vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2025-10-16 12:05:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2fa1194a75
wordpress-develop/tests/phpunit
History
David Baumwald ac64f38b66 Database: Add %i placeholder support to $wpdb->prepare to escape table and column names. 
WordPress does not currently provide an explicit method for escaping SQL table and column names. This leads to potential security vulnerabilities, and makes reviewing code for security unnecessarily difficult.  Also, static analysis tools also flag the queries as having unescaped SQL input.

Tables and column names in queries are usually in-the-raw, since using the existing `%s` will straight quote the value, making the query invalid.

This change introduces a new `%i` placeholder in `$wpdb->prepare` to properly quote table and column names using backticks.

Props tellyworth, iandunn, craigfrancis, peterwilsoncc, johnbillion, apokalyptik.
Fixes #52506.

git-svn-id: https://develop.svn.wordpress.org/trunk@53575 602fd350-edb4-49c9-b593-d223f7449a82
2022-06-24 20:33:56 +00:00
..
data Themes: Accept valid block themes. 2022-05-20 00:47:45 +00:00
includes Tests: Move assertQueryTrue() closer to the other custom assertions in WP_UnitTestCase_Base. 2022-06-21 11:12:02 +00:00
tests Database: Add %i placeholder support to $wpdb->prepare to escape table and column names. 2022-06-24 20:33:56 +00:00
build.xml Coding Standards: Replace spaced indentation sections of phpunit.xml.dist, multisite.xml, and build.xml with tabs. 2019-01-28 17:20:06 +00:00
multisite.xml Build/Test Tools: Update PHPUnit configuration for PHPUnit 9.5.10/8.5.21+. 2021-09-26 03:11:18 +00:00
README.txt Docs: Remove double spaces in tests/phpunit/README.txt. 2022-04-29 13:31:48 +00:00
wp-mail-real-test.php Code Modernization: Replace dirname( __FILE__ ) calls with __DIR__ magic constant. 2020-02-06 06:31:22 +00:00

README.txt 

The short version:

1. Create a clean MySQL database and user. DO NOT USE AN EXISTING DATABASE or you will lose data, guaranteed.

2. Copy wp-tests-config-sample.php to wp-tests-config.php, edit it and include your database name/user/password.

3. $ svn up

4. Run the tests from the "trunk" directory:
   To execute a particular test:
      $ phpunit tests/phpunit/tests/test_case.php
   To execute all tests:
      $ phpunit

Notes:

Test cases live in the 'tests' subdirectory. All files in that directory will be included by default. Extend the WP_UnitTestCase class to ensure your test is run.

phpunit will initialize and install a (more or less) complete running copy of WordPress each time it is run. This makes it possible to run functional interface and module tests against a fully working database and codebase, as opposed to pure unit tests with mock objects and stubs. Pure unit tests may be used also, of course.

Changes to the test database will be rolled back as tests are finished, to ensure a clean start next time the tests are run.

phpunit is intended to run at the command line, not via a web server.