diff --git a/docs/guide/db-query-builder.md b/docs/guide/db-query-builder.md index 2d9184a..fc99c6c 100644 --- a/docs/guide/db-query-builder.md +++ b/docs/guide/db-query-builder.md @@ -235,7 +235,7 @@ filter variable against white list. In case you need to get column name from use guide article. For example the following code is vulnerable: ```php -// Vulnarable code: +// Vulnerable code: $column = $request->get('column'); $value = $request->get('value); $query->where([$column => $value]); @@ -320,12 +320,12 @@ the operator can be one of the following: Using the Operator Format, Yii internally uses parameter binding for values, so in contrast to the [string format](#string-format), here you do not have to add parameters manually. However, note that Yii never escapes column names, so if you pass a variable as a column name, the application will likely become vulnerable to SQL injection attack. In order to keep -application secure, either either do not use variables as column names or filter variable against white list. +application secure, either do not use variables as column names or filter variable against white list. In case you need to get column name from user, read the [Filtering Data](output-data-widgets.md#filtering-data) guide article. For example the following code is vulnerable: ```php -// Vulnarable code: +// Vulnerable code: $column = $request->get('column'); $value = $request->get('value); $query->where(['=', $column, $value]); diff --git a/framework/UPGRADE.md b/framework/UPGRADE.md index 28c43a2..cafb08c 100644 --- a/framework/UPGRADE.md +++ b/framework/UPGRADE.md @@ -233,7 +233,7 @@ Upgrade from Yii 2.0.12 However, this change may affect your application if you have code that uses method `yii\base\Module::has()` in order to check existence of the component exactly in this specific module. In this case make sure the logic is not corrupted. -* If you are using "asset" command to compress assets and your web applicaiton `assetManager` has `linkAssets` turned on, +* If you are using "asset" command to compress assets and your web application `assetManager` has `linkAssets` turned on, make sure that "asset" command config has `linkAssets` turned on as well. diff --git a/tests/framework/behaviors/CacheableWidgetBehaviorTest.php b/tests/framework/behaviors/CacheableWidgetBehaviorTest.php index 0ae106a..fdcf5e0 100644 --- a/tests/framework/behaviors/CacheableWidgetBehaviorTest.php +++ b/tests/framework/behaviors/CacheableWidgetBehaviorTest.php @@ -18,14 +18,14 @@ class CacheableWidgetBehaviorTest extends TestCase /** * Default-initialized simple cacheable widget mock. * - * @var PHPUnit_Framework_MockObject_MockObject + * @var PHPUnit_Framework_MockObject_MockObject|SimpleCacheableWidget|CacheableWidgetBehavior */ private $simpleWidget; /** * Default-initialized dynamic cacheable widget mock. * - * @var PHPUnit_Framework_MockObject_MockObject + * @var PHPUnit_Framework_MockObject_MockObject|DynamicCacheableWidget|CacheableWidgetBehavior */ private $dynamicWidget; @@ -38,6 +38,9 @@ class CacheableWidgetBehaviorTest extends TestCase $this->initializeWidgetMocks(); } + /** + * @throws \Exception + */ public function testWidgetIsRunWhenCacheIsEmpty() { $this->simpleWidget @@ -48,6 +51,9 @@ class CacheableWidgetBehaviorTest extends TestCase $this->assertEquals('contents', $contents); } + /** + * @throws \Exception + */ public function testWidgetIsNotRunWhenCacheIsNotEmpty() { $this->simpleWidget->cacheDuration = 0; @@ -55,11 +61,14 @@ class CacheableWidgetBehaviorTest extends TestCase ->expects($this->once()) ->method('run'); - for ($counter = 0; $counter <= 42; $counter++) { + for ($counter = 0; $counter <= 1; $counter++) { $this->assertEquals('contents', $this->simpleWidget->test()); } } + /** + * @throws \Exception + */ public function testDynamicContent() { $this->dynamicWidget->cacheDuration = 0; @@ -67,7 +76,7 @@ class CacheableWidgetBehaviorTest extends TestCase ->expects($this->once()) ->method('run'); - for ($counter = 0; $counter <= 42; $counter++) { + for ($counter = 0; $counter <= 1; $counter++) { $expectedContents = sprintf('
dynamic contents: %d
', $counter); $this->assertEquals($expectedContents, $this->dynamicWidget->test()); } @@ -104,7 +113,8 @@ class CacheableWidgetBehaviorTest extends TestCase /** * Returns a widget mock. - * + * @param $widgetClass + * @return PHPUnit_Framework_MockObject_MockObject */ private function getWidgetMock($widgetClass) {