Quote db name in certain queries. (#13529)

2 files changed, 67 insertions, 2 deletions

diff --git a/core/Db/Schema/Mysql.php b/core/Db/Schema/Mysql.php
index 8e13855932..60048bc30d 100644
--- a/core/Db/Schema/Mysql.php
+++ b/core/Db/Schema/Mysql.php
@@ -396,7 +396,9 @@ class Mysql implements SchemaInterface
             $dbName = $this->getDbName();
         }
 
-        Db::exec("CREATE DATABASE IF NOT EXISTS " . $dbName . " DEFAULT CHARACTER SET utf8");
+        $dbName = str_replace('`', '', $dbName);
+
+        Db::exec("CREATE DATABASE IF NOT EXISTS `" . $dbName . "` DEFAULT CHARACTER SET utf8");
     }
 
     /**
@@ -431,7 +433,8 @@ class Mysql implements SchemaInterface
     public function dropDatabase($dbName = null)
     {
         $dbName = $dbName ?: $this->getDbName();
-        Db::exec("DROP DATABASE IF EXISTS " . $dbName);
+        $dbName = str_replace('`', '', $dbName);
+        Db::exec("DROP DATABASE IF EXISTS `" . $dbName . "`");
     }
 
     /**
diff --git a/tests/PHPUnit/Integration/DbHelperTest.php b/tests/PHPUnit/Integration/DbHelperTest.php
new file mode 100644
index 0000000000..f8268f451c
--- /dev/null
+++ b/tests/PHPUnit/Integration/DbHelperTest.php
@@ -0,0 +1,62 @@
+<?php
+/**
+ * Piwik - free/libre analytics platform
+ *
+ * @link http://piwik.org
+ * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
+ */
+
+namespace Piwik\Tests\Integration;
+
+use Piwik\Db;
+use Piwik\DbHelper;
+use Piwik\Tests\Framework\TestCase\IntegrationTestCase;
+
+class DbHelperTest extends IntegrationTestCase
+{
+    public function setUp()
+    {
+        parent::setUp();
+
+        DbHelper::dropDatabase('newdb; create database anotherdb;');
+        DbHelper::dropDatabase('testdb');
+    }
+
+    public function test_createDatabase_escapesInputProperly()
+    {
+        $dbName = 'newdb`; create database anotherdb;`';
+        DbHelper::createDatabase($dbName);
+
+        $this->assertDbExists($dbName);
+        $this->assertDbNotExists('anotherdb');
+    }
+
+    public function test_dropDatabase_escapesInputProperly()
+    {
+        DbHelper::createDatabase("testdb");
+        $this->assertDbExists('testdb');
+
+        DbHelper::dropDatabase('testdb`; create database anotherdb;`');
+        $this->assertDbExists('testdb');
+        $this->assertDbNotExists('anotherdb');
+    }
+
+    private function assertDbExists($dbName)
+    {
+        $dbs = Db::fetchAll("SHOW DATABASES");
+        $dbs = array_column($dbs, 'Database');
+        $this->assertContains($this->cleanName($dbName), $dbs);
+    }
+
+    private function assertDbNotExists($dbName)
+    {
+        $dbs = Db::fetchAll("SHOW DATABASES");
+        $dbs = array_column($dbs, 'Database');
+        $this->assertNotContains($this->cleanName($dbName), $dbs);
+    }
+
+    private function cleanName($dbName)
+    {
+        return str_replace('`', '', $dbName);
+    }
+}