> 5) & 1))", "", false), // OPI email query with evil mods, should not pass array("contacts.assigned_user_id = '1' AND (contacts.first_name like '%collin.c.lee@gmail.com%' OR contacts.last_name like '%collin.c.lee@gmail.com%' OR contacts.id IN (SELECT eabr.bean_id FROM email_addr_bean_rel eabr JOIN email_addresses ea ON (ea.id = eabr.email_address_id) JOIN users WHERE users.is_admin='1' AND eabr.deleted=0 AND ea.email_address LIKE 'collin.c.lee@gmail.com%'))", "contacts.last_name asc", false), ); } /** * @dataProvider getQueries */ public function testCheckQuery($where, $order_by, $ok) { $helper = new SugarSQLValidate(); $res = $helper->validateQueryClauses($where, $order_by); if($ok) { $this->assertTrue($res); } else { $this->assertFalse($res); } } }