You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: WordPress/Tests/DB/PreparedSQLUnitTest.1.inc
+35Lines changed: 35 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -142,3 +142,38 @@ echo $wpdb::CONSTANT_NAME;
142
142
143
143
// Not an identifiable method call.
144
144
$wpdb->{$methodName}('query');
145
+
146
+
/*
147
+
* Safeguard correct handling of all types of namespaced calls to the WPDB::prepare() method.
148
+
*
149
+
* Note that calling wpdb::prepare() statically will result in an error. Still, the tests are included here since the
150
+
* sniff handles those calls.
151
+
*/
152
+
\WPDB::prepare( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . foo() . "';" );
153
+
MyNamespace\WPDB::prepare( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . foo() . "';" );
154
+
\MyNamespace\wpdb::prepare( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . foo() . "';" );
155
+
namespace\wpdb::prepare( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . foo() . "';" ); // This should be flagged in the future once the sniff is able to resolve relative namespaces.
156
+
157
+
/*
158
+
* Safeguard correct handling of all types of namespaced calls to PreparedSQLSniff::$SQLEscapingFunctions.
159
+
*/
160
+
$wpdb->query( "SELECT * FROM $wpdb->posts WHERE ID = " . \absint( $foo ) );
161
+
$wpdb->query( "SELECT * FROM $wpdb->posts WHERE ID = " . MyNamespace\absint( $foo ) );
162
+
$wpdb->query( "SELECT * FROM $wpdb->posts WHERE ID = " . \MyNamespace\absint( $foo ) );
163
+
$wpdb->query( "SELECT * FROM $wpdb->posts WHERE ID = " . namespace\absint( $foo ) ); // This should NOT be flagged in the future once the sniff is able to resolve relative namespaces.
164
+
165
+
/*
166
+
* Safeguard correct handling of all types of namespaced calls to PreparedSQLSniff::$SQLAutoEscapedFunctions.
167
+
*/
168
+
$wpdb->query( "SELECT * FROM $wpdb->posts WHERE ID = " . \count( $foo ) );
169
+
$wpdb->query( "SELECT * FROM $wpdb->posts WHERE ID = " . MyNamespace\count( $foo ) );
170
+
$wpdb->query( "SELECT * FROM $wpdb->posts WHERE ID = " . \MyNamespace\count( $foo ) );
171
+
$wpdb->query( "SELECT * FROM $wpdb->posts WHERE ID = " . namespace\count( $foo ) ); // This should NOT be flagged in the future once the sniff is able to resolve relative namespaces.
172
+
173
+
/*
174
+
* Safeguard correct handling of all types of namespaced calls to FormattingFunctionsHelper::$formattingFunctions.
175
+
*/
176
+
$wpdb->get_results( \sprintf( "SELECT * FROM $wpdb->posts WHERE ID = %s", intval( $id ) ) );
177
+
$wpdb->get_results( MyNamespace\sprintf( "SELECT * FROM $wpdb->posts WHERE ID = %s", intval( $id ) ) );
178
+
$wpdb->get_results( \MyNamespace\sprintf( "SELECT * FROM $wpdb->posts WHERE ID = %s", intval( $id ) ) );
179
+
$wpdb->get_results( namespace\sprintf( "SELECT * FROM $wpdb->posts WHERE ID = %s", intval( $id ) ) ); // This should NOT be flagged in the future once the sniff is able to resolve relative namespaces.
0 commit comments