Skip to content

Better document unsafe inputs in the QueryBuilder. #11176

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
markstory merged 1 commit into from
Sep 14, 2017
Merged

Better document unsafe inputs in the QueryBuilder. #11176

markstory merged 1 commit into from
Sep 14, 2017

Conversation

@markstory
Copy link
Member

@markstory markstory commented Sep 13, 2017

Better document which methods are not safe for untrusted data.

Refs #11148

@markstory
Better document unsafe inputs in the QueryBuilder.
b2b45af 
Better document which methods are not safe for untrusted data.

Refs #11148
@markstory markstory added this to the 3.5.3 milestone Sep 13, 2017
@codecov-io
Copy link

codecov-io commented Sep 13, 2017
edited
Loading

Codecov Report

Merging #11176 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master   #11176   +/-   ##
=========================================
  Coverage     93.15%   93.15%           
  Complexity    12978    12978           
=========================================
  Files           437      437           
  Lines         33619    33619           
=========================================
  Hits          31317    31317           
  Misses         2302     2302
Impacted Files Coverage Δ Complexity Δ
src/Database/Query.php 95.4% <ø> (ø) 160 <0> (ø) ⬇️
src/Cache/Engine/FileEngine.php 89.07% <0%> (-1.1%) 73% <0%> (ø)
src/Cache/CacheEngine.php 93.61% <0%> (+4.25%) 19% <0%> (ø) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6829ddd...b2b45af. Read the comment docs.

saeideng
saeideng reviewed Sep 13, 2017
View reviewed changes
src/Database/Query.php
* This method allows you to set complex expressions
* as order conditions unlike order()
*
* Order fields are not suitable for use with user supplied data as they are
Copy link
Member

@saeideng saeideng Sep 13, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

plain text or text in note box(warning,..) for these notes?

Copy link
Member

@lorenzo lorenzo Sep 13, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to make a box here?

Copy link
Member Author

@markstory markstory Sep 13, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think so unless we start embedding HTML in docblocks.

Copy link
Member

@saeideng saeideng Sep 13, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh, I forgot this repo is for core not docs ,i'm sorry :)

@markstory markstory merged commit 8262b4d into master Sep 14, 2017
@markstory markstory deleted the issue-11148 branch September 14, 2017 01:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lorenzo lorenzo lorenzo left review comments

@saeideng saeideng saeideng left review comments

Assignees

No one assigned

Labels

database documentation

Projects

None yet

Milestone

3.5.3

Development

Successfully merging this pull request may close these issues.

5 participants

@markstory @codecov-io @lorenzo @saeideng