public function ConditionTest::testCompileWithSqlInjectionForOperator in Drupal 8
Same name and namespace in other branches
- 9 core/tests/Drupal/Tests/Core/Database/ConditionTest.php \Drupal\Tests\Core\Database\ConditionTest::testCompileWithSqlInjectionForOperator()
- 10 core/tests/Drupal/Tests/Core/Database/ConditionTest.php \Drupal\Tests\Core\Database\ConditionTest::testCompileWithSqlInjectionForOperator()
@covers ::compile
@dataProvider providerTestCompileWithSqlInjectionForOperator
File
- core/
tests/ Drupal/ Tests/ Core/ Database/ ConditionTest.php, line 147
Class
- ConditionTest
- @coversDefaultClass \Drupal\Core\Database\Query\Condition
Namespace
Drupal\Tests\Core\DatabaseCode
public function testCompileWithSqlInjectionForOperator($operator) {
$connection = $this
->prophesize(Connection::class);
$connection
->escapeField(Argument::any())
->will(function ($args) {
return preg_replace('/[^A-Za-z0-9_.]+/', '', $args[0]);
});
$connection
->mapConditionOperator(Argument::any())
->willReturn(NULL);
$connection = $connection
->reveal();
$query_placeholder = $this
->prophesize(PlaceholderInterface::class);
$counter = 0;
$query_placeholder
->nextPlaceholder()
->will(function () use (&$counter) {
return $counter++;
});
$query_placeholder
->uniqueIdentifier()
->willReturn(4);
$query_placeholder = $query_placeholder
->reveal();
$condition = new Condition('AND');
$condition
->condition('name', 'value', $operator);
$this
->expectException(Error::class);
$condition
->compile($connection, $query_placeholder);
}