You are here

public function ConditionTest::testCompileWithSqlInjectionForOperator in Drupal 10

Same name and namespace in other branches
  1. 8 core/tests/Drupal/Tests/Core/Database/ConditionTest.php \Drupal\Tests\Core\Database\ConditionTest::testCompileWithSqlInjectionForOperator()
  2. 9 core/tests/Drupal/Tests/Core/Database/ConditionTest.php \Drupal\Tests\Core\Database\ConditionTest::testCompileWithSqlInjectionForOperator()

@covers ::compile

@dataProvider providerTestCompileWithSqlInjectionForOperator

File

core/tests/Drupal/Tests/Core/Database/ConditionTest.php, line 149

Class

ConditionTest
@coversDefaultClass \Drupal\Core\Database\Query\Condition

Namespace

Drupal\Tests\Core\Database

Code

public function testCompileWithSqlInjectionForOperator($operator) {
  $connection = $this
    ->prophesize(Connection::class);
  $connection
    ->escapeField(Argument::any())
    ->will(function ($args) {
    return preg_replace('/[^A-Za-z0-9_.]+/', '', $args[0]);
  });
  $connection
    ->mapConditionOperator(Argument::any())
    ->willReturn(NULL);
  $connection
    ->condition('AND')
    ->willReturn(new Condition('AND', FALSE));
  $connection = $connection
    ->reveal();
  $query_placeholder = $this
    ->prophesize(PlaceholderInterface::class);
  $counter = 0;
  $query_placeholder
    ->nextPlaceholder()
    ->will(function () use (&$counter) {
    return $counter++;
  });
  $query_placeholder
    ->uniqueIdentifier()
    ->willReturn(4);
  $query_placeholder = $query_placeholder
    ->reveal();
  $condition = $connection
    ->condition('AND');
  $condition
    ->condition('name', 'value', $operator);
  $this
    ->expectError();
  $condition
    ->compile($connection, $query_placeholder);
}