@@ -202,11 +202,18 @@ private function get_wp_create_table_statements(): array {
202202
203203 $ create_node$ astget_first_descendant_node ( 'createStatement ' );
204204 if ( $ create_node$ create_nodehas_child_node ( 'createTable ' ) ) {
205- $ name_node$ create_nodeget_first_descendant_node ( 'tableName ' );
206- $ name$ this unquote_mysql_identifier (
207- substr ( $ schema$ name_nodeget_start (), $ name_nodeget_length () )
208- );
209-
205+ $ name_node$ create_nodeget_first_descendant_node ( 'tableName ' );
206+ $ name_valuesubstr ( $ schema$ name_nodeget_start (), $ name_nodeget_length () );
207+
208+ /*
209+ * Unquote the table name.
210+ *
211+ * For WordPress Core tables, this naive approach is sufficient,
212+ * as WordPress doesn't use any special characters in table names,
213+ * nor does it allow them in the WPDB prefix, in order to permit
214+ * inlining them in SQL, such as "SELECT * FROM {$wpdb->blogs}".
215+ */
216+ $ nametrim ( $ name_value'`" ' );
210217 $ wp_tables$ name$ create_node
211218 }
212219 }
@@ -651,21 +658,4 @@ private function escape_mysql_string_literal( string $literal ): string {
651658 // See: https://www.php.net/manual/en/mysqli.real-escape-string.php
652659 return "' " . addcslashes ( $ literal"\0\n\r' \"\Z " ) . "' " ;
653660 }
654-
655- /**
656- * Unquote a quoted MySQL identifier.
657- *
658- * Remove bounding quotes and replace escaped quotes with their values.
659- *
660- * @param string $quoted_identifier The quoted identifier value.
661- * @return string The unquoted identifier value.
662- */
663- private function unquote_mysql_identifier ( string $ quoted_identifierstring {
664- $ first_byte$ quoted_identifier0 ] ?? null ;
665- if ( '" ' === $ first_byte'` ' === $ first_byte
666- $ unquotedsubstr ( $ quoted_identifier1 , -1 );
667- return str_replace ( $ first_byte$ first_byte$ first_byte$ unquoted
668- }
669- return $ quoted_identifier
670- }
671661}
0 commit comments