function EntityQueryTest::testInjectionInCondition
Tests SQL inject of condition field.
This covers a database driver's EntityQuery\Condition class.
File
-
core/
tests/ Drupal/ KernelTests/ Core/ Entity/ EntityQueryTest.php, line 1260
Class
- EntityQueryTest
- Tests Entity Query functionality.
Namespace
Drupal\KernelTests\Core\EntityCode
public function testInjectionInCondition() : void {
$this->expectException(\Exception::class);
$this->queryResults = $this->storage
->getQuery()
->accessCheck(FALSE)
->condition('1 ; -- ', [
0,
1,
], 'IN')
->sort('id')
->execute();
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.