function ConditionTest::providerTestCompileWithSqlInjectionForOperator
Same name in other branches
- 9 core/tests/Drupal/Tests/Core/Database/ConditionTest.php \Drupal\Tests\Core\Database\ConditionTest::providerTestCompileWithSqlInjectionForOperator()
- 10 core/tests/Drupal/Tests/Core/Database/ConditionTest.php \Drupal\Tests\Core\Database\ConditionTest::providerTestCompileWithSqlInjectionForOperator()
- 11.x core/tests/Drupal/Tests/Core/Database/ConditionTest.php \Drupal\Tests\Core\Database\ConditionTest::providerTestCompileWithSqlInjectionForOperator()
File
-
core/
tests/ Drupal/ Tests/ Core/ Database/ ConditionTest.php, line 170
Class
- ConditionTest
- @coversDefaultClass \Drupal\Core\Database\Query\Condition
Namespace
Drupal\Tests\Core\DatabaseCode
public function providerTestCompileWithSqlInjectionForOperator() {
$data = [];
$data[] = [
"IS NOT NULL) ;INSERT INTO {test} (name) VALUES ('test12345678'); -- ",
];
$data[] = [
"IS NOT NULL) UNION ALL SELECT name, pass FROM {users_field_data} -- ",
];
$data[] = [
"IS NOT NULL) UNION ALL SELECT name FROM {TEST_UPPERCASE} -- ",
];
$data[] = [
"= 1 UNION ALL SELECT password FROM user WHERE uid =",
];
return $data;
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.