> 5) & 1))", "", false), // OPI email query with evil mods, should not pass array("contacts.assigned_user_id = '1' AND (contacts.first_name like '%collin.c.lee@gmail.com%' OR contacts.last_name like '%collin.c.lee@gmail.com%' OR contacts.id IN (SELECT eabr.bean_id FROM email_addr_bean_rel eabr JOIN email_addresses ea ON (ea.id = eabr.email_address_id) JOIN users WHERE users.is_admin='1' AND eabr.deleted=0 AND ea.email_address LIKE 'collin.c.lee@gmail.com%'))", "contacts.last_name asc", false), // bug 50336 array('contacts.id IN (SELECT email_addr_bean_rel.bean_id FROM email_addr_bean_rel, email_addresses WHERE email_addresses.id = email_addr_bean_rel.email_address_id AND email_addr_bean_rel.deleted = 0 AND email_addr_bean_rel.bean_module = \'Contacts\' AND email_addresses.email_address IN ("odemendez@starbucks.fr"))', '', true), // bug 50487 - Quoted identifiers array("`users`.`user_name` = 'admin'", "", true), array("`users`.`user_name` = 'admin' and `users`.`first_name` = 'george'", "", true), array("`users`.`user_name` = 'admin' and `users`.`first_name` = 'george'", "`users`.`first_name`", true), array("`users.user_name = 'admin'`", "", false), ); } /** * @dataProvider getQueries * @outputBuffering disabled */ public function testCheckQuery($where, $order_by, $ok) { $helper = new SugarSQLValidate(); $res = $helper->validateQueryClauses($where, $order_by); $params = array($where, $order_by); if($ok) { $this->assertTrue($res, string_format("Failed asserting that where: {0} and order by: {1} is valid", $params)); } else { $this->assertFalse($res, string_format("Failed asserting that where: {0} and order by: {1} is invalid", $params)); } } }