diff options
Diffstat (limited to 'modules/simpletest/tests/database_test.test')
| -rw-r--r-- | modules/simpletest/tests/database_test.test | 54 |
1 files changed, 47 insertions, 7 deletions
diff --git a/modules/simpletest/tests/database_test.test b/modules/simpletest/tests/database_test.test index 243dbba31..c22d1fc5d 100644 --- a/modules/simpletest/tests/database_test.test +++ b/modules/simpletest/tests/database_test.test @@ -1,5 +1,4 @@ <?php -// $Id$ /** * Dummy class for fetching into a class. @@ -720,6 +719,21 @@ class DatabaseUpdateTestCase extends DatabaseTestCase { } /** + * Confirm updating to NULL. + */ + function testSimpleNullUpdate() { + $this->ensureSampleDataNull(); + $num_updated = db_update('test_null') + ->fields(array('age' => NULL)) + ->condition('name', 'Kermit') + ->execute(); + $this->assertIdentical($num_updated, 1, t('Updated 1 record.')); + + $saved_age = db_query('SELECT age FROM {test_null} WHERE name = :name', array(':name' => 'Kermit'))->fetchField(); + $this->assertNull($saved_age, t('Updated name successfully.')); + } + + /** * Confirm that we can update a multiple records successfully. */ function testMultiUpdate() { @@ -1311,6 +1325,27 @@ class DatabaseSelectTestCase extends DatabaseTestCase { } /** + * Test query COMMENT system against vulnerabilities. + */ + function testVulnerableComment() { + $query = db_select('test')->comment('Testing query comments */ SELECT nid FROM {node}; --'); + $name_field = $query->addField('test', 'name'); + $age_field = $query->addField('test', 'age', 'age'); + $result = $query->execute(); + + $num_records = 0; + foreach ($result as $record) { + $num_records++; + } + + $query = (string)$query; + $expected = "/* Testing query comments SELECT nid FROM {node}; -- */ SELECT test.name AS name, test.age AS age\nFROM \n{test} test"; + + $this->assertEqual($num_records, 4, t('Returned the correct number of rows.')); + $this->assertEqual($query, $expected, t('The flattened query contains the sanitised comment string.')); + } + + /** * Test basic conditionals on SELECT statements. */ function testSimpleSelectConditional() { @@ -1687,6 +1722,9 @@ class DatabaseSelectSubqueryTestCase extends DatabaseTestCase { /** * Test EXISTS subquery conditionals on SELECT statements. + * + * We essentially select all rows from the {test} table that have matching + * rows in the {test_people} table based on the shared name column. */ function testExistsSubquerySelect() { // Put George into {test_people}. @@ -1703,7 +1741,7 @@ class DatabaseSelectSubqueryTestCase extends DatabaseTestCase { // Subquery to {test_people}. $subquery = db_select('test_people', 'tp') ->fields('tp', array('name')) - ->condition('name', 'George'); + ->where('tp.name = t.name'); $query->exists($subquery); $result = $query->execute(); @@ -1714,6 +1752,9 @@ class DatabaseSelectSubqueryTestCase extends DatabaseTestCase { /** * Test NOT EXISTS subquery conditionals on SELECT statements. + * + * We essentially select all rows from the {test} table that don't have + * matching rows in the {test_people} table based on the shared name column. */ function testNotExistsSubquerySelect() { // Put George into {test_people}. @@ -1731,13 +1772,12 @@ class DatabaseSelectSubqueryTestCase extends DatabaseTestCase { // Subquery to {test_people}. $subquery = db_select('test_people', 'tp') ->fields('tp', array('name')) - ->condition('name', 'George'); + ->where('tp.name = t.name'); $query->notExists($subquery); - $result = $query->execute(); - // Ensure that we got the right record. - $record = $result->fetch(); - $this->assertFalse($record, t('NOT EXISTS query returned no results.')); + // Ensure that we got the right number of records. + $people = $query->execute()->fetchCol(); + $this->assertEqual(count($people), 3, t('NOT EXISTS query returned the correct results.')); } } |