Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

FIX: ensure limits to SQLQuery are passed as positive values

  • Loading branch information...
commit 4ee709e88d004f34972385f8e2b7e4c3352d1d92 1 parent 1686636
@wilr wilr authored
Showing with 39 additions and 3 deletions.
  1. +14 −2 model/SQLQuery.php
  2. +25 −1 tests/model/SQLQueryTest.php
View
16 model/SQLQuery.php
@@ -423,17 +423,29 @@ public function getLimit() {
*
* @param int|string|array $limit If passed as a string or array, assumes SQL escaped data.
* @param int $offset
+ *
+ * @throws InvalidArgumentException
+ *
* @return SQLQuery This instance
*/
public function setLimit($limit, $offset = 0) {
+ if((is_numeric($limit) && $limit < 0) || (is_numeric($offset) && $offset < 0)) {
+ throw new InvalidArgumentException("SQLQuery::setLimit() only takes positive values");
+ }
+
if($limit && is_numeric($limit)) {
$this->limit = array(
'start' => $offset,
'limit' => $limit,
);
} else if($limit && is_string($limit)) {
- if(strpos($limit, ',') !== false) list($start, $innerLimit) = explode(',', $limit, 2);
- else list($innerLimit, $start) = explode(' OFFSET ', strtoupper($limit), 2);
+ if(strpos($limit, ',') !== false) {
+ list($start, $innerLimit) = explode(',', $limit, 2);
+ }
+ else {
+ list($innerLimit, $start) = explode(' OFFSET ', strtoupper($limit), 2);
+ }
+
$this->limit = array(
'start' => trim($start),
'limit' => trim($innerLimit),
View
26 tests/model/SQLQueryTest.php
@@ -128,7 +128,31 @@ function testSelectWithOrderbyClause() {
$this->assertEquals('SELECT *, RAND() AS "_SortColumn0" FROM MyTable ORDER BY "_SortColumn0" ASC', $query->sql());
}
-
+
+ /**
+ * @expectedException InvalidArgumentException
+ */
+ public function testNegativeLimit() {
+ $query = new SQLQuery();
+ $query->setLimit(-10);
+ }
+
+ /**
+ * @expectedException InvalidArgumentException
+ */
+ public function testNegativeOffset() {
+ $query = new SQLQuery();
+ $query->setLimit(1, -10);
+ }
+
+ /**
+ * @expectedException InvalidArgumentException
+ */
+ public function testNegativeOffsetAndLimit() {
+ $query = new SQLQuery();
+ $query->setLimit(-10, -10);
+ }
+
public function testReverseOrderBy() {
$query = new SQLQuery();
$query->setFrom('MyTable');
Please sign in to comment.
Something went wrong with that request. Please try again.