From 42f252b636fec9f16cf133c470c30408e6944aa5 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 26 Jan 2022 12:39:41 +0100
Subject: [PATCH] Add one more test

---
 test/phpunit/SecurityTest.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php
index 6bece069cc9..2d14a35dce9 100644
--- a/test/phpunit/SecurityTest.php
+++ b/test/phpunit/SecurityTest.php
@@ -359,7 +359,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
 		$_POST['param8b']='<img src=x onerror=alert(document.location) t=';		// this is html obfuscated by non closing tag
 		$_POST['param8c']='< with space after is ok';
 		$_POST['param8d']='<abc123 is html to clean';
-		$_POST['param8e']='<123abc is not html to clean';
+		$_POST['param8e']='<123abc is not html to clean';	// other similar case: '<2021-12-12'
 		$_POST['param8f']='abc<<svg <><<animate onbegin=alert(document.domain) a';
 		$_POST["param9"]='is_object($object) ? ($object->id < 10 ? round($object->id / 2, 2) : (2 * $user->id) * (int) substr($mysoc->zip, 1, 2)) : \'objnotdefined\'';
 		$_POST["param10"]='is_object($object) ? ($object->id < 10 ? round($object->id / 2, 2) : (2 * $user->id) * (int) substr($mysoc->zip, 1, 2)) : \'<abc>objnotdefined\'';
@@ -501,6 +501,10 @@ class SecurityTest extends PHPUnit\Framework\TestCase
 		print __METHOD__." result param7 = ".$result."\n";
 		$this->assertEquals('"c:\this is a path~1\aaan &#x;;;;" abcdef', $result);
 
+		$result=GETPOST("param8e", 'restricthtml');
+		print __METHOD__." result param8e = ".$result."\n";
+		$this->assertEquals('', $result);
+
 		$result=GETPOST("param12", 'restricthtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals(trim($_POST["param12"]), $result, 'Test a string with DOCTYPE and restricthtml');
@@ -519,7 +523,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
 
 		$result=GETPOST("param15", 'restricthtml');		// <img onerror<=alert(document.domain)> src=>0xbeefed
 		print __METHOD__." result=".$result."\n";
-		$this->assertEquals("<img onerror=alert(document.domain) src=>0xbeefed", $result, 'Test 15a');	// The GETPOST return a harmull string
+		$this->assertEquals("<img onerror=alert(document.domain) src=>0xbeefed", $result, 'Test 15');	// The GETPOST return a harmull string
 
 		// Test with restricthtml + MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES to test disabling of bad atrributes
 		$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML = 1;