[TYPO3-core] RFC #13940 Preventing SQL injections in CONTENT object
Oliver Klee
typo3-german-02 at oliverklee.de
Thu Apr 8 13:52:29 CEST 2010
Hi,
Martin Holtz schrieb:
> I would add it to tslib_content_testcase.php. Should i attach another patch
> with bug entry? Or should it be added to the patch of this bug? Or totally
> different?
>
> Thats how i started, perhaps someone can have a look if it is the right
> direction, or what should be made different.
The test case should be part of the patch.
Instead of one really big test method, I recommend having separate small
test methods that each test one piece of the expected behavior and uses
a telling name. "fooReturnsCorrectResult" is *not* a good name because
it doesn't describe what exactly a "correct" result is under which
circumstances.
A better test name would be e.g.
"getQueryMarkersLeavesLetterOnlyStringUntouched" ot
"getQueryMarkersQuotesCommas" etc.
I recommend putting a blank line above the assert and have the expected
and actual value each on a separate line (for better readability).
Oli
--
Certified TYPO3 Integrator | TYPO3 Security Team Member
More information about the TYPO3-team-core
mailing list