From e77f87506c0355bb357bf32651148768e4a302b8 Mon Sep 17 00:00:00 2001
From: webchick <webchick@24967.no-reply.drupal.org>
Date: Tue, 17 May 2011 23:57:40 -0500
Subject: Issue #1105848 by cafuego: Fixed Unsafe query comments possible via
 UI.

---
 modules/simpletest/tests/database_test.test | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'modules/simpletest/tests/database_test.test')

diff --git a/modules/simpletest/tests/database_test.test b/modules/simpletest/tests/database_test.test
index 231355ceb..c22d1fc5d 100644
--- a/modules/simpletest/tests/database_test.test
+++ b/modules/simpletest/tests/database_test.test
@@ -1324,6 +1324,27 @@ class DatabaseSelectTestCase extends DatabaseTestCase {
     $this->assertEqual($query, $expected, t('The flattened query contains the comment string.'));
   }
 
+  /**
+   * Test query COMMENT system against vulnerabilities.
+   */
+  function testVulnerableComment() {
+    $query = db_select('test')->comment('Testing query comments */ SELECT nid FROM {node}; --');
+    $name_field = $query->addField('test', 'name');
+    $age_field = $query->addField('test', 'age', 'age');
+    $result = $query->execute();
+
+    $num_records = 0;
+    foreach ($result as $record) {
+      $num_records++;
+    }
+
+    $query = (string)$query;
+    $expected = "/* Testing query comments SELECT nid FROM {node}; -- */ SELECT test.name AS name, test.age AS age\nFROM \n{test} test";
+
+    $this->assertEqual($num_records, 4, t('Returned the correct number of rows.'));
+    $this->assertEqual($query, $expected, t('The flattened query contains the sanitised comment string.'));
+  }
+
   /**
    * Test basic conditionals on SELECT statements.
    */
-- 
cgit v1.2.3