30184235
Descripción
Test por Pascal Bartl, actualizado hace más de 1 año
|
Creado por Pascal Bartl
hace alrededor de 3 años
|
|
Pregunta 1
Pregunta
What is wrong with the following code? (1)
public function showAction() {
$arguments = $this->request->getArguments();
$template = $arguments['template'];
if ($template) {
include $template . '.php';
} else {
include 'default_template.php';
}
...
}
Respuesta
-
The method call should read getArgument('template')
-
The hasArgument() function should be used to check whether the argument exists
-
The require function should be used, rather than include
-
A “path traversal” can be injected via the GET/POST argument
-
Extbase should check whether the file exists before including it
Pregunta 2
Pregunta
Which statement about the following code in an Extbase repository is correct? (1)
public function selectByPid($pid) {
$query = $this->createQuery();
$select = "SELECT uid FROM table WHERE pid = " . $pid;
return $query->statement($select)->execute(true);
}
Respuesta
-
The method execute() does not accept a parameter
-
The parameter of method statement() can not be a native SQL query
-
The code shows a possible SQL injection vulnerability
-
The code is perfectly fine
-
Method names in repository classes must not start with selectBy
¿Quieres crear tus propios Tests gratis con GoConqr? Más información.