Disallow accessing object with reserved prefix

Author: JanJakes

tests/WP_SQLite_Driver_Tests.php

@@ -3893,4 +3893,42 @@ public function testCompoundPrimaryKeyAndAutoincrementNotSupported(): void {
 			'CREATE TABLE t1 (id1 INT AUTO_INCREMENT, id2 INT, PRIMARY KEY(id1, id2))'
 		);
 	}
+
+	/**
+	 * @dataProvider getReservedPrefixTestData
+	 */
+	public function testReservedPrefix( string $query, string $error ): void {
+		$this->expectException( WP_SQLite_Driver_Exception::class );
+		$this->expectExceptionMessage( $error );
+		$this->assertQuery( $query );
+	}
+
+	public function getReservedPrefixTestData(): array {
+		return array(
+			array(
+				'SELECT * FROM _wp_sqlite_t',
+				"Invalid identifier `_wp_sqlite_t`, prefix '_wp_sqlite_' is reserved",
+			),
+			array(
+				'SELECT _wp_sqlite_t FROM t',
+				"Invalid identifier `_wp_sqlite_t`, prefix '_wp_sqlite_' is reserved",
+			),
+			array(
+				'SELECT t._wp_sqlite_t FROM t',
+				"Invalid identifier `t`.`_wp_sqlite_t`, prefix '_wp_sqlite_' is reserved",
+			),
+			array(
+				'CREATE TABLE _wp_sqlite_t (id INT)',
+				"Invalid identifier `_wp_sqlite_t`, prefix '_wp_sqlite_' is reserved",
+			),
+			array(
+				'ALTER TABLE _wp_sqlite_t ADD COLUMN name TEXT',
+				"Invalid identifier `_wp_sqlite_t`, prefix '_wp_sqlite_' is reserved",
+			),
+			array(
+				'DROP TABLE _wp_sqlite_t',
+				"Invalid identifier `_wp_sqlite_t`, prefix '_wp_sqlite_' is reserved",
+			),
+		);
+	}
 }

wp-includes/sqlite-ast/class-wp-sqlite-driver.php

@@ -2060,7 +2060,8 @@ private function translate_qualified_identifier(
 		?WP_Parser_Node $object_node = null,
 		?WP_Parser_Node $child_node = null
 	): string {
-		$parts = array();
+		$parts                = array();
+		$uses_reserved_prefix = false;
 
 		// Database name.
 		$is_information_schema = 'information_schema' === $this->db_name;
@@ -2091,16 +2092,38 @@ private function translate_qualified_identifier(
 				);
 				$parts[]     = $this->information_schema_builder->get_table_name( $object_name );
 			} else {
-				$parts[] = $this->translate( $object_node );
+				$quoted_object_name = $this->translate( $object_node );
+				$object_name        = $this->unquote_sqlite_identifier( $quoted_object_name );
+				if ( str_starts_with( $object_name, self::RESERVED_PREFIX ) ) {
+					$uses_reserved_prefix = true;
+				}
+				$parts[] = $quoted_object_name;
 			}
 		}
 
 		// Object child name (column, index, etc.).
 		if ( null !== $child_node ) {
-			$parts[] = $this->translate( $child_node );
+			$quoted_object_name = $this->translate( $child_node );
+			$object_name        = $this->unquote_sqlite_identifier( $quoted_object_name );
+			if ( str_starts_with( $object_name, self::RESERVED_PREFIX ) ) {
+				$uses_reserved_prefix = true;
+			}
+			$parts[] = $quoted_object_name;
+		}
+
+		$identifier = implode( '.', $parts );
+
+		if ( true === $uses_reserved_prefix ) {
+			throw $this->new_driver_exception(
+				sprintf(
+					"Invalid identifier %s, prefix '%s' is reserved",
+					$identifier,
+					self::RESERVED_PREFIX
+				)
+			);
 		}
 
-		return implode( '.', $parts );
+		return $identifier;
 	}
 
 	/**