function SelectTest::testVulnerableComment in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/modules/system/src/Tests/Database/SelectTest.php \Drupal\system\Tests\Database\SelectTest::testVulnerableComment()
Tests query COMMENT system against vulnerabilities.
File
- core/
modules/ system/ src/ Tests/ Database/ SelectTest.php, line 52 - Contains \Drupal\system\Tests\Database\SelectTest.
Class
- SelectTest
- Tests the Select query builder.
Namespace
Drupal\system\Tests\DatabaseCode
function testVulnerableComment() {
$query = db_select('test')
->comment('Testing query comments */ SELECT nid FROM {node}; --');
$query
->addField('test', 'name');
$query
->addField('test', 'age', 'age');
$result = $query
->execute();
$records = $result
->fetchAll();
$query = (string) $query;
$expected = "/* Testing query comments * / SELECT nid FROM {node}. -- */ SELECT test.name AS name, test.age AS age\nFROM \n{test} test";
$this
->assertEqual(count($records), 4, 'Returned the correct number of rows.');
$this
->assertNotIdentical(FALSE, strpos($query, $expected), 'The flattened query contains the sanitised comment string.');
$connection = Database::getConnection();
foreach ($this
->makeCommentsProvider() as $test_set) {
list($expected, $comments) = $test_set;
$this
->assertEqual($expected, $connection
->makeComment($comments));
}
}