[TYPO3-core] RFC #13940 Preventing SQL injections in CONTENT object

Oliver Klee typo3-german-02 at oliverklee.de
Thu Apr 8 13:52:29 CEST 2010


Hi,

Martin Holtz schrieb:
> I would add it to tslib_content_testcase.php. Should i attach another patch 
> with bug entry? Or should it be added to the patch of this bug? Or totally 
> different?
> 
> Thats how i started, perhaps someone can have a look if it is the right 
> direction, or what should be made different.

The test case should be part of the patch.

Instead of one really big test method, I recommend having separate small
test methods that each test one piece of the expected behavior and uses
a telling name. "fooReturnsCorrectResult" is *not* a good name because
it doesn't describe what exactly a "correct" result is under which
circumstances.

A better test name would be e.g.
"getQueryMarkersLeavesLetterOnlyStringUntouched" ot
"getQueryMarkersQuotesCommas" etc.

I recommend putting a blank line above the assert and have the expected
and actual value each on a separate line (for better readability).


Oli
-- 
Certified TYPO3 Integrator | TYPO3 Security Team Member


More information about the TYPO3-team-core mailing list