Merge pull request #2570 from rodrigoprimo/prepared-sql-fix-false-positive

DB/PreparedSQL: fix false positives with case-insensitive function names

Author: dingo-d

WordPress/Sniffs/DB/PreparedSQLSniff.php

@@ -207,10 +207,11 @@ static function ( $symbol ) {
 			}
 
 			if ( \T_STRING === $this->tokens[ $this->i ]['code'] ) {
+				$content_lowercase = strtolower( $this->tokens[ $this->i ]['content'] );
 
 				if (
-					isset( $this->SQLEscapingFunctions[ $this->tokens[ $this->i ]['content'] ] )
-					|| isset( $this->SQLAutoEscapedFunctions[ $this->tokens[ $this->i ]['content'] ] )
+					isset( $this->SQLEscapingFunctions[ $content_lowercase ] )
+					|| isset( $this->SQLAutoEscapedFunctions[ $content_lowercase ] )
 				) {
 
 					// Find the opening parenthesis.

WordPress/Tests/DB/PreparedSQLUnitTest.1.inc

@@ -30,7 +30,7 @@ $all_post_meta = $wpdb->get_results( $wpdb->prepare( sprintf(
 ), $post_ids ) );
 
 $wpdb->query( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . esc_sql( $foo ) . "';" ); // Ok.
-$wpdb->query( "SELECT * FROM $wpdb->posts WHERE ID = " . absint( $foo ) . ";" ); // Ok.
+$wpdb->query( "SELECT * FROM $wpdb->posts WHERE ID = " . ABSINT( $foo ) . ";" ); // Ok.
 
 // Test multi-line strings.
 $all_post_meta = $wpdb->get_results( $wpdb->prepare( sprintf(
@@ -79,7 +79,7 @@ $all_post_meta = $wpdb->get_results( $wpdb->prepare( sprintf( <<<'ND'
 		AND `post_id` IN (%s)
 ND
 	, $wpdb->postmeta,
-	IMPLODE( ',', array_fill( 0, count( $post_ids ), '%d' ) )
+	IMPLODE( ',', array_fill( 0, COUNT( $post_ids ), '%d' ) )
 ), $post_ids ) ); // OK.
 
 wpdb::prepare( "SELECT * FROM $wpdb?->posts WHERE post_title LIKE '" . foo() . "';" ); // Bad.