forked from Wavyzz/dolibarr
FIX pgsql compatibility. Add PHPUnit to avoid using dates without quotes
This commit is contained in:
Laurent Destailleur
@@ -155,6 +155,25 @@ class CodingPhpTest extends PHPUnit_Framework_TestCase
|
||||
print 'Check php file '.$file['fullname']."\n";
|
||||
$filecontent=file_get_contents($file['fullname']);
|
||||
|
||||
|
||||
$ok=true;
|
||||
$matches=array();
|
||||
// Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request.
|
||||
preg_match_all('/(..)\s*\.\s*\$this->db->idate\(/', $filecontent, $matches, PREG_SET_ORDER);
|
||||
foreach($matches as $key => $val)
|
||||
{
|
||||
if ($val[1] != '\'"' && $val[1] != '\'\'')
|
||||
{
|
||||
$ok=false;
|
||||
break;
|
||||
}
|
||||
//if ($reg[0] != 'db') $ok=false;
|
||||
}
|
||||
//print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
|
||||
$this->assertTrue($ok, 'Found a $this->db->idate to forge a sql request without quotes around this date field '.$file['fullname'].' :: '.$val[0]);
|
||||
//exit;
|
||||
|
||||
|
||||
$ok=true;
|
||||
$matches=array();
|
||||
// Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request.
|
||||
@@ -172,6 +191,7 @@ class CodingPhpTest extends PHPUnit_Framework_TestCase
|
||||
$this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['fullname'].' ('.$val[0].'). Bad.');
|
||||
//exit;
|
||||
|
||||
|
||||
// Test that output of $_SERVER\[\'QUERY_STRING\'\] is escaped.
|
||||
$ok=true;
|
||||
$matches=array();
|
||||
|
||||
Reference in New Issue
Block a user