function SelectTest::makeCommentsProvider

Same name and namespace in other branches
  1. 9 core/tests/Drupal/KernelTests/Core/Database/SelectTest.php \Drupal\KernelTests\Core\Database\SelectTest::makeCommentsProvider()
  2. 8.9.x core/tests/Drupal/KernelTests/Core/Database/SelectTest.php \Drupal\KernelTests\Core\Database\SelectTest::makeCommentsProvider()
  3. 11.x core/tests/Drupal/KernelTests/Core/Database/SelectTest.php \Drupal\KernelTests\Core\Database\SelectTest::makeCommentsProvider()

Provides expected and input values for testVulnerableComment().

1 call to SelectTest::makeCommentsProvider()
SelectTest::testVulnerableComment in core/tests/Drupal/KernelTests/Core/Database/SelectTest.php
Tests query COMMENT system against vulnerabilities.

File

core/tests/Drupal/KernelTests/Core/Database/SelectTest.php, line 78

Class

SelectTest
Tests the Select query builder.

Namespace

Drupal\KernelTests\Core\Database

Code

public function makeCommentsProvider() {
  return [
    [
      '/*  */ ',
      [
        '',
      ],
    ],
    // Try and close the comment early.
[
      '/* Exploit  * / DROP TABLE node. -- */ ',
      [
        'Exploit */ DROP TABLE node; --',
      ],
    ],
    // Variations on comment closing.
[
      '/* Exploit  * / * / DROP TABLE node. -- */ ',
      [
        'Exploit */*/ DROP TABLE node; --',
      ],
    ],
    [
      '/* Exploit  *  * // DROP TABLE node. -- */ ',
      [
        'Exploit **// DROP TABLE node; --',
      ],
    ],
    // Try closing the comment in the second string which is appended.
[
      '/* Exploit  * / DROP TABLE node. --. Another try  * / DROP TABLE node. -- */ ',
      [
        'Exploit */ DROP TABLE node; --',
        'Another try */ DROP TABLE node; --',
      ],
    ],
  ];
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.