function SelectTest::testVulnerableComment

Tests query COMMENT system against vulnerabilities.

File

drupal/core/modules/system/lib/Drupal/system/Tests/Database/SelectTest.php, line 64: Definition of Drupal\system\Tests\Database\SelectTest.

Class

SelectTest: Tests the SELECT builder.

Namespace

Code

function testVulnerableComment() {
  $query = db_select('test')
    ->comment('Testing query comments */ SELECT nid FROM {node}; --');
  $name_field = $query
    ->addField('test', 'name');
  $age_field = $query
    ->addField('test', 'age', 'age');
  $result = $query
    ->execute();
  $num_records = 0;
  foreach ($result as $record) {
    $num_records++;
  }
  $query = (string) $query;
  $expected = "/* Testing query comments SELECT nid FROM {node}; -- */ SELECT test.name AS name, test.age AS age\nFROM \n{test} test";
  $this
    ->assertEqual($num_records, 4, 'Returned the correct number of rows.');
  $this
    ->assertEqual($query, $expected, 'The flattened query contains the sanitised comment string.');
}

Main menu

Search Drupal 9.x

API Navigation

function SelectTest::testVulnerableComment

File

Class

Namespace

Code

Main menu

You are here

Search Drupal 9.x

API Navigation

function SelectTest::testVulnerableComment

File

Class

Namespace

Code