From 6b7514afd2f03f3543d7c84e77cc97fa1d84dbb4 Mon Sep 17 00:00:00 2001 From: David Rothstein Date: Sat, 1 Nov 2014 13:21:52 -0400 Subject: Issue #829464 by Berdir, klausi, sepgil | Heine: Fixed orderby() should verify that the sort direction is always ASC or DESC. --- modules/simpletest/tests/database_test.test | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'modules/simpletest') diff --git a/modules/simpletest/tests/database_test.test b/modules/simpletest/tests/database_test.test index 209bf6813..a65cc64ec 100644 --- a/modules/simpletest/tests/database_test.test +++ b/modules/simpletest/tests/database_test.test @@ -1947,6 +1947,15 @@ class DatabaseSelectOrderedTestCase extends DatabaseTestCase { $this->assertEqual($num_records, 4, 'Returned the correct number of rows.'); } + + /** + * Tests that the sort direction is sanitized properly. + */ + function testOrderByEscaping() { + $query = db_select('test')->orderBy('name', 'invalid direction'); + $order_bys = $query->getOrderBy(); + $this->assertEqual($order_bys['name'], 'ASC', 'Invalid order by direction is converted to ASC.'); + } } /** -- cgit v1.2.3