search

wp-cli / search-replace-command

Searches/replaces strings in the database.
MIT License
57 stars 45 forks source link

Dangerous bug replaces term with table name #144

Closed hashimaziz1 closed 1 year ago

hashimaziz1 commented 3 years ago

I have some contributors that have a habit of treating post titles as sentences, adding periods at the end of them. I was trying to use wp-cli to strip the titles of these periods, using the following command:

wp search-replace "." "" wp_posts --include-columns="post_title" --verbose

The output was as expected:

Checking: wp_posts.post_title
11 rows affected using SQL (in 0.114s).
+----------+------------+--------------+------+
| Table    | Column     | Replacements | Type |
+----------+------------+--------------+------+
| wp_posts | post_title | 11           | SQL  |
+----------+------------+--------------+------+
Success: Made 11 replacements.

But for some reason the tool decided to ignore the empty replace string and use the table name instead, replacing all periods in post titles with "wp_posts". I can't safely use this tool knowing this limitation with empty values exists, is it ever intended for it to be fixed?

austinginder commented 3 years ago

I'm not able to replicate this bug on my end. Running search and replacements on the database can be dangerous however you can feel confident that what your about to do is what you want by adding flags --dry-run and --log.

wp search-replace "." "" wp_posts --include-columns="post_title" --dry-run --log

This will show you a preview of what's going to happen without making any changes. Here is what that looks like on my end.

wp_posts.post_title:84234
< Vue.JS v3
> VueJS v3
wp_posts.post_title:84310
< Learning Vue.js as a WordPress Developer Part 5 – Dec
> Learning Vuejs as a WordPress Developer Part 5 – Dec
+----------+------------+--------------+------+
| Table    | Column     | Replacements | Type |
+----------+------------+--------------+------+
| wp_posts | post_title | 5859         | SQL  |
+----------+------------+--------------+------+

If that output looks correct then rerun without those additional flags wp search-replace "." "" wp_posts --include-columns="post_title". Hope that helps.

schlessera commented 3 years ago

@Kaos-Industries This is not a problem of WP-CLI, but rather a misinterpretation of the "" value by your shell. This can happen for various reasons depending on the terminal you're using, the IFS settings, etc...

In this case, I assume the quotes were stripped during some shell processing step, so you've sent the following command to WP-CLI:

wp search-replace .  wp_posts --include-columns=post_title --verbose

Note the empty value ends up just being a second space between the . and the wp_posts, so wp_posts then ends up being the second argument (= the replacement value).

Zou can see what WP-CLI received as the command by adding the --debug flag.