tests: fix SecurityTest fatal TypeError — update searchTheses call to use array params

SecurityTest::Test1 was calling $db->searchTheses($string) with a plain string, but searchTheses() was refactored to require array $params when the tag M2M work landed. This caused an immediate PHP fatal TypeError before any SQL ever ran, killing the entire Security test suite with exit code 255 and masking all three tests. Fix: pass each malicious payload via ['query' => $string] which is the correct API and properly exercises the parameterised query path through validateSearchParams() + buildSearchConditions(). Added a clarifying comment explaining why the array form is required. All 4 test suites now pass: - Database (Unit): 7/7 - Rate Limit (Unit): 5/5 - Search (Integration): 6/6 - Security: 3/3
2026-05-06 11:09:18 +02:00 · 2026-03-26 18:54:20 +01:00
parent e4be230a04
commit b12ae73e91
5 changed files with 14 additions and 6 deletions
--- a/TODO.md
+++ b/TODO.md
@@ -317,6 +317,10 @@ Goal: rename the tables and column to the canonical M2M pattern (`tags`, `thesis

 ---

+## Fixes
+
+- [x] Fix `tests/Security/SecurityTest.php`: update SQL injection test to call `searchTheses(['query' => $string])` instead of bare string — `searchTheses()` signature was updated to `array $params` but the test was never updated, causing a fatal `TypeError` that prevented the security suite from running at all
+
 ## Pending

 - [x] Add flake.nix for Nix-based PHP dev environment