1.20.x database_test.test DatabaseSelectTestCase::makeCommentsProvider()

Provides expected and input values for testVulnerableComment().

File

modules/simpletest/tests/database_test.test, line 1360
Database tests.

Class

DatabaseSelectTestCase
Test the SELECT builder.

Code

function makeCommentsProvider() {
  return array(
    array(
      '/*  */ ',
      array(''),
    ),
    // Try and close the comment early.
    array(
      '/* Exploit  * / DROP TABLE node; -- */ ',
      array('Exploit */ DROP TABLE node; --'),
    ),
    // Variations on comment closing.
    array(
      '/* Exploit  * / * / DROP TABLE node; -- */ ',
      array('Exploit */*/ DROP TABLE node; --'),
    ),
    array(
      '/* Exploit  *  * // DROP TABLE node; -- */ ',
      array('Exploit **// DROP TABLE node; --'),
    ),
    // Try closing the comment in the second string which is appended.
    array(
      '/* Exploit  * / DROP TABLE node; --; Another try  * / DROP TABLE node; -- */ ',
      array('Exploit */ DROP TABLE node; --', 'Another try */ DROP TABLE node; --'),
    ),
  );
}