function EntityQueryTest::testInjectionInCondition
Same name in other branches
- 9 core/tests/Drupal/KernelTests/Core/Entity/EntityQueryTest.php \Drupal\KernelTests\Core\Entity\EntityQueryTest::testInjectionInCondition()
- 8.9.x core/tests/Drupal/KernelTests/Core/Entity/EntityQueryTest.php \Drupal\KernelTests\Core\Entity\EntityQueryTest::testInjectionInCondition()
- 10 core/tests/Drupal/KernelTests/Core/Entity/EntityQueryTest.php \Drupal\KernelTests\Core\Entity\EntityQueryTest::testInjectionInCondition()
Tests SQL inject of condition field.
This covers a database driver's EntityQuery\Condition class.
File
-
core/
tests/ Drupal/ KernelTests/ Core/ Entity/ EntityQueryTest.php, line 1229
Class
- EntityQueryTest
- Tests Entity Query functionality.
Namespace
Drupal\KernelTests\Core\EntityCode
public function testInjectionInCondition() : void {
$this->expectException(\Exception::class);
$this->queryResults = $this->storage
->getQuery()
->accessCheck(FALSE)
->condition('1 ; -- ', [
0,
1,
], 'IN')
->sort('id')
->execute();
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.