Harden demo meta installation to avoid SQL syntax errors on activation#568
Conversation
Co-authored-by: Soare-Robert-Daniel <17597852+Soare-Robert-Daniel@users.noreply.github.com>
8537ac7 to
613120c
Compare
There was a problem hiding this comment.
Pull request overview
This PR updates the plugin activation demo-meta seeding to avoid SQL syntax errors caused by raw query string concatenation (e.g., apostrophes in seeded values), by switching to $wpdb->insert and adding basic decoded-data validation.
Changes:
- Replace raw
INSERT ... SETSQL concatenation with$wpdb->insert()using%sformats while skippingproductmeta_id. - Force
productmeta_nameto a fixed demo title to avoid collisions. - Add a guard intended to bail out when the decoded demo JSON is not a usable array.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| $ppom_meta = self::ppom_decode_entities( $ppom_meta ); | ||
|
|
||
| if ( empty( $ppom_meta ) || ! is_array( $ppom_meta ) ) { |
There was a problem hiding this comment.
The new validation is too late to prevent warnings when the JSON is invalid: if json_decode() returns null/false, ppom_decode_entities() is still called with a non-iterable and will trigger a PHP warning in foreach. Validate json_decode()’s return (and ideally json_last_error()) before calling ppom_decode_entities(), or make ppom_decode_entities() safely handle non-array/non-object inputs.
| $ppom_meta = self::ppom_decode_entities( $ppom_meta ); | |
| if ( empty( $ppom_meta ) || ! is_array( $ppom_meta ) ) { | |
| if ( JSON_ERROR_NONE !== json_last_error() || ! is_array( $ppom_meta ) ) { | |
| return; | |
| } | |
| $ppom_meta = self::ppom_decode_entities( $ppom_meta ); | |
| if ( empty( $ppom_meta ) ) { |
| if ( ! empty( $data ) ) { | ||
| $wpdb->insert( $table, $data, $format ); | ||
| } | ||
| } | ||
|
|
||
| update_option( 'ppom_demo_meta_installed', 1 ); |
There was a problem hiding this comment.
ppom_demo_meta_installed is set even if one or more inserts fail (e.g., schema mismatch, missing table, or unknown columns), which can leave the site in a state where demo meta wasn’t installed but future activations won’t retry. Consider tracking insert results (check $wpdb->insert() return value / $wpdb->last_error) and only update the option if all rows were inserted successfully (or at least if one insert succeeded), otherwise bail without setting the flag.
|
@copilot can you fix the PHPCS check and the verifie if the code review is eligible (if yes, you can fix it) |
…o_meta Agent-Logs-Url: https://github.com/Codeinwp/woocommerce-product-addon/sessions/458beb36-d813-49da-b146-cde293b9c3cb Co-authored-by: Soare-Robert-Daniel <17597852+Soare-Robert-Daniel@users.noreply.github.com>
Fixed in c69d895:
Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
|
@copilot can you create a phpunit test for this demo db creation? |
Agent-Logs-Url: https://github.com/Codeinwp/woocommerce-product-addon/sessions/18ed4b12-d03d-44aa-a395-6b2dadc64161 Co-authored-by: Soare-Robert-Daniel <17597852+Soare-Robert-Daniel@users.noreply.github.com>
Added in ece7afc —
|
|
🎉 This PR is included in version 34.0.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
Activation was logging a SQL syntax error because the demo meta insert was built via raw string concatenation; apostrophes in seeded data ("It's a test field") broke the query even though activation succeeded.
INSERT ... SETconstruction with$wpdb->insertusing%sformats, skippingproductmeta_idand forcingproductmeta_nameto the demo title to avoid collisions.json_decode()result andjson_last_error()before callingppom_decode_entities()to prevent PHP warnings on malformed JSON.$insertedcounter soppom_demo_meta_installedis only set when at least one row was successfully inserted, preventing silent failures from blocking future retry attempts.tests/unit/test-demo-meta-install.phpcovering happy path insertion, the already-installed guard,productmeta_nameoverride,productmeta_idnon-reuse, and idempotency.Example: