Implement support for NO_BACKSLASH_ESCAPES SQL mode

Author: JanJakes

tests/WP_SQLite_Driver_Tests.php

@@ -4703,4 +4703,233 @@ public function testAlterTableDuplicateKeyNameWithUnique(): void {
 		$this->assertSame( "SQLSTATE[42000]: Syntax error or access violation: 1061 Duplicate key name 'idx'", $exception->getMessage() );
 		$this->assertSame( '42S21', $exception->getCode() );
 	}
+
+	public function testNoBackslashEscapesSqlMode(): void {
+		$backslash = chr( 92 );
+
+		$query = "SELECT
+			''''                       AS value_1,
+			'{$backslash}\"'           AS value_2,
+			'{$backslash}0'            AS value_3,
+			'{$backslash}n'            AS value_4,
+			'{$backslash}r'            AS value_5,
+			'{$backslash}t'            AS value_6,
+			'{$backslash}b'            AS value_7,
+			'{$backslash}{$backslash}' AS value_8,
+			'🙂'                        AS value_9,
+			'{$backslash}🙂'            AS value_10,
+			'{$backslash}%'            AS value_11,
+			'{$backslash}_'            AS value_12
+		";
+
+		// With NO_BACKSLASH_ESCAPES disabled:
+		$this->assertQuery( "SET SESSION sql_mode = ''" );
+		$result = $this->assertQuery( $query );
+		$this->assertSame( chr( 39 ), $result[0]->value_1 ); // single quote
+		$this->assertSame( chr( 34 ), $result[0]->value_2 ); // double quote
+		$this->assertSame( chr( 0 ), $result[0]->value_3 );  // ASCII NULL
+		$this->assertSame( chr( 10 ), $result[0]->value_4 ); // newline
+		$this->assertSame( chr( 13 ), $result[0]->value_5 ); // carriage return
+		$this->assertSame( chr( 9 ), $result[0]->value_6 );  // tab
+		$this->assertSame( chr( 8 ), $result[0]->value_7 );  // backspace
+		$this->assertSame( chr( 92 ), $result[0]->value_8 ); // backslash
+		$this->assertSame( '🙂', $result[0]->value_9 );
+		$this->assertSame( '🙂', $result[0]->value_10 );
+
+		// Characters "%" and "_" follow special escaping rules. Escape sequences
+		// "\%" and "\_" preserve the backslash so it can be used in some contexts.
+		$this->assertSame( $backslash . '%', $result[0]->value_11 );
+		$this->assertSame( $backslash . '_', $result[0]->value_12 );
+
+		// With NO_BACKSLASH_ESCAPES enabled:
+		$this->assertQuery( "SET SESSION sql_mode = 'NO_BACKSLASH_ESCAPES'" );
+		$result = $this->assertQuery( $query );
+		$this->assertSame( "'", $result[0]->value_1 );
+		$this->assertSame( $backslash . '"', $result[0]->value_2 );
+		$this->assertSame( $backslash . '0', $result[0]->value_3 );
+		$this->assertSame( $backslash . 'n', $result[0]->value_4 );
+		$this->assertSame( $backslash . 'r', $result[0]->value_5 );
+		$this->assertSame( $backslash . 't', $result[0]->value_6 );
+		$this->assertSame( $backslash . 'b', $result[0]->value_7 );
+		$this->assertSame( $backslash . $backslash, $result[0]->value_8 );
+		$this->assertSame( '🙂', $result[0]->value_9 );
+		$this->assertSame( $backslash . '🙂', $result[0]->value_10 );
+		$this->assertSame( $backslash . '%', $result[0]->value_11 );
+		$this->assertSame( $backslash . '_', $result[0]->value_12 );
+	}
+
+	public function testNoBackslashEscapesSqlModeWithPatternMatching(): void {
+		$backslash = chr( 92 );
+
+		$this->assertQuery( 'CREATE TABLE t (id INT PRIMARY KEY AUTO_INCREMENT, value TEXT)' );
+		$this->assertQuery( "INSERT INTO t (value) VALUES ('abc')" );
+		$this->assertQuery( "INSERT INTO t (value) VALUES ('abc_')" );
+		$this->assertQuery( "INSERT INTO t (value) VALUES ('abc%')" );
+		$this->assertQuery( "INSERT INTO t (value) VALUES ('abc{$backslash}{$backslash}x')" ); // abc\x
+
+		/*
+		 * 1. With NO_BACKSLASH_ESCAPES disabled:
+		 *
+		 * Backslashes serve as special escape characters on two levels:
+		 *
+		 *   1. In MySQL string literals.
+		 *   2. In LIKE patterns.
+		 *
+		 * Additionally, "\_" and "\%" sequences preserve the backslash in MySQL
+		 * string literals, making them equivalent to "\\_" and "\\%" sequences.
+		 *
+		 * Here's what that does to some escape sequences:
+		 *
+		 *   "\_"
+		 *      1) String literal resolves to:   "\_" sequence
+		 *      2) Pattern matching resolves to: "_" character
+		 *
+		 *   "\\_"
+		 *      1) String literal resolves to:   "\_" sequence
+		 *      2) Pattern matching resolves to: "_" character
+		 *
+		 *   "\\\_"
+		 *      1) String literal resolves to:   "\\_" sequence
+		 *      2) Pattern matching resolves to: "\" character + "_" wildcard
+		 *
+		 *   "\\\\_"
+		 *      1) String literal resolves to:   "\\_" sequence
+		 *      2) Pattern matching resolves to: "\" character + "_" wildcard
+		 *
+		 * The same rules applies to the "%" character.
+		 */
+		$this->assertQuery( "SET SESSION sql_mode = ''" );
+
+		// A "_" = a wildcard:
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc_' ORDER BY id" );
+		$this->assertCount( 2, $result );
+		$this->assertSame( 'abc_', $result[0]->value );
+		$this->assertSame( 'abc%', $result[1]->value );
+
+		// A "\_" sequence = the "_" character:
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc{$backslash}_'" );
+		$this->assertCount( 1, $result );
+		$this->assertSame( 'abc_', $result[0]->value );
+
+		// A "\\_" sequence = the "_" character:
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc{$backslash}{$backslash}_'" );
+		$this->assertCount( 1, $result );
+		$this->assertSame( 'abc_', $result[0]->value );
+
+		// A "\\\_" sequence = the "\" character and a wildcard:
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc{$backslash}{$backslash}{$backslash}_'" );
+		$this->assertCount( 1, $result );
+		$this->assertSame( "abc{$backslash}x", $result[0]->value );
+
+		// A "\\\\_" sequence = the "\" character and a wildcard:
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc{$backslash}{$backslash}{$backslash}{$backslash}_'" );
+		$this->assertCount( 1, $result );
+		$this->assertSame( "abc{$backslash}x", $result[0]->value );
+
+		// A "\\\\\_" sequence = the "\" character and the "_" character:
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc{$backslash}{$backslash}{$backslash}{$backslash}{$backslash}_'" );
+		$this->assertCount( 0, $result );
+
+		// A "%" = a wildcard:
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc%' ORDER BY id" );
+		$this->assertCount( 4, $result );
+		$this->assertSame( 'abc', $result[0]->value );
+		$this->assertSame( 'abc_', $result[1]->value );
+		$this->assertSame( 'abc%', $result[2]->value );
+		$this->assertSame( "abc{$backslash}x", $result[3]->value );
+
+		// A "\%" sequence = the "%" character:
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc{$backslash}%'" );
+		$this->assertCount( 1, $result );
+		$this->assertSame( 'abc%', $result[0]->value );
+
+		// A "\\%" sequence = the "%" character:
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc{$backslash}{$backslash}%'" );
+		$this->assertCount( 1, $result );
+		$this->assertSame( 'abc%', $result[0]->value );
+
+		// A "\\\%" sequence = the "\" character and a wildcard:
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc{$backslash}{$backslash}{$backslash}%'" );
+		$this->assertCount( 1, $result );
+		$this->assertSame( "abc{$backslash}x", $result[0]->value );
+
+		// A "\\\\%" sequence = the "\" character and a wildcard:
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc{$backslash}{$backslash}{$backslash}{$backslash}%'" );
+		$this->assertCount( 1, $result );
+		$this->assertSame( "abc{$backslash}x", $result[0]->value );
+
+		// A "\\\\\%" sequence = the "\" character and the "%" character:
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc{$backslash}{$backslash}{$backslash}{$backslash}{$backslash}%'" );
+		$this->assertCount( 0, $result );
+
+		// A "\x" sequence = the "x" character:
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc{$backslash}x'" );
+		$this->assertCount( 0, $result );
+
+		// A "\\x" sequence = the "x" character:
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc{$backslash}{$backslash}x'" );
+		$this->assertCount( 0, $result );
+
+		// A "\\\x" sequence = the "x" character:
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc{$backslash}{$backslash}{$backslash}x'" );
+		$this->assertCount( 0, $result );
+
+		// A "\\\\x" sequence = the "\" character and the "x" character:
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc{$backslash}{$backslash}{$backslash}{$backslash}x'" );
+		$this->assertCount( 1, $result );
+		$this->assertSame( "abc{$backslash}x", $result[0]->value );
+
+		/*
+		 * 2. With NO_BACKSLASH_ESCAPES enabled:
+		 *
+		 * Backslashes don't serve as special escape characters at all:
+		 *
+		 *   1. No special meaning in MySQL string literals.
+		 *   2. No special meaning in LIKE patterns.
+		 *      This can be overriden using the "ESCAPE ..." clause of the LIKE
+		 *      expression. This is not implemented in the SQLite driver yet.
+		 */
+		$this->assertQuery( "SET SESSION sql_mode = 'NO_BACKSLASH_ESCAPES'" );
+
+		// A "_" = a wildcard:
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc_' ORDER BY id" );
+		$this->assertCount( 2, $result );
+		$this->assertSame( 'abc_', $result[0]->value );
+		$this->assertSame( 'abc%', $result[1]->value );
+
+		// A "\_" sequence = the "\" character and a wildcard:
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc{$backslash}_'" );
+		$this->assertCount( 1, $result );
+		$this->assertSame( "abc{$backslash}x", $result[0]->value );
+
+		// A "\\_" sequence = two "\" characters and a wildcard:
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc{$backslash}{$backslash}_'" );
+		$this->assertCount( 0, $result );
+
+		// A "%" = a wildcard:
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc%' ORDER BY id" );
+		$this->assertCount( 4, $result );
+		$this->assertSame( 'abc', $result[0]->value );
+		$this->assertSame( 'abc_', $result[1]->value );
+		$this->assertSame( 'abc%', $result[2]->value );
+		$this->assertSame( "abc{$backslash}x", $result[3]->value );
+
+		// A "\%" sequence = the "\" character and a wildcard.
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc{$backslash}%'" );
+		$this->assertCount( 1, $result );
+		$this->assertSame( "abc{$backslash}x", $result[0]->value );
+
+		// A "\\%" sequence = two "\" characters and a wildcard.
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc{$backslash}{$backslash}%'" );
+		$this->assertCount( 0, $result );
+
+		// A "\x" sequence = the "\" and the "x" character.
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc{$backslash}x'" );
+		$this->assertCount( 1, $result );
+		$this->assertSame( "abc{$backslash}x", $result[0]->value );
+
+		// A "\\x" sequence = two "\" characters and the "x" character.
+		$result = $this->assertQuery( "SELECT value FROM t WHERE value LIKE 'abc{$backslash}{$backslash}x'" );
+		$this->assertCount( 0, $result );
+	}
 }

wp-includes/mysql/class-wp-mysql-lexer.php

@@ -2130,7 +2130,7 @@ class WP_MySQL_Lexer {
 	 *
 	 * @var int
 	 */
-	private $sql_modes;
+	private $sql_modes = 0;
 
 	/**
 	 * How many bytes from the original SQL payload have been read and tokenized.
@@ -2181,16 +2181,28 @@ class WP_MySQL_Lexer {
 	/**
 	 * @param string $sql The SQL payload to tokenize.
 	 * @param int $mysql_version The version of the MySQL server that the SQL payload is intended for.
-	 * @param int $sql_modes The SQL modes that should be considered active during tokenization.
+	 * @param string[] $sql_modes The SQL modes that should be considered active during tokenization.
 	 */
 	public function __construct(
 		string $sql,
 		int $mysql_version = 80038,
-		int $sql_modes = 0
+		array $sql_modes = array()
 	) {
 		$this->sql           = $sql;
 		$this->mysql_version = $mysql_version;
-		$this->sql_modes     = $sql_modes;
+
+		foreach ( $sql_modes as $sql_mode ) {
+			$sql_mode = strtoupper( $sql_mode );
+			if ( 'HIGH_NOT_PRECEDENCE' === $sql_mode ) {
+				$this->sql_modes |= self::SQL_MODE_HIGH_NOT_PRECEDENCE;
+			} elseif ( 'PIPES_AS_CONCAT' === $sql_mode ) {
+				$this->sql_modes |= self::SQL_MODE_PIPES_AS_CONCAT;
+			} elseif ( 'IGNORE_SPACE' === $sql_mode ) {
+				$this->sql_modes |= self::SQL_MODE_IGNORE_SPACE;
+			} elseif ( 'NO_BACKSLASH_ESCAPES' === $sql_mode ) {
+				$this->sql_modes |= self::SQL_MODE_NO_BACKSLASH_ESCAPES;
+			}
+		}
 	}
 
 	/**
@@ -2251,7 +2263,8 @@ public function get_token(): ?WP_MySQL_Token {
 			$this->token_type,
 			$this->token_starts_at,
 			$this->bytes_already_read - $this->token_starts_at,
-			$this->sql
+			$this->sql,
+			$this->is_sql_mode_active( self::SQL_MODE_NO_BACKSLASH_ESCAPES )
 		);
 	}
 

wp-includes/mysql/class-wp-mysql-token.php

@@ -7,6 +7,33 @@
  * and consumed by WP_MySQL_Parser during the parsing process.
  */
 class WP_MySQL_Token extends WP_Parser_Token {
+	/**
+	 * Whether the NO_BACKSLASH_ESCAPES SQL mode is enabled.
+	 *
+	 * @var bool
+	 */
+	private $sql_mode_no_backslash_escapes_enabled;
+
+	/**
+	 * Constructor.
+	 *
+	 * @param int    $id                                    Token type.
+	 * @param int    $start                                 Byte offset in the input where the token begins.
+	 * @param int    $length                                Byte length of the token in the input.
+	 * @param string $input                                 Input bytes from which the token was parsed.
+	 * @param bool   $sql_mode_no_backslash_escapes_enabled Whether the NO_BACKSLASH_ESCAPES SQL mode is enabled.
+	 */
+	public function __construct(
+		int $id,
+		int $start,
+		int $length,
+		string $input,
+		bool $sql_mode_no_backslash_escapes_enabled
+	) {
+		parent::__construct( $id, $start, $length, $input );
+		$this->sql_mode_no_backslash_escapes_enabled = $sql_mode_no_backslash_escapes_enabled;
+	}
+
 	/**
 	 * Get the name of the token.
 	 *
@@ -40,6 +67,15 @@ public function get_value(): string {
 			$quote = $value[0];
 			$value = substr( $value, 1, -1 );
 
+			/*
+			 * When the NO_BACKSLASH_ESCAPES SQL mode is enabled, we only need to
+			 * handle escaped bounding quotes, as the other characters preserve
+			 * their literal values.
+			 */
+			if ( $this->sql_mode_no_backslash_escapes_enabled ) {
+				return str_replace( $quote . $quote, $quote, $value );
+			}
+
 			/**
 			 * Unescape MySQL escape sequences.
 			 *
@@ -58,8 +94,6 @@ public function get_value(): string {
 			 * Despite looking similar, these rules are different from the C-style
 			 * string escaping, so we cannot use "strip(c)slashes()" in this case.
 			 *
-			 * @TODO: Handle NO_BACKSLASH_ESCAPES SQL mode.
-			 *
 			 * See: https://dev.mysql.com/doc/refman/8.4/en/string-literals.html
 			 */
 			$backslash    = chr( 92 );

wp-includes/sqlite-ast/class-wp-sqlite-driver.php

@@ -691,7 +691,11 @@ public function query( string $query, $fetch_mode = PDO::FETCH_OBJ, ...$fetch_mo
 	 * @return WP_MySQL_Parser        A parser initialized for the MySQL query.
 	 */
 	public function create_parser( string $query ): WP_MySQL_Parser {
-		$lexer  = new WP_MySQL_Lexer( $query );
+		$lexer  = new WP_MySQL_Lexer(
+			$query,
+			80038,
+			$this->active_sql_modes
+		);
 		$tokens = $lexer->remaining_tokens();
 		return new WP_MySQL_Parser( self::$mysql_grammar, $tokens );
 	}
@@ -2508,7 +2512,11 @@ private function translate_like( WP_Parser_Node $node ): string {
 		 * We'll probably need to overload the like() function:
 		 *   https://www.sqlite.org/lang_corefunc.html#like
 		 */
-		return $this->translate_sequence( $node->get_children() ) . " ESCAPE '\\'";
+		$statement = $this->translate_sequence( $node->get_children() );
+		if ( $this->is_sql_mode_active( 'NO_BACKSLASH_ESCAPES' ) ) {
+			return $statement;
+		}
+		return $statement . " ESCAPE '\\'";
 	}
 
 	/**