public function EntityQueryTest::testInjectionInCondition in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/modules/system/src/Tests/Entity/EntityQueryTest.php \Drupal\system\Tests\Entity\EntityQueryTest::testInjectionInCondition()
Test against SQL inject of condition field. This covers a database driver's EntityQuery\Condition class.
File
- core/
modules/ system/ src/ Tests/ Entity/ EntityQueryTest.php, line 857 - Contains \Drupal\system\Tests\Entity\EntityQueryTest.
Class
- EntityQueryTest
- Tests Entity Query functionality.
Namespace
Drupal\system\Tests\EntityCode
public function testInjectionInCondition() {
try {
$this->queryResults = $this->factory
->get('entity_test_mulrev')
->condition('1 ; -- ', array(
0,
1,
), 'IN')
->sort('id')
->execute();
$this
->fail('SQL Injection attempt in Entity Query condition in operator should result in an exception.');
} catch (\Exception $e) {
$this
->pass('SQL Injection attempt in Entity Query condition in operator should result in an exception.');
}
}