[TASK] Doctrine: Create named parameters for value setting operations 62/47762/3
authorMorton Jonuschat <m.jonuschat@mojocode.de>
Mon, 18 Apr 2016 19:13:03 +0000 (21:13 +0200)
committerChristian Kuhn <lolli@schwarzbu.ch>
Tue, 19 Apr 2016 11:52:14 +0000 (13:52 +0200)
commit02dc3256e129f00d70f865cf96477edaeae00cb8
tree8d22b7b8948278bb19c7990bb2d7fdb83745c588
parent66fef7ae2cc6a879321a7e379b3e7ced0bb29f32
[TASK] Doctrine: Create named parameters for value setting operations

To reduce the risk of SQL injections methods used to set values in the
database have been modified to create named parameters by default.

To work with SQL fragments/expressions this behavior can be disabled by
setting $createNamedParameter to false.

Releases: master
Resolves: #75755
Change-Id: I03bff29b0d50c0a3e7d7dbf27538f1c3dfca51da
Reviewed-on: https://review.typo3.org/47762
Reviewed-by: Susanne Moog <typo3@susannemoog.de>
Tested-by: Susanne Moog <typo3@susannemoog.de>
Reviewed-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
Tested-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
typo3/sysext/core/Classes/Database/Query/QueryBuilder.php
typo3/sysext/core/Tests/Unit/Database/Query/QueryBuilderTest.php