Error202
/
yii2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Merge branch 'master' of github.com:yiisoft/yii2 

* 'master' of github.com:yiisoft/yii2:
  Fixed a small spelling mistake
  Tweaking a few grammatical bugs (#15932) [skip ci]
  CacheableWidgetBehaviorTest enhancements (#15930)
tags/2.0.16
Carsten Brandt 7 years ago
parent
0244abcd5a 143d429975
commit
5aa7bffedd
No known key found for this signature in database
GPG Key ID: BE4F41DE1DEEEED0
3 changed files with 19 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      docs/guide/db-query-builder.md
  2. 2
      framework/UPGRADE.md
  3. 20
      tests/framework/behaviors/CacheableWidgetBehaviorTest.php

6
docs/guide/db-query-builder.md
Unescape View File

@ -235,7 +235,7 @@ filter variable against white list. In case you need to get column name from use
guide article. For example the following code is vulnerable:
```php
// Vulnarable code:
// Vulnerable code:
$column = $request->get('column');
$value = $request->get('value);
$query->where([$column => $value]);
@ -320,12 +320,12 @@ the operator can be one of the following:
Using the Operator Format, Yii internally uses parameter binding for values, so in contrast to the [string format](#string-format),
here you do not have to add parameters manually. However, note that Yii never escapes column names, so if you pass
a variable as a column name, the application will likely become vulnerable to SQL injection attack. In order to keep
application secure, either either do not use variables as column names or filter variable against white list.
application secure, either do not use variables as column names or filter variable against white list.
In case you need to get column name from user, read the [Filtering Data](output-data-widgets.md#filtering-data)
guide article. For example the following code is vulnerable:
```php
// Vulnarable code:
// Vulnerable code:
$column = $request->get('column');
$value = $request->get('value);
$query->where(['=', $column, $value]);

2
framework/UPGRADE.md
Unescape View File

@ -233,7 +233,7 @@ Upgrade from Yii 2.0.12
However, this change may affect your application if you have code that uses method `yii\base\Module::has()` in order
to check existence of the component exactly in this specific module. In this case make sure the logic is not corrupted.
* If you are using "asset" command to compress assets and your web applicaiton `assetManager` has `linkAssets` turned on,
* If you are using "asset" command to compress assets and your web application `assetManager` has `linkAssets` turned on,
make sure that "asset" command config has `linkAssets` turned on as well.

20
tests/framework/behaviors/CacheableWidgetBehaviorTest.php
Unescape View File

@ -18,14 +18,14 @@ class CacheableWidgetBehaviorTest extends TestCase
/**
* Default-initialized simple cacheable widget mock.
*
* @var PHPUnit_Framework_MockObject_MockObject
* @var PHPUnit_Framework_MockObject_MockObject|SimpleCacheableWidget|CacheableWidgetBehavior
*/
private $simpleWidget;
/**
* Default-initialized dynamic cacheable widget mock.
*
* @var PHPUnit_Framework_MockObject_MockObject
* @var PHPUnit_Framework_MockObject_MockObject|DynamicCacheableWidget|CacheableWidgetBehavior
*/
private $dynamicWidget;
@ -38,6 +38,9 @@ class CacheableWidgetBehaviorTest extends TestCase
$this->initializeWidgetMocks();
}
/**
* @throws \Exception
*/
public function testWidgetIsRunWhenCacheIsEmpty()
{
$this->simpleWidget
@ -48,6 +51,9 @@ class CacheableWidgetBehaviorTest extends TestCase
$this->assertEquals('contents', $contents);
}
/**
* @throws \Exception
*/
public function testWidgetIsNotRunWhenCacheIsNotEmpty()
{
$this->simpleWidget->cacheDuration = 0;
@ -55,11 +61,14 @@ class CacheableWidgetBehaviorTest extends TestCase
->expects($this->once())
->method('run');
for ($counter = 0; $counter <= 42; $counter++) {
for ($counter = 0; $counter <= 1; $counter++) {
$this->assertEquals('contents', $this->simpleWidget->test());
}
}
/**
* @throws \Exception
*/
public function testDynamicContent()
{
$this->dynamicWidget->cacheDuration = 0;
@ -67,7 +76,7 @@ class CacheableWidgetBehaviorTest extends TestCase
->expects($this->once())
->method('run');
for ($counter = 0; $counter <= 42; $counter++) {
for ($counter = 0; $counter <= 1; $counter++) {
$expectedContents = sprintf('<div>dynamic contents: %d</div>', $counter);
$this->assertEquals($expectedContents, $this->dynamicWidget->test());
}
@ -104,7 +113,8 @@ class CacheableWidgetBehaviorTest extends TestCase
/**
* Returns a widget mock.
*
* @param $widgetClass
* @return PHPUnit_Framework_MockObject_MockObject
*/
private function getWidgetMock($widgetClass)
{

Write Preview
Loading…
Cancel
Save