function EntityQueryTest::testInjectionInCondition

Same name and namespace in other branches
  1. 9 core/tests/Drupal/KernelTests/Core/Entity/EntityQueryTest.php \Drupal\KernelTests\Core\Entity\EntityQueryTest::testInjectionInCondition()
  2. 8.9.x core/tests/Drupal/KernelTests/Core/Entity/EntityQueryTest.php \Drupal\KernelTests\Core\Entity\EntityQueryTest::testInjectionInCondition()
  3. 10 core/tests/Drupal/KernelTests/Core/Entity/EntityQueryTest.php \Drupal\KernelTests\Core\Entity\EntityQueryTest::testInjectionInCondition()

Tests SQL inject of condition field.

This covers a database driver's EntityQuery\Condition class.

File

core/tests/Drupal/KernelTests/Core/Entity/EntityQueryTest.php, line 1231

Class

EntityQueryTest
Tests Entity Query functionality.

Namespace

Drupal\KernelTests\Core\Entity

Code

public function testInjectionInCondition() : void {
  $this->expectException(\Exception::class);
  $this->queryResults = $this->storage
    ->getQuery()
    ->accessCheck(FALSE)
    ->condition('1 ; -- ', [
    0,
    1,
  ], 'IN')
    ->sort('id')
    ->execute();
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.