Add a test file. Disabling if on production.

htdocs/public/test/badges.php

@@ -28,11 +28,16 @@ session_cache_limiter('public');
 require_once '../../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php';
 
+// Security
 if ($dolibarr_main_prod) {
 	accessforbidden();
 }
 
 
+/*
+ * View
+ */
+
 llxHeader('', 'Documentation and examples for theme');
 ?>
 		  <h1 class="bd-title" id="content">Badges</h1>

htdocs/public/test/buttons.php

@@ -28,11 +28,16 @@ session_cache_limiter('public');
 require_once '../../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php';
 
+// Security
 if ($dolibarr_main_prod) {
 	accessforbidden();
 }
 
 
+/*
+ * View
+ */
+
 llxHeader('', 'Documentation and examples for theme');
 ?>
 <main  role="main"  >

htdocs/public/test/test_arrays.php

@@ -22,19 +22,22 @@ if (!defined("NOLOGIN")) {
 	define("NOLOGIN", '1'); // If this page is public (can be called outside logged session)
 }
 
-
 require '../../main.inc.php';
 
+// Security
 if ($dolibarr_main_prod) {
 	accessforbidden();
 }
 
-$usedolheader = 1; // 1 = Test inside a dolibarr page, 0 = Use hard coded header
+
+
+/*
+ * View
+ */
 
 $form = new Form($db);
 
-
+$usedolheader = 1; // 1 = Test inside a dolibarr page, 0 = Use hard coded header
-
 
 // HEADER
 //--------

htdocs/public/test/test_csrf.php

@@ -1,5 +1,38 @@
 <?php
+//define("NOLOGIN",1);		// This means this output page does not require to be logged.
+//if (!defined('NOREQUIREUSER'))  define('NOREQUIREUSER', '1');
+//if (!defined('NOREQUIREDB'))    define('NOREQUIREDB', '1');
+if (!defined('NOREQUIRESOC')) {
+	define('NOREQUIRESOC', '1');
+}
+//if (!defined('NOREQUIRETRAN'))  define('NOREQUIRETRAN', '1');
+if (!defined('NOSTYLECHECK')) {
+	define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data
+}
+if (!defined('NOCSRFCHECK')) {
+	define('NOCSRFCHECK', '1'); // Do not check anti CSRF attack test
+}
+if (!defined('NOTOKENRENEWAL')) {
+	define('NOTOKENRENEWAL', '1'); // Do not check anti POST attack test
+}
+//if (!defined('NOREQUIREMENU'))  define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
+//if (!defined('NOREQUIREHTML'))  define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
+//if (!defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library
+if (!defined("NOLOGIN")) {
+	define("NOLOGIN", '1'); // If this page is public (can be called outside logged session)
+}
 
+require '../../main.inc.php';
+
+// Security
+if ($dolibarr_main_prod) {
+	accessforbidden();
+}
+
+
+/*
+ * View
+ */
 
 ?>
 

htdocs/public/test/test_exec.php

@@ -0,0 +1,72 @@
+<?php
+if (!defined('NOREQUIREUSER')) {
+	define('NOREQUIREUSER', '1');
+}
+if (!defined('NOREQUIREDB')) {
+	define('NOREQUIREDB', '1');
+}
+if (!defined('NOREQUIRESOC')) {
+	define('NOREQUIRESOC', '1');
+}
+if (!defined('NOREQUIRETRAN')) {
+	define('NOREQUIRETRAN', '1');
+}
+if (!defined('NOSTYLECHECK')) {
+	define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data
+}
+if (!defined('NOCSRFCHECK')) {
+	define('NOCSRFCHECK', '1'); // Do not check anti CSRF attack test
+}
+if (!defined('NOTOKENRENEWAL')) {
+	define('NOTOKENRENEWAL', '1'); // Do not check anti POST attack test
+}
+if (!defined('NOREQUIREMENU')) {
+	define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
+}
+if (!defined('NOREQUIREHTML')) {
+	define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
+}
+if (!defined('NOREQUIREAJAX')) {
+	define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library
+}
+if (!defined("NOLOGIN")) {
+	define("NOLOGIN", '1'); // If this page is public (can be called outside logged session)
+}
+// If you don't need session management (can't be logged if no session used). You must also set
+// NOCSRFCHECK, NOTOKENRENEWAL, NOLOGIN
+// Disable module with GETPOST('disablemodules') won't work. Variable 'dol_...' will not be set.
+// $_SESSION are then simple vars if sessions are not active.
+// TODO We can close session with session_write_close() as soon as we just need read access everywhere in code.
+if (!defined("NOSESSION")) {
+	define("NOSESSION", '1');
+}
+
+print "Legend:<br>\n";
+print 'PHP_SESSION_DISABLED='.PHP_SESSION_DISABLED."<br>\n";
+print 'PHP_SESSION_NONE='.PHP_SESSION_NONE."<br>\n";
+print 'PHP_SESSION_ACTIVE='.PHP_SESSION_ACTIVE."<br>\n";
+print '<br>';
+
+print 'session_status='.session_status().' (before main.inc.php)';
+print '<br>';
+
+require '../../main.inc.php';
+
+// Security
+if ($dolibarr_main_prod) {
+	accessforbidden();
+}
+
+
+/*
+ * View
+ */
+
+print 'session_status='.session_status().' (after main.inc.php)';
+print '<br>';
+
+//print 'a'.$_SESSION['disablemodules'].'b';
+
+print "\n<br>This page is visible. It means you are not locked by another page called in same session.";
+
+//session_write_close();

htdocs/public/test/test_forms.php

@@ -8,10 +8,16 @@ if (!defined('NOSESSION')) {
 require '../../main.inc.php';
 include_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
 
+// Security
 if ($dolibarr_main_prod) {
 	accessforbidden();
 }
 
+
+/*
+ * View
+ */
+
 llxHeader();
 
 ?>

htdocs/public/test/test_sessionlock.php

@@ -52,17 +52,34 @@ print '<br>';
 
 require '../../main.inc.php';
 
-/* No need for this.
+// Security
 if ($dolibarr_main_prod) {
 	accessforbidden();
 }
-*/
 
-print 'session_status='.session_status().' (after main.inc.php)';
-print '<br>';
 
-//print 'a'.$_SESSION['disablemodules'].'b';
+/*
+ * View
+ */
 
-print "\n<br>This page is visible. It means you are not locked by another page called in same session.";
+echo "Test\n";
+$out='';
+$ret=0;
 
-//session_write_close();
+$file = '/tmp/aaa';
+$f=fopen($file, 'r');
+if ($f) {
+	$s=fread($f, 4096);
+	print $s;
+	fclose($f);
+} else {
+	print "Failed to open file ".$file."\n";
+}
+
+exec('ls /dev/std*; sleep 1;', $out, $ret);
+var_dump($ret);
+var_dump($out);
+
+exec('/usr/bin/clamdscan --fdpass filethatdoesnotexists.php', $out, $ret);
+var_dump($ret);
+var_dump($out);