Merge pull request #9555 from CakeDC/issue/cake-schema-validate-table-name

Validate table name when generating schema file
2025-01-18 18:46:17 +00:00 · 2016-10-02 18:55:15 -04:00 · 2016-10-02 18:55:15 -04:00 · 3afbd25b72
commit 3afbd25b72
parent 5e0dc218f1 2d6e85ed14
2 changed files with 22 additions and 0 deletions
--- a/lib/Cake/Model/CakeSchema.php
+++ b/lib/Cake/Model/CakeSchema.php
@ -405,8 +405,14 @@ class CakeSchema extends CakeObject {
 * @param string $table Table name you want returned.
 * @param array $fields Array of field information to generate the table with.
 * @return string Variable declaration for a schema class.
+ * @throws Exception
 */
 	public function generateTable($table, $fields) {
+		// Valid var name regex (http://www.php.net/manual/en/language.variables.basics.php)
+		if (!preg_match('/^[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*$/', $table)) {
+			throw new Exception("Invalid table name '{$table}'");
+		}
+
 		$out = "\tpublic \${$table} = array(\n";
 		if (is_array($fields)) {
 			$cols = array();
--- a/lib/Cake/Test/Case/Model/CakeSchemaTest.php
+++ b/lib/Cake/Test/Case/Model/CakeSchemaTest.php
@ -686,6 +686,22 @@ class CakeSchemaTest extends CakeTestCase {
 		$this->assertRegExp('/\'type\' \=\> \'fulltext\'/', $result);
 	}

+/**
+ * test that tables with unsupported name are not getting through
+ *
+ * @return void
+ */
+	public function testGenerateInvalidTable() {
+		$invalidTableName = 'invalid name !@#$%^&*()';
+		$expectedException = "Invalid table name '{$invalidTableName}'";
+		try{
+			$this->Schema->generateTable($invalidTableName, array());
+			$this->fail("Expected exception \"{$expectedException}\" not thrown");
+		} catch (Exception $e) {
+			$this->assertEquals($expectedException, $e->getMessage());
+		}
+	}
+
 /**
 * testSchemaWrite method
 *