lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '16.0' of git@github.com:Dolibarr/dolibarr.git into 17.0

Browse Source
This commit is contained in:
Laurent Destailleur 2023-03-27 18:08:51 +02:00
commit 5ba48f9746
4 changed files with 33 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/comm/action/card.php
View File

@ -102,8 +102,8 @@ if (GETPOST('datep')) {
// Security check
$socid = GETPOST('socid', 'int');
$id = GETPOST('id', 'int');
if ($user->socid) {
$socid = $user->socid;
if ($user->socid && ($socid != $user->socid)) {
accessforbidden();
}
$error = GETPOST("error");

12
htdocs/core/lib/website.lib.php
View File

@ -35,8 +35,10 @@ function dolStripPhpCode($str, $replacewith = '')
$newstr = '';
//split on each opening tag
$parts = explode('<?php', $str);
// Split on each opening tag
//$parts = explode('<?php', $str);
$parts = preg_split('/'.preg_quote('<?php', '/').'/i', $str);
if (!empty($parts)) {
$i = 0;
foreach ($parts as $part) {
@ -77,8 +79,10 @@ function dolKeepOnlyPhpCode($str)
$newstr = '';
//split on each opening tag
$parts = explode('<?php', $str);
// Split on each opening tag
//$parts = explode('<?php', $str);
$parts = preg_split('/'.preg_quote('<?php', '/').'/i', $str);
if (!empty($parts)) {
$i = 0;
foreach ($parts as $part) {

5
test/phpunit/AllTests.php
View File

@ -221,6 +221,7 @@ class AllTests
require_once dirname(__FILE__).'/AccountingAccountTest.php';
$suite->addTestSuite('AccountingAccountTest');
// Rest
require_once dirname(__FILE__).'/RestAPIUserTest.php';
$suite->addTestSuite('RestAPIUserTest');
require_once dirname(__FILE__).'/RestAPIDocumentTest.php';
@ -272,6 +273,10 @@ class AllTests
require_once dirname(__FILE__).'/EmailCollectorTest.php';
$suite->addTestSuite('EmailCollectorTest');
// Website
require_once dirname(__FILE__).'/WebsiteTest.php';
$suite->addTestSuite('Website');
return $suite;
}
}

18
test/phpunit/Website.class.php → test/phpunit/WebsiteTest.class.php
View File

@ -175,4 +175,22 @@ class WebsiteTest extends PHPUnit\Framework\TestCase
// We must found no line (so code should be KO). If we found somethiing, it means there is a SQL injection of the 1=1
$this->assertEquals($res['code'], 'KO');
}
/**
* testDolStripPhpCode
*
* @return void
*/
public function testDolStripPhpCode()
{
global $db;
$s = "abc\n<?php echo 'def'\n// comment\n ?>ghi";
$result = dolStripPhpCode($s);
$this->assertEquals("abc\n<span phptag></span>ghi", $result);
$s = "abc\n<?PHP echo 'def'\n// comment\n ?>ghi";
$result = dolStripPhpCode($s);
$this->assertEquals("abc\n<span phptag></span>ghi", $result);
}
}