function DatabaseSelectTestCase::makeCommentsProvider
Provides expected and input values for testVulnerableComment().
1 call to DatabaseSelectTestCase::makeCommentsProvider()
- DatabaseSelectTestCase::testVulnerableComment in modules/
simpletest/ tests/ database_test.test - Test query COMMENT system against vulnerabilities.
File
-
modules/
simpletest/ tests/ database_test.test, line 1504
Class
- DatabaseSelectTestCase
- Test the SELECT builder.
Code
function makeCommentsProvider() {
return array(
array(
'/* */ ',
array(
'',
),
),
// Try and close the comment early.
array(
'/* Exploit * / DROP TABLE node; -- */ ',
array(
'Exploit */ DROP TABLE node; --',
),
),
// Variations on comment closing.
array(
'/* Exploit * / * / DROP TABLE node; -- */ ',
array(
'Exploit */*/ DROP TABLE node; --',
),
),
array(
'/* Exploit * * // DROP TABLE node; -- */ ',
array(
'Exploit **// DROP TABLE node; --',
),
),
// Try closing the comment in the second string which is appended.
array(
'/* Exploit * / DROP TABLE node; --; Another try * / DROP TABLE node; -- */ ',
array(
'Exploit */ DROP TABLE node; --',
'Another try */ DROP TABLE node; --',
),
),
);
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.