| 1 database_test.test | public DatabaseStatementPrefetchGadgetChainTestCase::testThemeRegistryGadgetChain() |
Tests unserialization within the theme registry.
File
- core/
modules/ simpletest/ tests/ database_test.test, line 4175 - Database tests.
Class
- DatabaseStatementPrefetchGadgetChainTestCase
- Tests database statements against deserialization attacks.
Code
public function testThemeRegistryGadgetChain() {
if (version_compare(PHP_VERSION, '7.4', '<')) {
$this->assert('pass', 'Test skipped for older PHP versions.');
return;
}
$payload = 'O:13:"ThemeRegistry":1:{s:13:"keysToPersist";O:25:"DatabaseStatementPrefetch":3:{s:10:"currentRow";a:0:{}s:10:"fetchStyle";i:8;s:12:"fetchOptions";a:2:{s:5:"class";s:10:"FakeRecord";s:16:"constructor_args";a:1:{i:0;a:2:{i:0;s:3:"foo";i:1;s:3:"bar";}}}}}';
try {
// Do not assign the return value of unserialize as we want the objects
// to be destructed immediately.
unserialize($payload);
}
catch (Exception $e) {
$this->assertEqual(get_class($e), 'UnexpectedValueException', get_class($e) . ' thrown when unserializing payload.');
}
}