corrections, code coverage updates, update sanitize_path, update version

Author: TheTechsTech

lib/Constants.php

@@ -5,7 +5,7 @@
     /**
      * ezsqlModel Constants
      */
-    \defined('EZSQL_VERSION') or \define('EZSQL_VERSION', '5.1.1');
+    \defined('EZSQL_VERSION') or \define('EZSQL_VERSION', '5.1.2');
     \defined('OBJECT') or \define('OBJECT', 'OBJECT');
     \defined('ARRAY_A') or \define('ARRAY_A', 'ARRAY_A');
     \defined('ARRAY_N') or \define('ARRAY_N', 'ARRAY_N');

lib/ezFunctions.php

@@ -607,17 +607,17 @@ function is_traversal(string $basePath, string $filename)
      *
      * Example:
      *
-     *  `sanitize_path("../../../../config.php");`
-     *
-     *      Returns `config.php` without the path traversal
-     * @param string $path
+     * `sanitize_path("../../../../config.php-");`
+     * - Returns `config.php` without the path traversal
+     * @param string $path original file/path to be sanitized.
      * @return string
      */
     function sanitize_path(string $path)
     {
         $file = \preg_replace("/\.[\.]+/", "", $path);
         $file = \preg_replace("/^[\/]+/", "", $file);
         $file = \preg_replace("/^[A-Za-z][:\|][\/]?/", "", $file);
+        $file = \trim($file, '.-_');
         return ($file);
     }
 
@@ -1365,7 +1365,7 @@ function unionAll($table = '', $columnFields = '*', ...$conditions)
     /**
      * Specifies an ordering for the query results.
      * @param string $orderBy - The column.
-     * @param string $order - The ordering direction.
+     * @param string $order - The ordering direction, either `ASC`|`DESC`.
      *
      * @return string - ORDER BY SQL statement, or false on error
      */

lib/ezQuery.php

@@ -269,8 +269,8 @@ public function orderBy($orderBy, $order)
         }
 
         $columns = $this->to_string($orderBy);
-
-        $order = (\in_array(\strtoupper($order), array('ASC', 'DESC'))) ? \strtoupper($order) : 'ASC';
+        $by = \strtoupper($order);
+        $order = (\in_array($by, array('ASC', 'DESC'))) ? $by : 'ASC';
 
         return 'ORDER BY ' . $columns . ' ' . $order;
     }

lib/ezQueryInterface.php

@@ -276,7 +276,7 @@ public function unionAll(string $table = null, $columnFields = '*', ...$conditio
     /**
      * Specifies an ordering for the query results.
      * @param string $orderBy - The column.
-     * @param string $order - The ordering direction.
+     * @param string $order - The ordering direction, either `ASC`|`DESC`.
      *
      * @return string - ORDER BY SQL statement, or false on error
      */

tests/ezFunctionsTest.php

@@ -70,7 +70,7 @@ public function testClean_string()
 
     public function testSanitize_path()
     {
-        $this->assertEquals("config.php", sanitize_path("../../../../config.php"));
+        $this->assertEquals("config.php", sanitize_path("../../../../config.php-"));
     }
 
     public function testis_traversal()

tests/mysqli/mysqliTest.php

@@ -25,6 +25,8 @@
     dropping,
     altering,
     get_results,
+    limit,
+    orderBy,
     replacing,
     table_setup,
     where
@@ -603,7 +605,7 @@ public function testSelectAndCreateTable()
             ])
         );
 
-        $result = $this->object->select('users', 'id, tel_num, email', eq('user_name ', 'walker'));
+        $result = $this->object->select('users', 'id, tel_num, email', where(eq('user_name ', 'walker')), orderBy('id', 'ASC'), limit(1));
 
         $this->object->debugOn();
         $this->expectOutputRegex('/[123456]/');