[TYPO3-core] RFC #13940 Preventing SQL injections in CONTENT object

Martin Holtz typo3 at martinholtz.de
Thu Apr 8 13:16:43 CEST 2010 

Hi,

i tried to write an test-case for the method "getQueryMarkers" which would 
be introduced with this patch. 

I would add it to tslib_content_testcase.php. Should i attach another patch 
with bug entry? Or should it be added to the patch of this bug? Or totally 
different?

Thats how i started, perhaps someone can have a look if it is the right 
direction, or what should be made different.

thanks,
martin


/**
 * @test
 */
public function doesGetQueryMarkersQuoteCorrectly() {
	$table = 'tt_content';
	
	$conf = array('markers.' => array());
	$expectedResult = array();
	$actualResult = $this->cObj->getQueryMarkers($table, $conf);
	$this->assertEquals($expectedResult, $actualResult);
			
	$conf = array('markers.' => array('test' => '1'));
	$expectedResult = array('test' => '1');
	$actualResult = $this->cObj->getQueryMarkers($table, $conf);
	$this->assertEquals($expectedResult, $actualResult);
	
	$conf = array('markers.' => array('test' => '1.234'));
	$expectedResult = array('test' => '1.234');
	$actualResult = $this->cObj->getQueryMarkers($table, $conf);
	$this->assertEquals($expectedResult, $actualResult);
	
	$conf = array('markers.' => array('test' => 'hello'));
	$expectedResult = array('test' => $GLOBALS['TYPO3_DB']-
>fullQuoteStr('hello', $table));
	$actualResult = $this->cObj->getQueryMarkers($table, $conf);
	$this->assertEquals($expectedResult, $actualResult);

	$conf = array('markers.' => array('test' => 'hello', 'test.' => 
array('noTrimWrap' => '| | world |')));
	$expectedResult = array('test' => $GLOBALS['TYPO3_DB']->fullQuoteStr(' 
hello world ', $table));
	$actualResult = $this->cObj->getQueryMarkers($table, $conf);
	$this->assertEquals($expectedResult, $actualResult);
	
	$conf = array('markers.' => array('test' => 'h"\"el\'lo', 'test.' => 
array('noTrimWrap' => '| | world |')));
	$expectedResult = array('test' => $GLOBALS['TYPO3_DB']->fullQuoteStr(' 
h"\"el\'lo world ', $table));
	$actualResult = $this->cObj->getQueryMarkers($table, $conf);
	$this->assertEquals($expectedResult, $actualResult);
	
	$conf = array('markers.' => array('name' => 'firstname', 'name.' => 
array('noTrimWrap' => '|"|, lastname"|')));
	$expectedResult = array('name' => $GLOBALS['TYPO3_DB']-
>fullQuoteStr('"firstname, lastname"', $table));
	$actualResult = $this->cObj->getQueryMarkers($table, $conf);
	$this->assertEquals($expectedResult, $actualResult);
}

More information about the TYPO3-team-core mailing list