30184235
Descrição
Quiz por Pascal Bartl, atualizado more than 1 year ago
|
Criado por Pascal Bartl
mais de 3 anos atrás
|
|
Questão 1
Questão
What is wrong with the following code? (1)
public function showAction() {
$arguments = $this->request->getArguments();
$template = $arguments['template'];
if ($template) {
include $template . '.php';
} else {
include 'default_template.php';
}
...
}
Responda
-
The method call should read getArgument('template')
-
The hasArgument() function should be used to check whether the argument exists
-
The require function should be used, rather than include
-
A “path traversal” can be injected via the GET/POST argument
-
Extbase should check whether the file exists before including it
Questão 2
Questão
Which statement about the following code in an Extbase repository is correct? (1)
public function selectByPid($pid) {
$query = $this->createQuery();
$select = "SELECT uid FROM table WHERE pid = " . $pid;
return $query->statement($select)->execute(true);
}
Responda
-
The method execute() does not accept a parameter
-
The parameter of method statement() can not be a native SQL query
-
The code shows a possible SQL injection vulnerability
-
The code is perfectly fine
-
Method names in repository classes must not start with selectBy
Quer criar seus próprios Quizzes gratuitos com a GoConqr? Saiba mais.