Merge branch 'DDC-3045'
This commit is contained in:
Benjamin Eberlei
commit
0621b5a161
@ -397,6 +397,11 @@ use Doctrine\Common\Util\ClassUtils;
|
|||||||
}
|
}
|
||||||
|
|
||||||
$sortedId[$identifier] = $id[$identifier];
|
$sortedId[$identifier] = $id[$identifier];
|
||||||
|
unset($id[$identifier]);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($id) {
|
||||||
|
throw ORMException::unrecognizedIdentifierFields($class->name, array_keys($id));
|
||||||
}
|
}
|
||||||
|
|
||||||
$unitOfWork = $this->getUnitOfWork();
|
$unitOfWork = $this->getUnitOfWork();
|
||||||
|
|||||||
@ -283,6 +283,20 @@ class ORMException extends Exception
|
|||||||
return new self("The identifier $fieldName is missing for a query of " . $className);
|
return new self("The identifier $fieldName is missing for a query of " . $className);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param string $className
|
||||||
|
* @param string $fieldName
|
||||||
|
*
|
||||||
|
* @return ORMException
|
||||||
|
*/
|
||||||
|
public static function unrecognizedIdentifierFields($className, $fieldNames)
|
||||||
|
{
|
||||||
|
return new self(
|
||||||
|
"Unrecognized identifier fields: '" . implode("', '", $fieldNames) . "' " .
|
||||||
|
"are not present on class '" . $className . "'."
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param string $functionName
|
* @param string $functionName
|
||||||
*
|
*
|
||||||
|
|||||||
@ -882,5 +882,51 @@ class EntityRepositoryTest extends \Doctrine\Tests\OrmFunctionalTestCase
|
|||||||
$this->assertInstanceOf('Doctrine\ORM\Query\ResultSetMappingBuilder', $rsm);
|
$this->assertInstanceOf('Doctrine\ORM\Query\ResultSetMappingBuilder', $rsm);
|
||||||
$this->assertEquals(array('u' => 'Doctrine\Tests\Models\CMS\CmsUser'), $rsm->aliasMap);
|
$this->assertEquals(array('u' => 'Doctrine\Tests\Models\CMS\CmsUser'), $rsm->aliasMap);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @group DDC-3045
|
||||||
|
*/
|
||||||
|
public function testFindByFieldInjectionPrevented()
|
||||||
|
{
|
||||||
|
$this->setExpectedException('Doctrine\ORM\ORMException', 'Unrecognized field: ');
|
||||||
|
|
||||||
|
$repository = $this->_em->getRepository('Doctrine\Tests\Models\CMS\CmsUser');
|
||||||
|
$repository->findBy(array('username = ?; DELETE FROM cms_users; SELECT 1 WHERE 1' => 'test'));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @group DDC-3045
|
||||||
|
*/
|
||||||
|
public function testFindOneByFieldInjectionPrevented()
|
||||||
|
{
|
||||||
|
$this->setExpectedException('Doctrine\ORM\ORMException', 'Unrecognized field: ');
|
||||||
|
|
||||||
|
$repository = $this->_em->getRepository('Doctrine\Tests\Models\CMS\CmsUser');
|
||||||
|
$repository->findOneBy(array('username = ?; DELETE FROM cms_users; SELECT 1 WHERE 1' => 'test'));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @group DDC-3045
|
||||||
|
*/
|
||||||
|
public function testMatchingInjectionPrevented()
|
||||||
|
{
|
||||||
|
$this->setExpectedException('Doctrine\ORM\ORMException', 'Unrecognized field: ');
|
||||||
|
|
||||||
|
$repository = $this->_em->getRepository('Doctrine\Tests\Models\CMS\CmsUser');
|
||||||
|
$repository->matching(new Criteria(
|
||||||
|
Criteria::expr()->eq('username = ?; DELETE FROM cms_users; SELECT 1 WHERE 1', 'beberlei')
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @group DDC-3045
|
||||||
|
*/
|
||||||
|
public function testFindInjectionPrevented()
|
||||||
|
{
|
||||||
|
$this->setExpectedException('Doctrine\ORM\ORMException', 'Unrecognized identifier fields: ');
|
||||||
|
|
||||||
|
$repository = $this->_em->getRepository('Doctrine\Tests\Models\CMS\CmsUser');
|
||||||
|
$repository->find(array('username = ?; DELETE FROM cms_users; SELECT 1 WHERE 1' => 'test', 'id' => 1));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user