What is wrong with the following code? (1)
public function showAction() { $arguments = $this->request->getArguments(); $template = $arguments['template']; if ($template) { include $template . '.php'; } else { include 'default_template.php'; } ... }
The method call should read getArgument('template')
The hasArgument() function should be used to check whether the argument exists
The require function should be used, rather than include
A “path traversal” can be injected via the GET/POST argument
Extbase should check whether the file exists before including it
Which statement about the following code in an Extbase repository is correct? (1)
public function selectByPid($pid) { $query = $this->createQuery(); $select = "SELECT uid FROM table WHERE pid = " . $pid; return $query->statement($select)->execute(true); }
The method execute() does not accept a parameter
The parameter of method statement() can not be a native SQL query
The code shows a possible SQL injection vulnerability
The code is perfectly fine
Method names in repository classes must not start with selectBy
