function ConditionTest::testCompileWithSqlInjectionForOperator

Same name in other branches
  1. 9 core/tests/Drupal/Tests/Core/Database/ConditionTest.php \Drupal\Tests\Core\Database\ConditionTest::testCompileWithSqlInjectionForOperator()
  2. 8.9.x core/tests/Drupal/Tests/Core/Database/ConditionTest.php \Drupal\Tests\Core\Database\ConditionTest::testCompileWithSqlInjectionForOperator()
  3. 11.x core/tests/Drupal/Tests/Core/Database/ConditionTest.php \Drupal\Tests\Core\Database\ConditionTest::testCompileWithSqlInjectionForOperator()

@covers ::compile

@dataProvider providerTestCompileWithSqlInjectionForOperator

File

core/tests/Drupal/Tests/Core/Database/ConditionTest.php, line 152

Class

ConditionTest
@coversDefaultClass \Drupal\Core\Database\Query\Condition

Namespace

Drupal\Tests\Core\Database

Code

public function testCompileWithSqlInjectionForOperator($operator) : void {
    $connection = $this->prophesize(Connection::class);
    $connection->escapeField(Argument::any())
        ->will(function ($args) {
        return preg_replace('/[^A-Za-z0-9_.]+/', '', $args[0]);
    });
    $connection->mapConditionOperator(Argument::any())
        ->willReturn(NULL);
    $connection->condition('AND')
        ->willReturn(new Condition('AND'));
    $connection = $connection->reveal();
    $query_placeholder = $this->prophesize(PlaceholderInterface::class);
    $counter = 0;
    $query_placeholder->nextPlaceholder()
        ->will(function () use (&$counter) {
        return $counter++;
    });
    $query_placeholder->uniqueIdentifier()
        ->willReturn(4);
    $query_placeholder = $query_placeholder->reveal();
    $condition = $connection->condition('AND');
    $condition->condition('name', 'value', $operator);
    $this->expectError();
    $condition->compile($connection, $query_placeholder);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.