function SelectTest::testVulnerableComment
Same name in other branches
- 9 core/tests/Drupal/KernelTests/Core/Database/SelectTest.php \Drupal\KernelTests\Core\Database\SelectTest::testVulnerableComment()
- 8.9.x core/tests/Drupal/KernelTests/Core/Database/SelectTest.php \Drupal\KernelTests\Core\Database\SelectTest::testVulnerableComment()
- 11.x core/tests/Drupal/KernelTests/Core/Database/SelectTest.php \Drupal\KernelTests\Core\Database\SelectTest::testVulnerableComment()
Tests query COMMENT system against vulnerabilities.
File
-
core/
tests/ Drupal/ KernelTests/ Core/ Database/ SelectTest.php, line 52
Class
- SelectTest
- Tests the Select query builder.
Namespace
Drupal\KernelTests\Core\DatabaseCode
public function testVulnerableComment() : void {
$query = $this->connection
->select('test')
->comment('Testing query comments */ SELECT nid FROM {node}; --');
$query->addField('test', 'name');
$query->addField('test', 'age', 'age');
$result = $query->execute();
$records = $result->fetchAll();
$query = (string) $query;
$expected = "/* Testing query comments * / SELECT nid FROM {node}. -- */";
// Check the returned number of rows.
$this->assertCount(4, $records);
// Check that the flattened query contains the sanitized comment string.
$this->assertStringContainsString($expected, $query);
$connection = Database::getConnection();
foreach ($this->makeCommentsProvider() as $test_set) {
[
$expected,
$comments,
] = $test_set;
$this->assertEquals($expected, $connection->makeComment($comments));
}
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.