +00:00 · 2022-07-06 05:31:47 +00:00 · 2022-07-06 05:31:47 +00:00 · 0a17a80bcc
commit 0a17a80bcc
parent 5b5c74b904
2 changed files with 50 additions and 6 deletions
--- a/src/wp-includes/wp-db.php
+++ b/src/wp-includes/wp-db.php
@ -2077,6 +2077,9 @@ class wpdb {
 			}
 		}

+		// MySQLi port cannot be a string; must be null or an integer.
+		$port = $port ? absint( $port ) : null;
+
 		return array( $host, $port, $socket, $is_ipv6 );
 	}

--- a/tests/phpunit/tests/db.php
+++ b/tests/phpunit/tests/db.php
@ -1970,6 +1970,7 @@ class Tests_DB extends WP_UnitTestCase {
 	/**
 	 * @dataProvider parse_db_host_data_provider
 	 * @ticket 41722
+	 * @ticket 54877
 	 */
 	public function test_parse_db_host( $host_string, $expect_bail, $host, $port, $socket, $is_ipv6 ) {
 		global $wpdb;
@ -2002,7 +2003,7 @@ class Tests_DB extends WP_UnitTestCase {
 				':3306',
 				false,
 				'',
-				'3306',
+				3306,
 				null,
 				false,
 			),
@ -2030,11 +2031,19 @@ class Tests_DB extends WP_UnitTestCase {
 				null,
 				false,
 			),
+			array(
+				'127.0.0.1:port_as_string',
+				false,
+				'127.0.0.1',
+				null,
+				null,
+				false,
+			),
 			array(
 				'127.0.0.1:3306',
 				false,
 				'127.0.0.1',
-				'3306',
+				3306,
 				null,
 				false,
 			),
@ -2042,7 +2051,7 @@ class Tests_DB extends WP_UnitTestCase {
 				'127.0.0.1:3306:/tmp/mysql:with_colon.sock',
 				false,
 				'127.0.0.1',
-				'3306',
+				3306,
 				'/tmp/mysql:with_colon.sock',
 				false,
 			),
@ -2054,11 +2063,19 @@ class Tests_DB extends WP_UnitTestCase {
 				null,
 				false,
 			),
+			array(
+				'example.com:port_as_string',
+				false,
+				'example.com',
+				null,
+				null,
+				false,
+			),
 			array(
 				'example.com:3306',
 				false,
 				'example.com',
-				'3306',
+				3306,
 				null,
 				false,
 			),
@ -2070,6 +2087,14 @@ class Tests_DB extends WP_UnitTestCase {
 				null,
 				false,
 			),
+			array(
+				'localhost:port_as_string',
+				false,
+				'localhost',
+				null,
+				null,
+				false,
+			),
 			array(
 				'localhost:/tmp/mysql.sock',
 				false,
@ -2086,6 +2111,14 @@ class Tests_DB extends WP_UnitTestCase {
 				'/tmp/mysql:with_colon.sock',
 				false,
 			),
+			array(
+				'localhost:port_as_string:/tmp/mysql:with_colon.sock',
+				false,
+				'localhost',
+				null,
+				'/tmp/mysql:with_colon.sock',
+				false,
+			),
 			array(
 				'0000:0000:0000:0000:0000:0000:0000:0001',
 				false,
@ -2114,7 +2147,15 @@ class Tests_DB extends WP_UnitTestCase {
 				'[::1]:3306',
 				false,
 				'::1',
-				'3306',
+				3306,
+				null,
+				true,
+			),
+			array(
+				'[::1]:port_as_string',
+				false,
+				'::1',
+				null,
 				null,
 				true,
 			),
@ -2122,7 +2163,7 @@ class Tests_DB extends WP_UnitTestCase {
 				'[::1]:3306:/tmp/mysql:with_colon.sock',
 				false,
 				'::1',
-				'3306',
+				3306,
 				'/tmp/mysql:with_colon.sock',
 				true,
 			),