Skip to content

Support the --ssl and --skip-ssl flags in wp db import#332

Merged
swissspidy merged 1 commit into
wp-cli:mainfrom
TowyTowy:fix/218-db-import-ssl-flag
Jul 10, 2026
Merged

Support the --ssl and --skip-ssl flags in wp db import#332
swissspidy merged 1 commit into
wp-cli:mainfrom
TowyTowy:fix/218-db-import-ssl-flag

Conversation

@TowyTowy

Copy link
Copy Markdown
Contributor

Fixes #218

Problem

wp db import --ssl silently ignores the flag and connects without SSL, producing confusing errors such as:

Error: Failed to get current SQL modes. Reason: ERROR 1045 (28000):
Access denied for user 'dbuser'@'127.0.0.1' (using password: YES)

whereas wp db cli --ssl connects correctly.

Root cause

Commands that build their MySQL invocation via DB_Command::get_mysql_args() (wp db import, wp db query) filter their associative arguments against an allow-list of valid MySQL client options. wp db cli instead passes arguments straight through, which is why it already honours --ssl.

The allow-list already contains ssl-mode and every ssl-* certificate option but is missing the plain on/off toggles ssl and skip-ssl, so those flags are dropped before reaching the client. (Diagnosis matches @danielbachhuber's earlier comment on the issue.)

Fix

Add ssl and skip-ssl to $allowed_mysql_options so both are forwarded to the MySQL/MariaDB client, giving wp db import/wp db query parity with wp db cli. --skip-ssl is included because it is the direct disable counterpart, is likewise missing, and was requested by multiple users in the issue thread.

Testing

Adds a Behat scenario asserting the --ssl flag now appears in the final MySQL command emitted by wp db import. (Requires the MySQL/MariaDB test environment.) Also verified directly via reflection against the patched get_mysql_args(): before the change ssl/skip-ssl are dropped, after they pass through while a bogus flag is still filtered; phpcs clean.


Disclosure: this change was prepared with the assistance of an AI coding agent (Claude) and reviewed before submission.

`wp db import` (and other commands that build their MySQL invocation via
`DB_Command::get_mysql_args()`, such as `wp db query`) run the associative
arguments through an allow-list of valid MySQL client options. That list
already contained `ssl-mode` and every `ssl-*` certificate option, but was
missing the plain on/off toggles `ssl` and `skip-ssl`.

As a result, `wp db import --ssl` silently dropped the flag and connected
without SSL, while `wp db cli --ssl` worked because it passes the arguments
straight through. This produced confusing failures such as
"Error: Failed to get current SQL modes. Reason: ERROR 1045 (28000):
Access denied" against servers that require SSL.

Add `ssl` and `skip-ssl` to the allow-list so both are forwarded to the
MySQL/MariaDB client, matching `wp db cli` behaviour. A Behat scenario
asserts the flag now appears in the final MySQL command.

Fixes wp-cli#218.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@github-actions

Copy link
Copy Markdown
Contributor

Hello! 👋

Thanks for opening this pull request! Please check out our contributing guidelines. We appreciate you taking the initiative to contribute to this project.

Contributing isn't limited to just code. We encourage you to contribute in the way that best fits your abilities, by writing tutorials, giving a demo at your local meetup, helping other users with their support questions, or revising our documentation.

Here are some useful Composer commands to get you started:

  • composer install: Install dependencies.
  • composer test: Run the full test suite.
  • composer phpcs: Check for code style violations.
  • composer phpcbf: Automatically fix code style violations.
  • composer phpunit: Run unit tests.
  • composer behat: Run behavior-driven tests.

To run a single Behat test, you can use the following command:

# Run all tests in a single file
composer behat features/some-feature.feature

# Run only a specific scenario (where 123 is the line number of the "Scenario:" title)
composer behat features/some-feature.feature:123

You can find a list of all available Behat steps in our handbook.

@codecov

codecov Bot commented Jul 10, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes wp db import --ssl (and --skip-ssl) being silently ignored by ensuring these flags are forwarded through the DB_Command::get_mysql_args() allow-list, bringing wp db import / wp db query behavior in line with wp db cli.

Changes:

  • Added ssl and skip-ssl to the MySQL client option allow-list used by get_mysql_args().
  • Added a Behat regression scenario to assert --ssl is present in the final MySQL command debug output for wp db import.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
src/DB_Command.php Extends the allowed MySQL client options to include the --ssl / --skip-ssl toggles so they are not filtered out.
features/db-import.feature Adds a MySQL/MariaDB-only regression scenario validating the --ssl flag is forwarded (visible via --debug output).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@swissspidy swissspidy added this to the 2.1.7 milestone Jul 10, 2026
@swissspidy swissspidy merged commit 24ed6d8 into wp-cli:main Jul 10, 2026
60 of 66 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

db import doesn't support --ssl flag

3 participants