[AppDB] - protect against sql injection in select, update and delete statements

Chris Morgan cmorgan at alum.wpi.edu
Sun Jun 25 23:16:26 CDT 2006

> Oh for crying out loud. Go ahead and automate if you know how to. If you or
> someone else can show me how I am willing to work on it too, I an not
> opposed to automating all of the testing if that is possible.
> In the mean time am against these large patches that are difficult to test
> because the are so large.

The difficulty isn't that a particular change is large, although yes, if only 
a few lines of code that were only called from a single location were changed 
this would make it easy to test.  The issue is that the appdb is so large and 
complex that we aren't using time efficiently by testing manually.

Automated testing isn't all that difficult to implement.  We can start out 
with tests for classes, make sure we can create a new user, change the users 
password and other info and delete the user.  Test creating applications and 
versions.  We should even be able to fill in form data and simulate the user 
entering data and clicking on the submit button.

I already have many of the tests for the user class completed from this last 
October.  Let me finish up closing these sql holes and I'll clean the tests 
up and submit them as a basis for our automated testing.


More information about the wine-devel mailing list