From 33009055990bc5cb497487bbbc65fc1ffaa338f8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 13 Mar 2023 11:15:46 +0100 Subject: [PATCH] Fix add a protection against bad param of dol_eval --- htdocs/core/lib/functions.lib.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index e1d7fe6ca86..9dc0077903e 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -8634,6 +8634,10 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1' } } } + + if (is_array($s) || $s === 'Array') { + return 'Bad string syntax to evaluate (value is Array) '.var_export($s, true); + } if (strpos($s, '::') !== false) { if ($returnvalue) { return 'Bad string syntax to evaluate (double : char is forbidden): '.$s;