Database configuration and migration

[JanJakes]

This PR extracts existing SQLite database configuration to a WP_SQLite_Configurator and implements WP_SQLite_Information_Schema_Reconstructor with the ability to backfill missing table data in information schema.

How it works:

1. The configurator checks the SQLite driver version against a version stored in the database, and if the driver is ahead, it will execute the database (re)configuration (see WP_SQLite_Configurator::ensure_database_configured()), while acquiring an EXCLUSIVE lock to prevent race conditions (multiple requests triggering the same migration).
2. When the configurator runs, it ensures that any internal tables are created (global variables, information schema), and then it proceeds to the WP_SQLite_Information_Schema_Reconstructor.
3. The reconstructor then compares existing SQLite tables against tables recorded in the information schema, backfills those that are missing, and removes those that no longer exist.
4. To backfill a table when in WordPress, and it is a WordPress table, the definition is taken from wp_get_db_schema().
5. To backfill a non-WordPress table, the information schema data is derived from _mysql_data_types_cache, if it exists, otherwise directly from the SQLite schema using SQLite column affinity rules.

[adamziel]

Great start! And also a good idea to use a cascade of data sources for backfilling. There's some more way to go, though — I've commented on a bunch of potential issues

[adamziel]

What do you think about this slightly longer name?

Suggested change

	name: Verify that plugin version matches SQLITE_DRIVER_VERSION constant
	name: Assert the WordPress plugin header declares the same version as the SQLITE_DRIVER_VERSION constant

[adamziel]

Maybe we don't need to support that:

• $wpdb uses mysqli_query
• mysqli_query doc page says "mysqli::query -- mysqli_query — Performs a query on the database"
• There'e a separate mysqli_multi_query function to run more than one query.

Does this mean WordPress actually doesn't support multiple queries in here?

Also, dbDelta supports multiple queries by exploding the string by ; 🙈 The query parser would make it much safer once we can contribute to core again. cc @dmsnell

Also, it would be useful to have a first-class API for looping over multiple queries in a string – or even in a stream. It's not for this PR for sure, but it seems like we have all the parts that we need. We'd just need to detect when it fails due to a syntax error vs incomplete input and add a method such as append_bytes() and presto. Then we could just run any, arbitrarily large mysql dump.

[adamziel]

nit: slightly clearer code style

Suggested change

	'@@' . ( $type_token ? "{$type_token->get_value()}." : '' ) . $original_name
	'@@' . ( $type_token ? $type_token->get_value().'' : '' ) . $original_name

[adamziel]

Do we need a state machine for this? Or is this actually this easy for all possible scenarios? E.g. quadruple""""quotes, backslashes without \""NO_BACKSLASH_ESCAPES\"" etc.?

[adamziel]

TIL about ESCAPE

[adamziel]

I'm always nervous about having to remember which calls produce a contextually-safe part of the query and which don't. Is there anything we could do to the name to make this clear? As in get_quoted_table_name or get_escaped_table_name() or so?

Alternatively – and for the future – we might want to consider our own flavor of prepared statements that supports binding table names. But that's way beyond the scope here.

Tangentially related, @dmsnell taught me that backticks can be a part of MySQL tables names! So a table can be called wp_plugin_`meta`_data

[adamziel]

Nice, so much better than what WordPress core does:

https://github.com/ntwb/wordpress/blob/7b037e5d00fd9fdeed6469dea4f92d47c35739bf/src/wp-admin/includes/upgrade.php#L2509

[adamziel]

Ditto my point from earlier about safe vs unsafe inputs. Can we either explicitly quote this, even if we don't have to, just to make tell the future reader "yup, all safe, nothing to look for here"?

[adamziel]

Double quote is a valid part of a table name and perhaps also a key name in SQLite, let's quote eagerly.

sqlite> create table "tricky_""table""_name" (id int);
sqlite> .tables
tricky_"table"_name

[adamziel]

Could this happen in practice? Or should this be an error? I'm worried about converting things like DEFAULT NOW() to DEFAULT "NOW()"

[adamziel]

great documentation

[adamziel]

@dmsnell can you poke any holes in this? We assume everything is UTF-8, and if it isn't then GIGO.

[adamziel]

I think you told me once that double backticks are the only way to escape a backtick so this seems fine. Can we mention that in the docstring with a documentation link? It just looks suspiciously easy and I don't want to mislead anyone in the future into searching for a security issue here.

[adamziel]

Ditto my state machine question from earlier. Should we use the parser for this?

[adamziel]

I left some more notes. We're getting close here. Thank you for persevering @JanJakes! This is the last stretch before we can finally enjoy the new parser everywhere ❤️ I know I'm going deep on a piece of code we only need for a one-off migration, but a) it still matters and b) I think we'll reuse it later on for migrating between the database backends.