function ConditionTest::providerTestCompileWithSqlInjectionForOperator

Same name in other branches

9 core/tests/Drupal/Tests/Core/Database/ConditionTest.php \Drupal\Tests\Core\Database\ConditionTest::providerTestCompileWithSqlInjectionForOperator()
10 core/tests/Drupal/Tests/Core/Database/ConditionTest.php \Drupal\Tests\Core\Database\ConditionTest::providerTestCompileWithSqlInjectionForOperator()
11.x core/tests/Drupal/Tests/Core/Database/ConditionTest.php \Drupal\Tests\Core\Database\ConditionTest::providerTestCompileWithSqlInjectionForOperator()

File

core/tests/Drupal/Tests/Core/Database/ConditionTest.php, line 170

Class

ConditionTest: @coversDefaultClass \Drupal\Core\Database\Query\Condition

Namespace

Drupal\Tests\Core\Database

Code

public function providerTestCompileWithSqlInjectionForOperator() {
    $data = [];
    $data[] = [
        "IS NOT NULL) ;INSERT INTO {test} (name) VALUES ('test12345678'); -- ",
    ];
    $data[] = [
        "IS NOT NULL) UNION ALL SELECT name, pass FROM {users_field_data} -- ",
    ];
    $data[] = [
        "IS NOT NULL) UNION ALL SELECT name FROM {TEST_UPPERCASE} -- ",
    ];
    $data[] = [
        "= 1 UNION ALL SELECT password FROM user WHERE uid =",
    ];
    return $data;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.

function ConditionTest::providerTestCompileWithSqlInjectionForOperator

File

Class

Namespace

Code

Search drupal 8.9.x

API Navigation

Breadcrumb

function ConditionTest::providerTestCompileWithSqlInjectionForOperator

File

Class

Namespace

Code

Search drupal 8.9.x

API Navigation