Prevent unexpected results with non-conditional string condition

Author: opengeek

src/xPDO/Om/xPDOQuery.php

@@ -817,6 +817,13 @@ public function parseConditions($conditions, $conjunction = xPDOQuery::SQL_AND)
             $field['conjunction']= $conjunction;
             $result = new xPDOQueryCondition($field);
         }
+        else {
+            $result= new xPDOQueryCondition([
+                'sql' => $conditions,
+                'binding' => null,
+                'conjunction' => $conjunction
+            ]);
+        }
         return $result;
     }
 

src/xPDO/xPDO.php

@@ -1056,6 +1056,7 @@ public function getCount($className, $criteria = null) {
      */
     public function getObjectGraph($className, $graph, $criteria= null, $cacheFlag= true) {
         $object= null;
+        $this->sanitizePKCriteria($className, $criteria);
         if ($collection= $this->getCollectionGraph($className, $graph, $criteria, $cacheFlag)) {
             if (!count($collection) === 1) {
                 $this->log(xPDO::LOG_LEVEL_WARN, 'getObjectGraph criteria returned more than one instance.');

test/xPDO/Test/Om/xPDOObjectTest.php

@@ -11,6 +11,7 @@
 namespace xPDO\Test\Om;
 
 use xPDO\Om\xPDOObject;
+use xPDO\Test\Sample\Person;
 use xPDO\TestCase;
 use xPDO\xPDO;
 
@@ -327,6 +328,13 @@ public function testCascadeSave()
         $person->remove();
     }
 
+    public function testGetObjectDoesNotReturnUnexpectedResults()
+    {
+        $person = $this->xpdo->getObject('xPDO\\Test\\Sample\\Person', 'test');
+
+        $this->assertNull($person, 'getObject returned an instance from an invalid key');
+    }
+
     /**
      * Test getting an object by the primary key.
      *
@@ -393,6 +401,13 @@ public function testGetObjectGraphsByPK()
         $this->assertTrue($phone instanceof \xPDO\Test\Sample\Phone, "Error retrieving related Phone object via getObjectGraph");
     }
 
+    public function testGetObjectGraphDoesNotReturnUnexpectedResults()
+    {
+        $person = $this->xpdo->getObjectGraph('xPDO\\Test\\Sample\\Person', '{"PersonPhone":{"Phone":{}}}', 'test');
+
+        $this->assertNull($person, 'getObjectGraph returned unexpected result from invalid key');
+    }
+
     /**
      * Test getObjectGraph by PK with JSON graph
      */
@@ -421,6 +436,13 @@ public function testGetObjectGraphsJSONByPK()
         $this->assertTrue($phone instanceof \xPDO\Test\Sample\Phone, "Error retrieving related Phone object via getObjectGraph, JSON graph");
     }
 
+    public function testGetCollectionDoesNotReturnUnexpectedResults()
+    {
+        $person = $this->xpdo->getCollection('xPDO\\Test\\Sample\\Person', 'test');
+
+        $this->assertEmpty($person, 'getCollection returned data from an invalid where clause');
+    }
+
     /**
      * Test xPDO::getCollection
      */
@@ -436,6 +458,13 @@ public function testGetCollection()
         $this->assertTrue(count($people) == 2, "Error retrieving all objects.");
     }
 
+    public function testGetCollectionGraphDoesNotReturnUnexpectedResults()
+    {
+        $person = $this->xpdo->getCollectionGraph('xPDO\\Test\\Sample\\Person', array('PersonPhone' => array('Phone' => array())), 'test');
+
+        $this->assertEmpty($person, 'getCollectionGraph returned data from an invalid where clause');
+    }
+
     /**
      * Test xPDO::getCollectionGraph
      */