TYPO3 CMS  TYPO3_8-7
QueryGeneratorTest.php
Go to the documentation of this file.
1 <?php
2 declare(strict_types = 1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
23 
27 class QueryGeneratorTest extends FunctionalTestCase
28 {
29  protected function setUp()
30  {
31  parent::setUp();
32  $this->setUpBackendUserFromFixture(1);
33  $GLOBALS['LANG'] = new LanguageService();
34  }
35 
40  {
41  return [
42  'multidimensional array input' => [
43  [
44  'foo' => [
45  'bar' => 1,
46  'baz' => [
47  'jane' => 1,
48  'john' => 'doe',
49  ],
50  'fae' => 1,
51  ],
52  'don' => [
53  'dan' => 1,
54  'jim' => [
55  'jon' => 1,
56  'jin' => 'joh',
57  ],
58  ],
59  'one' => [
60  'two' => 1,
61  'three' => [
62  'four' => 1,
63  'five' =>'six',
64  ],
65  ]
66  ],
67  [
68  0 => 'foo',
69  1 => 'bar',
70  ],
71  ],
72  'array with multiple entries input' => [
73  [
74  'foo' => 1,
75  'bar' => 2,
76  'baz' => 3,
77  'don' => 4,
78  ],
79  [
80  0 => 'foo',
81  ],
82  ],
83  'array with one entry input' => [
84  [
85  'foo' => 'bar',
86  ],
87  [
88  0 => 'foo',
89  ],
90  ],
91  'empty array input' => [
92  [],
93  [
94  0 => null,
95  ],
96  ],
97  'empty multidimensional array input' => [
98  [[[[]]], [[]], [[]]],
99  [
100  0 => 0,
101  1 => 0,
102  2 => 0,
103  3 => null,
104  ],
105  ],
106  'null input' => [
107  null,
108  [],
109  ],
110  'string input' => [
111  'foo bar',
112  [],
113  ],
114  'numeric input' => [
115  3.14,
116  [],
117  ],
118  ];
119  }
120 
127  public function getSubscriptReturnsExpectedValues($input, array $expectedArray)
128  {
129  $subject = new QueryGenerator();
130  $this->assertSame($expectedArray, $subject->getSubscript($input));
131  }
132 
133  public function arbitraryDataIsEscapedDataProvider(): array
134  {
135  $dataSet = [];
136  $injectors = [
137  // INJ'ECT
138  'INJ%quoteCharacter%ECT',
139  // INJ '--
140  // ' ECT
141  'INJ %quoteCharacter%%commentStart% %commentEnd%%quoteCharacter% ECT'
142  ];
143  $comparisons = array_keys((new QueryGenerator())->compSQL);
144  foreach ($injectors as $injector) {
145  foreach ($comparisons as $comparison) {
146  $dataSet[] = [
147  $injector,
148  [
149  'queryTable' => 'tt_content',
150  'queryFields' => 'uid,' . $injector,
151  'queryGroup' => $injector,
152  'queryOrder' => $injector,
153  'queryLimit' => $injector,
154  'queryConfig' => serialize([
155  [
156  'operator' => $injector,
157  'type' => 'FIELD_category_field', // falls back to CType (first field)
158  'comparison' => $comparison,
159  'inputValue' => $injector,
160 
161  ],
162  [
163  'operator' => $injector,
164  'type' => 'FIELD_category_field',
165  'comparison' => $comparison,
166  'inputValue' => $injector,
167 
168  ],
169  ]),
170  ],
171  ];
172  }
173  }
174  return $dataSet;
175  }
176 
185  public function arbitraryDataIsEscaped(string $injector, array $settings)
186  {
187  $databasePlatform = GeneralUtility::makeInstance(ConnectionPool::class)
188  ->getConnectionForTable('tt_content')->getDatabasePlatform();
189  $replacements = [
190  '%quoteCharacter%' => $databasePlatform->getStringLiteralQuoteCharacter(),
191  '%commentStart%' => $databasePlatform->getSqlCommentStartString(),
192  '%commentEnd%' => $databasePlatform->getSqlCommentEndString()
193  ];
194  $injector = str_replace(array_keys($replacements), $replacements, $injector);
195  $settings = $this->prepareSettings($settings, $replacements);
196 
197  $queryGenerator = new QueryGenerator();
198  $queryGenerator->init('queryConfig', $settings['queryTable']);
199  $queryGenerator->makeSelectorTable($settings);
200  $queryGenerator->enablePrefix = true;
201 
202  $queryString = $queryGenerator->getQuery($queryGenerator->queryConfig);
203  $query = $queryGenerator->getSelectQuery($queryString);
204 
205  self::assertNotContains($injector, $query);
206  }
207 
208  protected function prepareSettings(array $settings, array $replacements): array
209  {
210  foreach ($settings as $settingKey => &$settingValue) {
211  if (is_string($settingValue)) {
212  $settingValue = str_replace(array_keys($replacements), $replacements, $settingValue);
213  }
214  if (is_array($settingValue)) {
215  $settingValue = $this->prepareSettings($settingValue, $replacements);
216  }
217  }
218  return $settings;
219  }
220 }
static makeInstance($className,... $constructorArguments)
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']