fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PMC-552-A

Browse Source
This commit is contained in:
Andrea Adamczyk
2019-06-17 09:33:30 -04:00
parent ecb3475342
commit e2cf0a95ab
2 changed files with 99 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
gulliver/system/class.g.php
View File

@@ -1639,7 +1639,7 @@ class G
* @param string $sqlString The string to be escaped
* @param string $DBEngine Target DBMS
*/
public function sqlEscape($sqlString, $DBEngine = DB_ADAPTER)
public static function sqlEscape($sqlString, $DBEngine = DB_ADAPTER)
{
$DBEngine = DB_ADAPTER;
switch ($DBEngine) {
@@ -1748,12 +1748,12 @@ class G
}
//Non-quoted
if (($match[1][$r][0] == '#') && (isset($result[$match[2][$r][0]]))) {
$__textoEval .= G::replaceDataField($result[$match[2][$r][0]], $result);
$__textoEval .= $result[$match[2][$r][0]];
continue;
}
//Non-quoted =
if (($match[1][$r][0] == '=') && (isset($result[$match[2][$r][0]]))) {
$__textoEval .= G::replaceDataField($result[$match[2][$r][0]], $result);
$__textoEval .= $result[$match[2][$r][0]];
continue;
}
//Objects attributes

96
tests/unit/gulliver/system/ReplaceDataFieldTest.php Normal file
View File

@@ -0,0 +1,96 @@
<?php
use Tests\TestCase;
class ReplaceDataFieldTest extends TestCase
{
/**
* Check that the value of "@q" followed by a string is not being set as empty when using "@#" to identify a variable
*
* @test
* @covers G::replaceDataField
*/
public function it_should_not_set_empty_when_calling_a_variable_with_hashtag_symbol()
{
$string = '<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
<html>
<head>
</head>
<body>
<p>THIS IS ONLY A TEST OF THE VARIABLE&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;@#var_supplierEmail&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;</p>
</body>
</html>';
$result = [
'var_supplierEmail' => 'asa@qq.fds',
'var_supplierEmail_label' => 'asa@qq.fds',
];
$dbEngine = 'mysql';
// Replace variables in the string
$stringToCheck = G::replaceDataField($string, $result, $dbEngine);
// Assert the @qq is not being set as an empty value
$this->assertRegExp("/asa@qq.fds/", $stringToCheck);
// Testing with a "@qstring" value
$result = [
'var_supplierEmail' => '@qstring',
'var_supplierEmail_label' => '@qstring',
];
$dbEngine = 'mysql';
// Replace variables in the string
$stringToCheck = G::replaceDataField($string, $result, $dbEngine);
// Assert the @qstring is not being set as an empty value
$this->assertRegExp("/@qstring/", $stringToCheck);
}
/**
* Check that the value of "@q" followed by a string is not being set as empty when using "@=" to identify a variable
*
* @test
* @covers G::replaceDataField
*/
public function it_should_not_set_empty_when_calling_a_variable_with_equals_symbol()
{
$string = '<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
<html>
<head>
</head>
<body>
<p>THIS IS ONLY A TEST OF THE VARIABLE&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;@=var_supplierEmail&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;</p>
</body>
</html>';
$result = [
'var_supplierEmail' => 'asa@qq.fds',
'var_supplierEmail_label' => 'asa@qq.fds',
];
$dbEngine = 'mysql';
// Replace variables in the string
$stringToCheck = G::replaceDataField($string, $result, $dbEngine);
// Assert the @qq is not being set as an empty value
$this->assertRegExp("/asa@qq.fds/", $stringToCheck);
// Testing with a "@qstring" value
$result = [
'var_supplierEmail' => '@qstring',
'var_supplierEmail_label' => '@qstring',
];
$dbEngine = 'mysql';
// Replace variables in the string
$stringToCheck = G::replaceDataField($string, $result, $dbEngine);
// Assert the @qstring is not being set as an empty value
$this->assertRegExp("/@qstring/", $stringToCheck);
}
}