validate table name before generating schema file

cakephp · Oct 2, 2016 · 2d6e85e · 2d6e85e
1 parent 5e0dc21
commit 2d6e85e
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/lib/Cake/Model/CakeSchema.php b/lib/Cake/Model/CakeSchema.php
@@ -405,8 +405,14 @@ public function write($object, $options = array()) {
  * @param string $table Table name you want returned.
  * @param array $fields Array of field information to generate the table with.
  * @return string Variable declaration for a schema class.
+ * @throws Exception
  */
 	public function generateTable($table, $fields) {
+		// Valid var name regex (http://www.php.net/manual/en/language.variables.basics.php)
+		if (!preg_match('/^[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*$/', $table)) {
+			throw new Exception("Invalid table name '{$table}'");
+		}
+
 		$out = "\tpublic \${$table} = array(\n";
 		if (is_array($fields)) {
 			$cols = array();

diff --git a/lib/Cake/Test/Case/Model/CakeSchemaTest.php b/lib/Cake/Test/Case/Model/CakeSchemaTest.php
@@ -686,6 +686,22 @@ public function testGenerateTable() {
 		$this->assertRegExp('/\'type\' \=\> \'fulltext\'/', $result);
 	}
 
+/**
+ * test that tables with unsupported name are not getting through
+ *
+ * @return void
+ */
+	public function testGenerateInvalidTable() {
+		$invalidTableName = 'invalid name !@#$%^&*()';
+		$expectedException = "Invalid table name '{$invalidTableName}'";
+		try{
+			$this->Schema->generateTable($invalidTableName, array());
+			$this->fail("Expected exception \"{$expectedException}\" not thrown");
+		} catch (Exception $e) {
+			$this->assertEquals($expectedException, $e->getMessage());
+		}
+	}
+
 /**
  * testSchemaWrite method
  *