You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: WordPress/Tests/DB/PreparedSQLUnitTest.1.inc
+14-1Lines changed: 14 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -117,7 +117,7 @@ $wpdb
117
117
$wpdb?->query( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . (int) $foo . "';" ); // OK.
118
118
$wpdb?->query( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . foo() . "';" ); // Bad.
119
119
120
-
WPDB::prepare( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . foo() . "';" ); // Bad.
120
+
\WPDB::prepare( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . foo() . "';" ); // Bad.
121
121
$wpdb->Query( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . foo() . "';" ); // Bad.
122
122
123
123
$wpdb->query( "SELECT * FROM $wpdb->posts WHERE value = " . {$foo} . ";" ); // Bad - on $foo, not on the {}.
@@ -142,3 +142,16 @@ echo $wpdb::CONSTANT_NAME;
142
142
143
143
// Not an identifiable method call.
144
144
$wpdb->{$methodName}('query');
145
+
146
+
// TODO: the below currently is flagged but it shouldn't be.
147
+
/*
148
+
MyNamespace\WPDB::prepare( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . foo() . "';" );
149
+
\MyNamespace\WPDB::prepare( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . foo() . "';" );
150
+
namespace\WPDB::prepare( "SELECT * FROM $wpdb->posts WHERE post_title LIKE '" . foo() . "';" ); // This should be flagged in the future once the sniff is able to resolve relative namespaces.
151
+
*/
152
+
153
+
$wpdb->query( "SELECT * FROM $wpdb->posts WHERE ID = " . MyNamespace\absint( $foo ) );
154
+
$wpdb->query( "SELECT * FROM $wpdb->posts WHERE ID = " . \MyNamespace\absint( $foo ) );
155
+
$wpdb->query( "SELECT * FROM $wpdb->posts WHERE ID = " . namespace\absint( $foo ) ); // This should NOT be flagged in the future once the sniff is able to resolve relative namespaces.
156
+
157
+
// TODO: add similar namespace tests as the ones above for PreparedSQLSniff::$SQLAutoEscapedFunctions and FormattingFunctionsHelper::$formattingFunctions.
0 commit comments