function ConditionTest::testCompileWithSqlInjectionForOperator
Same name in other branches
- 8.9.x core/tests/Drupal/Tests/Core/Database/ConditionTest.php \Drupal\Tests\Core\Database\ConditionTest::testCompileWithSqlInjectionForOperator()
- 10 core/tests/Drupal/Tests/Core/Database/ConditionTest.php \Drupal\Tests\Core\Database\ConditionTest::testCompileWithSqlInjectionForOperator()
- 11.x core/tests/Drupal/Tests/Core/Database/ConditionTest.php \Drupal\Tests\Core\Database\ConditionTest::testCompileWithSqlInjectionForOperator()
@covers ::compile
@dataProvider providerTestCompileWithSqlInjectionForOperator
File
-
core/
tests/ Drupal/ Tests/ Core/ Database/ ConditionTest.php, line 149
Class
- ConditionTest
- @coversDefaultClass \Drupal\Core\Database\Query\Condition
Namespace
Drupal\Tests\Core\DatabaseCode
public function testCompileWithSqlInjectionForOperator($operator) {
$connection = $this->prophesize(Connection::class);
$connection->escapeField(Argument::any())
->will(function ($args) {
return preg_replace('/[^A-Za-z0-9_.]+/', '', $args[0]);
});
$connection->mapConditionOperator(Argument::any())
->willReturn(NULL);
$connection->condition('AND')
->willReturn(new Condition('AND', FALSE));
$connection = $connection->reveal();
$query_placeholder = $this->prophesize(PlaceholderInterface::class);
$counter = 0;
$query_placeholder->nextPlaceholder()
->will(function () use (&$counter) {
return $counter++;
});
$query_placeholder->uniqueIdentifier()
->willReturn(4);
$query_placeholder = $query_placeholder->reveal();
$condition = $connection->condition('AND');
$condition->condition('name', 'value', $operator);
$this->expectError();
$condition->compile($connection, $query_placeholder);
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.