Sitemaps: wrap column names in backticks to prevent SQL errors with reserved words#48474
Open
shsajalchowdhury wants to merge 1 commit intoAutomattic:trunkfrom
Open
Conversation
…eserved words When a wp_posts column name matches a MySQL reserved word (e.g. 'order'), the generated SQL query fails. Wrapping column names in backticks ensures compatibility regardless of column names. Fixes Automattic#48202
github-actions
Bot
added
[Feature] Sitemaps
[Plugin] Jetpack
Contributor
|
Thank you for your PR! When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:
This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖 Jetpack plugin: The Jetpack plugin has different release cadences depending on the platform:
If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack. |
github-actions
Bot
added
[Status] Needs Author Reply
jeherve
reviewed
May 4, 2026
Member
jeherve
left a comment
jeherve
left a comment
There was a problem hiding this comment.
There was a proposal for a different approach here:
#48202 (comment)
I would recommend trying this out instead.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #48202
Proposed changes
The
get_sanitized_post_columns()method inJetpack_Sitemap_Librarianreturns column names without backtick quoting. If awp_postscolumn name matches a MySQL reserved word (e.g.order), the generatedSELECTquery fails with a SQL error.This PR wraps each column name in backticks to ensure compatibility regardless of column names.
Before:
Produces:
ID,post_author,post_date,...,order(breaks SQL)After:
Produces:
ID,post_author,post_date,...,order(works correctly)Related product discussion/links
Does this pull request change what data or activity we track or use?
No. This change only affects how SQL column names are quoted in sitemap queries. No data collection, tracking, or privacy-related changes.
Testing instructions
wp_poststable with a MySQL reserved word name (e.g.order):/sitemap.xml).orderis interpreted as the SQLORDERkeyword rather than a column name.`order`.ALTER TABLE wp_posts DROP COLUMNorder;Alternatively, review the code change directly — it adds backtick wrapping to column names in the return value of
get_sanitized_post_columns(), which is used in twoSELECTqueries in the same file.