WPDB: When checking that a string can be sent to MySQL, we shouldn't use mb_convert_encoding(), as it behaves differently to MySQL's character encoding conversion.

Props mdawaffe, pento, nbachiyski, jorbin, johnjamesjacoby, jeremyfelt.

See #32165.



git-svn-id: https://develop.svn.wordpress.org/trunk@32364 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Gary Pendergast
2015-05-06 02:59:50 +00:00
parent 35db6d722b
commit 2ce97b2984
9 changed files with 622 additions and 106 deletions

View File

@@ -2,13 +2,166 @@
/**
* @group compat
* @group security-153
*/
class Tests_Compat extends WP_UnitTestCase {
function test_mb_substr() {
$this->assertEquals('баб', _mb_substr('баба', 0, 3));
$this->assertEquals('баб', _mb_substr('баба', 0, -1));
$this->assertEquals('баб', _mb_substr('баба', 0, -1));
$this->assertEquals('I am your б', _mb_substr('I am your баба', 0, 11));
function utf8_string_lengths() {
return array(
// string, character_length, byte_length
array( 'баба', 4, 8 ),
array( 'баб', 3, 6 ),
array( 'I am your б', 11, 12 ),
array( '1111111111', 10, 10 ),
array( '²²²²²²²²²²', 10, 20 ),
array( '', 10, 30 ),
array( '𝟜𝟜𝟜𝟜𝟜𝟜𝟜𝟜𝟜𝟜', 10, 40 ),
array( '1²𝟜𝟜𝟜', 12, 30 ),
);
}
function utf8_substrings() {
return array(
// string, start, length, character_substring, byte_substring
array( 'баба', 0, 3, 'баб', "б\xD0" ),
array( 'баба', 0, -1, 'баб', "баб\xD0" ),
array( 'баба', 1, null, 'аба', "\xB1аба" ),
array( 'баба', -3, null, 'аба', "\xB1а" ),
array( 'баба', -3, 2, 'аб', "\xB1\xD0" ),
array( 'баба', -1, 2, 'а', "\xB0" ),
array( 'I am your баба', 0, 11, 'I am your б', "I am your \xD0" ),
);
}
/**
* @dataProvider utf8_string_lengths
*/
function test_mb_strlen( $string, $expected_character_length ) {
$this->assertEquals( $expected_character_length, _mb_strlen( $string, 'UTF-8' ) );
}
/**
* @dataProvider utf8_string_lengths
*/
function test_mb_strlen_via_regex( $string, $expected_character_length ) {
_wp_can_use_pcre_u( false );
$this->assertEquals( $expected_character_length, _mb_strlen( $string, 'UTF-8' ) );
_wp_can_use_pcre_u( 'reset' );
}
/**
* @dataProvider utf8_string_lengths
*/
function test_8bit_mb_strlen( $string, $expected_character_length, $expected_byte_length ) {
$this->assertEquals( $expected_byte_length, _mb_strlen( $string, '8bit' ) );
}
/**
* @dataProvider utf8_substrings
*/
function test_mb_substr( $string, $start, $length, $expected_character_substring ) {
$this->assertEquals( $expected_character_substring, _mb_substr( $string, $start, $length, 'UTF-8' ) );
}
/**
* @dataProvider utf8_substrings
*/
function test_mb_substr_via_regex( $string, $start, $length, $expected_character_substring ) {
_wp_can_use_pcre_u( false );
$this->assertEquals( $expected_character_substring, _mb_substr( $string, $start, $length, 'UTF-8' ) );
_wp_can_use_pcre_u( 'reset' );
}
/**
* @dataProvider utf8_substrings
*/
function test_8bit_mb_substr( $string, $start, $length, $expected_character_substring, $expected_byte_substring ) {
$this->assertEquals( $expected_byte_substring, _mb_substr( $string, $start, $length, '8bit' ) );
}
function test_mb_substr_phpcore(){
/* https://github.com/php/php-src/blob/php-5.6.8/ext/mbstring/tests/mb_substr_basic.phpt */
$string_ascii = 'ABCDEF';
$string_mb = base64_decode('5pel5pys6Kqe44OG44Kt44K544OI44Gn44GZ44CCMDEyMzTvvJXvvJbvvJfvvJjvvJnjgII=');
$this->assertEquals( 'DEF', _mb_substr($string_ascii, 3) );
$this->assertEquals( 'DEF', _mb_substr($string_ascii, 3, 5, 'ISO-8859-1') );
// specific latin-1 as that is the default the core php test opporates under
$this->assertEquals( 'peacrOiqng==' , base64_encode( _mb_substr($string_mb, 2, 7, 'latin-1' ) ) );
$this->assertEquals( '6Kqe44OG44Kt44K544OI44Gn44GZ', base64_encode( _mb_substr($string_mb, 2, 7, 'utf-8') ) );
/* https://github.com/php/php-src/blob/php-5.6.8/ext/mbstring/tests/mb_substr_variation1.phpt */
$start = 0;
$length = 5;
$unset_var = 10;
unset ($unset_var);
$heredoc = <<<EOT
hello world
EOT;
$inputs = array(
/*1*/ 0,
1,
12345,
-2345,
// float data
/*5*/ 10.5,
-10.5,
12.3456789000e10,
12.3456789000E-10,
.5,
// null data
/*10*/ NULL,
null,
// boolean data
/*12*/ true,
false,
TRUE,
FALSE,
// empty data
/*16*/ "",
'',
// string data
/*18*/ "string",
'string',
$heredoc,
// object data
/*21*/ new classA(),
// undefined data
/*22*/ @$undefined_var,
// unset data
/*23*/ @$unset_var,
);
$outputs = array(
"0",
"1",
"12345",
"-2345",
"10.5",
"-10.5",
"12345",
"1.234",
"0.5",
"",
"",
"1",
"",
"1",
"",
"",
"",
"strin",
"strin",
"hello",
"Class",
"",
"",
);
$iterator = 0;
foreach($inputs as $input) {
$this->assertEquals( $outputs[$iterator] , _mb_substr($input, $start, $length) );
$iterator++;
}
}
function test_hash_hmac_simple() {
@@ -34,3 +187,10 @@ class Tests_Compat extends WP_UnitTestCase {
$this->assertEquals( array( 'foo' ), $json->decode( '["foo"]' ) );
}
}
/* used in test_mb_substr_phpcore */
class classA {
public function __toString() {
return "Class A object";
}
}