You are here

function DatabaseSelectTestCase::makeCommentsProvider in Drupal 7

Provides expected and input values for testVulnerableComment().

1 call to DatabaseSelectTestCase::makeCommentsProvider()
DatabaseSelectTestCase::testVulnerableComment in modules/simpletest/tests/database_test.test
Test query COMMENT system against vulnerabilities.

File

modules/simpletest/tests/database_test.test, line 1438

Class

DatabaseSelectTestCase
Test the SELECT builder.

Code

function makeCommentsProvider() {
  return array(
    array(
      '/*  */ ',
      array(
        '',
      ),
    ),
    // Try and close the comment early.
    array(
      '/* Exploit  * / DROP TABLE node; -- */ ',
      array(
        'Exploit */ DROP TABLE node; --',
      ),
    ),
    // Variations on comment closing.
    array(
      '/* Exploit  * / * / DROP TABLE node; -- */ ',
      array(
        'Exploit */*/ DROP TABLE node; --',
      ),
    ),
    array(
      '/* Exploit  *  * // DROP TABLE node; -- */ ',
      array(
        'Exploit **// DROP TABLE node; --',
      ),
    ),
    // Try closing the comment in the second string which is appended.
    array(
      '/* Exploit  * / DROP TABLE node; --; Another try  * / DROP TABLE node; -- */ ',
      array(
        'Exploit */ DROP TABLE node; --',
        'Another try */ DROP TABLE node; --',
      ),
    ),
  );
}