function EntityQueryTest::testInjectionInCondition

Same name in other branches
  1. 9 core/tests/Drupal/KernelTests/Core/Entity/EntityQueryTest.php \Drupal\KernelTests\Core\Entity\EntityQueryTest::testInjectionInCondition()
  2. 8.9.x core/tests/Drupal/KernelTests/Core/Entity/EntityQueryTest.php \Drupal\KernelTests\Core\Entity\EntityQueryTest::testInjectionInCondition()
  3. 10 core/tests/Drupal/KernelTests/Core/Entity/EntityQueryTest.php \Drupal\KernelTests\Core\Entity\EntityQueryTest::testInjectionInCondition()

Tests SQL inject of condition field.

This covers a database driver's EntityQuery\Condition class.

File

core/tests/Drupal/KernelTests/Core/Entity/EntityQueryTest.php, line 1229

Class

EntityQueryTest
Tests Entity Query functionality.

Namespace

Drupal\KernelTests\Core\Entity

Code

public function testInjectionInCondition() : void {
    $this->expectException(\Exception::class);
    $this->queryResults = $this->storage
        ->getQuery()
        ->accessCheck(FALSE)
        ->condition('1 ; -- ', [
        0,
        1,
    ], 'IN')
        ->sort('id')
        ->execute();
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.