Development

Changeset 28260 for branches/1.4

You must first sign up to be able to contribute.

Changeset 28260 for branches/1.4

Show
Ignore:
Timestamp:
02/25/10 00:42:54 (2 years ago)
Author:
Kris.Wallsmith
Message:

[1.2, 1.3, 1.4] fixed sql injection vulnerability in doctrine admin generator

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • branches/1.4/lib/plugins/sfDoctrinePlugin/data/generator/sfDoctrineModule/admin/parts/sortingAction.php

    r24039 r28260  
    44    { 
    55      return; 
     6    } 
     7 
     8    if (!in_array(strtolower($sort[1]), array('asc', 'desc'))) 
     9    { 
     10      $sort[1] = 'asc'; 
    611    } 
    712 

  • branches/1.4/lib/plugins/sfDoctrinePlugin/test/functional/AdminGenBrowser.class.php

    r23912 r28260  
    2626        $this->$method(); 
    2727      } 
     28    } 
     29  } 
     30 
     31  protected function _testValidSort() 
     32  { 
     33    $this->info('Test valid sort parameter'); 
     34 
     35    $this->get('/users?sort=username'); 
     36 
     37    $matches = 0; 
     38    foreach ($this->_getQueryExecutionEvents() as $event) 
     39    { 
     40      if (false !== strpos($event->getQuery(), 'ORDER BY u.username asc')) 
     41      { 
     42        ++$matches; 
     43      } 
     44    } 
     45 
     46    $this->test()->is($matches, 1); 
     47  } 
     48 
     49  protected function _testInvalidSort() 
     50  { 
     51    $this->info('Test invalid sort parameter'); 
     52 
     53    $this->get('/users?sort=INVALID'); 
     54 
     55    // there should be no queries that match "INVALID" 
     56    foreach ($this->_getQueryExecutionEvents() as $event) 
     57    { 
     58      $this->test()->unlike($event->getQuery(), '/INVALID/'); 
     59    } 
     60  } 
     61 
     62  protected function _testValidSortType() 
     63  { 
     64    $this->info('Test valid sort_type parameter'); 
     65 
     66    foreach (array('asc', 'desc', 'ASC', 'DESC') as $sortType) 
     67    { 
     68      $this->get('/users?sort=username&sort_type='.$sortType); 
     69 
     70      $matches = 0; 
     71      foreach ($this->_getQueryExecutionEvents() as $event) 
     72      { 
     73        if (false !== strpos($event->getQuery(), 'ORDER BY u.username '.$sortType)) 
     74        { 
     75          ++$matches; 
     76        } 
     77      } 
     78 
     79      $this->test()->is($matches, 1); 
     80    } 
     81  } 
     82 
     83  protected function _testInvalidSortType() 
     84  { 
     85    $this->info('Test invalid sort_type parameter'); 
     86 
     87    $this->get('/users?sort=username&sort_type=INVALID'); 
     88 
     89    // there should be no queries that match "INVALID" 
     90    foreach ($this->_getQueryExecutionEvents() as $event) 
     91    { 
     92      $this->test()->unlike($event->getQuery(), '/INVALID/'); 
    2893    } 
    2994  } 
     
    203268  } 
    204269 
     270  protected function _getQueryExecutionEvents() 
     271  { 
     272    $events = array(); 
     273 
     274    $databaseManager = $this->browser->getContext()->getDatabaseManager(); 
     275    foreach ($databaseManager->getNames() as $name) 
     276    { 
     277      $database = $databaseManager->getDatabase($name); 
     278      if ($database instanceof sfDoctrineDatabase && $profiler = $database->getProfiler()) 
     279      { 
     280        foreach ($profiler->getQueryExecutionEvents() as $event) 
     281        { 
     282          $events[$event->getSequence()] = $event; 
     283        } 
     284      } 
     285    } 
     286 
     287    ksort($events); 
     288 
     289    return array_values($events); 
     290  } 
     291 
    205292  public function __destruct() 
    206293  {