public function DatabaseStatementPrefetchGadgetChainTestCase::testUpdateQueryGadgetChain

1 database_test.test public DatabaseStatementPrefetchGadgetChainTestCase::testUpdateQueryGadgetChain()

Tests unserialization within the UpdateQuery class.

File

core/modules/simpletest/tests/database_test.test, line 4193: Database tests.

Class

DatabaseStatementPrefetchGadgetChainTestCase: Tests database statements against deserialization attacks.

Code

public function testUpdateQueryGadgetChain() {
  if (version_compare(PHP_VERSION, '7.4', '<')) {
    $this->assert('pass', 'Test skipped for older PHP versions.');
    return;
  }
  $payload = 'O:11:"UpdateQuery":2:{s:10:"connection";O:24:"DatabaseConnection_mysql":0:{}s:6:"fields";O:25:"DatabaseStatementPrefetch":3:{s:10:"currentRow";a:0:{}s:10:"fetchStyle";i:8;s:12:"fetchOptions";a:2:{s:5:"class";s:10:"FakeRecord";s:16:"constructor_args";a:2:{i:0;s:3:"foo";i:1;s:3:"bar";}}}}';
  try {
    // In this case we can assign the return value; casting it to a string
    // invokes the relevant __toString magic method.
    $result = (string) unserialize($payload);
  }
  catch (Exception $e) {
    $this->assertEqual(get_class($e), 'UnexpectedValueException', get_class($e) . ' thrown when unserializing payload.');
  }
}