30184235
Description
Quiz by Pascal Bartl, updated more than 1 year ago
|
Created by Pascal Bartl
about 3 years ago
|
|
Question 1
Question
What is wrong with the following code? (1)
public function showAction() {
$arguments = $this->request->getArguments();
$template = $arguments['template'];
if ($template) {
include $template . '.php';
} else {
include 'default_template.php';
}
...
}
Answer
-
The method call should read getArgument('template')
-
The hasArgument() function should be used to check whether the argument exists
-
The require function should be used, rather than include
-
A “path traversal” can be injected via the GET/POST argument
-
Extbase should check whether the file exists before including it
Question 2
Question
Which statement about the following code in an Extbase repository is correct? (1)
public function selectByPid($pid) {
$query = $this->createQuery();
$select = "SELECT uid FROM table WHERE pid = " . $pid;
return $query->statement($select)->execute(true);
}
Answer
-
The method execute() does not accept a parameter
-
The parameter of method statement() can not be a native SQL query
-
The code shows a possible SQL injection vulnerability
-
The code is perfectly fine
-
Method names in repository classes must not start with selectBy
Want to create your own Quizzes for free with GoConqr? Learn more.