Fix and improve default value formatting

Author: JanJakes

tests/WP_SQLite_Information_Schema_Reconstructor_Tests.php

@@ -265,6 +265,47 @@ public function testDefaultValues(): void {
 		);
 	}
 
+	public function testDefaultValueEscaping(): void {
+		//$this->assertSame("abc". chr( 8 ) . "xyz", "" );
+		$this->engine->get_connection()->query(
+			"
+			CREATE TABLE t (
+				col1 text DEFAULT 'abc''xyz',
+				col2 text DEFAULT 'abc\"xyz',
+				col3 text DEFAULT 'abc`xyz',
+				col4 text DEFAULT 'abc\\xyz',
+				col5 text DEFAULT 'abc\nxyz',
+				col6 text DEFAULT 'abc\rxyz',
+				col7 text DEFAULT 'abc\txyz',
+				col8 text DEFAULT 'abc" . chr( 8 ) . "xyz', -- backspace
+				col9 text DEFAULT 'abc" . chr( 26 ) . "xyz' -- control-Z
+			)
+		"
+		);
+
+		$this->reconstructor->ensure_correct_information_schema();
+		$result = $this->assertQuery( 'SHOW CREATE TABLE t' );
+		$this->assertSame(
+			implode(
+				"\n",
+				array(
+					'CREATE TABLE `t` (',
+					"  `col1` varchar(65535) DEFAULT 'abc''xyz',",
+					"  `col2` varchar(65535) DEFAULT 'abc\"xyz',",
+					"  `col3` varchar(65535) DEFAULT 'abc`xyz',",
+					"  `col4` varchar(65535) DEFAULT 'abc\\\\xyz',",
+					"  `col5` varchar(65535) DEFAULT 'abc\\nxyz',",
+					"  `col6` varchar(65535) DEFAULT 'abc\\rxyz',",
+					"  `col7` varchar(65535) DEFAULT 'abc	xyz',",              // tab is preserved
+					"  `col8` varchar(65535) DEFAULT 'abc" . chr( 8 ) . "xyz',", // backspace is preserved
+					"  `col9` varchar(65535) DEFAULT 'abc" . chr( 26 ) . "xyz'", // control-Z is preserved
+					') ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci',
+				)
+			),
+			$result[0]->{'Create Table'}
+		);
+	}
+
 	private function assertQuery( $sql ) {
 		$retval = $this->engine->query( $sql );
 		$this->assertNotFalse( $retval );

wp-includes/sqlite-ast/class-wp-sqlite-information-schema-builder.php

@@ -1867,8 +1867,8 @@ private function get_value( WP_Parser_Node $node ): string {
 			} elseif ( WP_MySQL_Lexer::SINGLE_QUOTED_TEXT === $child->id ) {
 				$value = $child->get_value();
 				$value = substr( $value, 1, -1 );
-				$value = str_replace( '\"', '"', $value );
-				$value = str_replace( '""', '"', $value );
+				$value = str_replace( "\'", "'", $value );
+				$value = str_replace( "''", "'", $value );
 			} elseif ( WP_MySQL_Lexer::DOUBLE_QUOTED_TEXT === $child->id ) {
 				$value = $child->get_value();
 				$value = substr( $value, 1, -1 );

wp-includes/sqlite-ast/class-wp-sqlite-information-schema-reconstructor.php

@@ -495,10 +495,12 @@ private function generate_column_default( string $mysql_type, ?string $default_v
 		// Quoted string literal. E.g.: 'abc', "abc", `abc`
 		$first_byte = $default_value[0] ?? null;
 		if ( '"' === $first_byte || "'" === $first_byte || '`' === $first_byte ) {
-			return $this->escape_mysql_string_literal( substr( $default_value, 1, -1 ) );
+			$value = substr( $default_value, 1, -1 );
+			$value = str_replace( $first_byte . $first_byte, $first_byte, $value );
+			return $this->format_mysql_string_literal( $value );
 		}
 
-		// Normalize the default value to for easier comparison.
+		// Normalize the default value for easier comparison.
 		$uppercase_default_value = strtoupper( $default_value );
 
 		// NULL, TRUE, FALSE.
@@ -542,7 +544,7 @@ private function generate_column_default( string $mysql_type, ?string $default_v
 		}
 
 		// Unquoted string literal. E.g.: abc
-		return $this->escape_mysql_string_literal( $default_value );
+		return $this->format_mysql_string_literal( $default_value );
 	}
 
 	/**
@@ -642,14 +644,32 @@ private function get_mysql_column_type( string $column_type ): string {
 	}
 
 	/**
-	 * Escape a string literal for MySQL DEFAULT values.
+	 * Format a MySQL string literal for output in a SHOW statement.
+	 *
+	 * We expect UTF-8 strings coming from SQLite. The only characters that need
+	 * to be escaped in a single-quoted string for a UTF-8 MySQL dump are ' and \.
+	 *
+	 * MySQL's SHOW command also escapes \0 (for the mysql CLI), \n (for logs and
+	 * readability), and \r (for readability). Let's these characters as well.
+	 *
+	 * See:
+	 *  - https://github.com/mysql/mysql-server/blob/ff05628a530696bc6851ba6540ac250c7a059aa7/sql/sql_show.cc#L1799
+	 *  - https://github.com/mysql/mysql-server/blob/ff05628a530696bc6851ba6540ac250c7a059aa7/sql/table.cc#L3525
+	 *
+	 * Unfortunately, SQLite doesn't validate the UTF-8 encoding of strings, so
+	 * other byte sequences may come from SQLite as well.
+	 *
+	 * See: https://www.sqlite.org/invalidutf.html
+	 *
+	 * TODO: We may consider stripping invalid UTF-8 characters, but that's likely
+	 *       to be a bigger project, as these can appear also in other contexts.
 	 *
 	 * @param  string $literal The string literal to escape.
 	 * @return string          The escaped string literal.
 	 */
-	private function escape_mysql_string_literal( string $literal ): string {
-		// See: https://www.php.net/manual/en/mysqli.real-escape-string.php
-		return "'" . addcslashes( $literal, "\0\n\r'\"\Z" ) . "'";
+	private function format_mysql_string_literal( string $literal ): string {
+		$value = addcslashes( $literal, "\0\n\r\\" );
+		return "'" . str_replace( "'", "''", $value ) . "'";
 	}
 
 	/**