search

impress-org / givewp

GiveWP - The #1 Donation Plugin for WordPress. Easily accept donations and fundraise using your WordPress website.
https://givewp.com/
GNU General Public License v3.0
345 stars 191 forks source link

WordPress 6.1 should not cause SQL syntax errors #6572

Closed canny[bot] closed 2 years ago

canny[bot] commented 2 years ago

Details

Upon updating to WordPress 6.1, the following error message displays:

WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'give_donor_address'%' AND donor_id=791' at line 3] SELECT meta_key, meta_value FROM wp_give_donormeta WHERE meta_key LIKE '%'give_donor_address'%' AND donor_id=791

Steps to Reproduce

System Information

Details ### WordPress Environment ### Home URL: https://disturbedgharial.build067.wpsandbox.app Site URL: https://disturbedgharial.build067.wpsandbox.app WP Version: 6.1-RC1-54503 WP Multisite: – WP Memory Limit: 2 GB WP Debug Mode: ✔ WP Cron: ✔ Language: en_US Permalink Structure: /%postname%/ Show on Front: posts Table Prefix Length: wp_ Table Prefix Length: 3 Table Prefix Status: Acceptable Admin AJAX: Accessible Registered Post Statuses: publish, future, draft, pending, private, trash, auto-draft, inherit, request-pending, request-confirmed, request-failed, request-completed, refunded, failed, revoked, cancelled, abandoned, processing, preapproval, give_subscription ### Server Environment ### Hosting Provider: DBH: gpc067-db1-int, SRV: disturbedgharial.build067.wpsandbox.app TLS Connection: Connection uses TLS 1.2 TLS Connection: Bad Server Info: Apache PHP Version: 7.4.30 PHP Post Max Size: 2 GB PHP Time Limit: 600 PHP Max Input Vars: 16384 PHP Max Upload Size: 2 GB cURL Version: ❌ 7.29.0, NSS/3.53.1 - We recommend a minimum cURL version of 7.40. SUHOSIN Installed: – Default Timezone is UTC: ✔ fsockopen/cURL: ✔ SoapClient: ✔ DOMDocument: ✔ gzip: ✔ GD Graphics Library: ✔ Multibyte String: ✔ Remote Post: ✔ Remote Get: ✔ ### GiveWP Configuration ### GiveWP Version: 2.22.1 GiveWP Cache: Enabled Database Updates: All DB Updates Completed. Database Updates: All Database Migrations Completed. Database Tables: ✔ wp_give_donors✔ wp_give_donormeta✔ wp_give_comments✔ wp_give_commentmeta✔ wp_give_sessions✔ wp_give_formmeta✔ wp_give_sequential_ordering✔ wp_give_donationmeta✔ wp_give_revenue✔ wp_give_migrations✔ wp_give_log GiveWP Cache: Enabled GiveWP Cache: ✔New Donation✔Donation Receipt✔New Offline Donation✔Offline Donation Instructions✔New User Registration✔User Registration Information✔Donation Note✔Email access❌Renewal Receipt Email❌Admin Renewal Receipt Email❌Subscription Cancelled Email❌Admin Subscription Cancelled Email❌Subscription Completed Email❌Subscription Reminder Email✔Subscriptions Email Access✔Subscription Payment Failed Email Upgraded From: 2.22.1 Test Mode: Enabled Currency Code: USD Currency Position: Before Decimal Separator: . Thousands Separator: , Success Page: https://disturbedgharial.build067.wpsandbox.app/donation-confirmation/ Failure Page: https://disturbedgharial.build067.wpsandbox.app/donation-failed/ Donation History Page: https://disturbedgharial.build067.wpsandbox.app/donor-dashboard/ GiveWP Forms Slug: /donations/ Enabled Payment Gateways: Test Donation, Offline Donation, Stripe - Credit Card, Stripe - Checkout, PayPal Standard, PayPal Donations, Authorize.net, Stripe + Plaid, Authorize.net eCheck (ACH) Default Payment Gateway: Test Donation PayPal IPN Notifications: IPN received for #213 ( 0HH35786HF818283H ) on 06/20/2022 at 06:16. Status VERIFIED Donor Email Access: Enabled Stripe Webhook Notifications: July 6, 2022 12:17 pm ### Active GiveWP Add-ons ### Give - Authorize.net Gateway: ❌ Unlicensed – by GiveWP – 1.5.1 Give - Form Field Manager: ❌ Unlicensed – by GiveWP – 2.0.3 Give - Per Form Gateways: ❌ Unlicensed – by GiveWP – 1.0.2 Give - Recurring Donations: ❌ Unlicensed – by GiveWP – 1.15.0 Give - Stripe Gateway: ❌ Unlicensed – by GiveWP – 2.4.1 ### Other Active Plugins ### Email Log: by Sudar – 2.4.8 SQL Buddy: by Delicious Brains – 1.0.0 WordPress Beta Tester: by Peter Westwood, Andy Fragen – 3.2.2 WP Migrate: by Delicious Brains – 2.4.0 ### Inactive Plugins ### Akismet Anti-Spam: by Automattic – 5.0.1 Give - Fee Recovery: by GiveWP – 1.9.7 Hello Dolly: by Matt Mullenweg – 1.7.2 ### Active MU Plugins ### WP Migrate DB Pro Compatibility: by Delicious Brains – 1.2 WP Sandbox: by StellarWP – 2.1.3 ### Theme ### Name: Kadence Version: 1.1.30 Author URL: https://www.kadencewp.com/ Child Theme: No – If you're modifying GiveWP on a parent theme you didn't build personally, then we recommend using a child theme. See: How to Create a Child Theme

Acceptance Criteria

canny[bot] commented 2 years ago

This issue has been linked to a Canny post: WordPress 6.1 produces warning :tada:

kjohnson commented 2 years ago

It looks like the issue is related to how we are building the LIKE clause, which should be passed in as an argument and not concatenated in the query.

While this was not an issue before, recent changes in 6.1-beta3 seem to highlight this issue.

Literal percentage signs (%) in the query string must be written as %%. Percentage wildcards (for example, to use in LIKE syntax) must be passed via a substitution argument containing the complete LIKE string, these cannot be inserted directly in the query string.

See https://developer.wordpress.org/reference/classes/wpdb/prepare/

kjohnson commented 2 years ago

The double percent is used to escape the literal percent when writing the LIKE directly, which has been a requirement since the beginning (as far as I know).

Example: LIKE '%%give%%

The correct way to use a dynamic LIKE expression is to include the percent in the string being dynamically added.

Example: $like = '%give%'

Both of these result in a query including LIKE '%give%'.

This is so regardless of the WordPress version. What we were doing was trying to combine the two methods above, which was never supported but did work up until the changes in 6.1-beta3.