diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 4ed9b4dd4f9..c1619f97f6f 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -1108,8 +1108,8 @@ class Form
else if (!is_array($selected)) $selected = array($selected);
// Clean $filter that may contains sql conditions so sql code
- if (function_exists('test_sql_and_script_inject')) {
- if (test_sql_and_script_inject($filter, 3)>0) {
+ if (function_exists('testSqlAndScriptInject')) {
+ if (testSqlAndScriptInject($filter, 3)>0) {
$filter ='';
}
}
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 6d0fb3c89d6..48715787d31 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -68,6 +68,22 @@ if (function_exists('get_magic_quotes_gpc')) // magic_quotes_* deprecated in PHP
}
}
+// phpcs:disable PEAR.NamingConventions.ValidFunctionName.NotCamelCaps
+/**
+ * Security: SQL Injection and XSS Injection (scripts) protection (Filters on GET, POST, PHP_SELF).
+ *
+ * @param string $val Value
+ * @param string $type 1=GET, 0=POST, 2=PHP_SELF, 3=GET without sql reserved keywords (the less tolerant test)
+ * @return int >0 if there is an injection, 0 if none
+ * @deprecated use testSqlAndScriptInject
+ * @see testSqlAndScriptInject($val, $type)
+ */
+function test_sql_and_script_inject($val, $type)
+{
+ // phpcs:enable
+ return testSqlAndScriptInject($val, $type);
+}
+
/**
* Security: SQL Injection and XSS Injection (scripts) protection (Filters on GET, POST, PHP_SELF).
*
@@ -75,7 +91,7 @@ if (function_exists('get_magic_quotes_gpc')) // magic_quotes_* deprecated in PHP
* @param string $type 1=GET, 0=POST, 2=PHP_SELF, 3=GET without sql reserved keywords (the less tolerant test)
* @return int >0 if there is an injection, 0 if none
*/
-function test_sql_and_script_inject($val, $type)
+function testSqlAndScriptInject($val, $type)
{
$inj = 0;
// For SQL Injection (only GET are used to be included into bad escaped SQL requests)
@@ -158,7 +174,7 @@ function analyseVarsForSqlAndScriptsInjection(&$var, $type)
}
else
{
- return (test_sql_and_script_inject($var, $type) <= 0);
+ return (testSqlAndScriptInject($var, $type) <= 0);
}
}
diff --git a/test/phpunit/CoreTest.php b/test/phpunit/CoreTest.php
index de4ca050832..63601cb33d3 100644
--- a/test/phpunit/CoreTest.php
+++ b/test/phpunit/CoreTest.php
@@ -260,7 +260,7 @@ class CoreTest extends PHPUnit_Framework_TestCase
* @param string $type 1=GET, 0=POST, 2=PHP_SELF
* @return int >0 if there is an injection
*/
- function test_sql_and_script_inject($val, $type)
+ function testSqlAndScriptInject($val, $type)
{
// phpcs:enable
$inj = 0;
@@ -310,55 +310,55 @@ class CoreTest extends PHPUnit_Framework_TestCase
$expectedresult=0;
$_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices';
- $result=test_sql_and_script_inject($_SERVER["PHP_SELF"], 2);
- $this->assertEquals($expectedresult, $result, 'Error on test_sql_and_script_inject 1a');
+ $result=testSqlAndScriptInject($_SERVER["PHP_SELF"], 2);
+ $this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject 1a');
// Should detect XSS
$expectedresult=1;
$_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices;badaction';
- $result=test_sql_and_script_inject($_SERVER["PHP_SELF"], 2);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject 1b');
+ $result=testSqlAndScriptInject($_SERVER["PHP_SELF"], 2);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject 1b');
$test="
";
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa');
$test="";
- $result=test_sql_and_script_inject($test, 2);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa2');
+ $result=testSqlAndScriptInject($test, 2);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa2');
$test='
';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa3');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa3');
$test='![]()
';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa4');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa4');
$test='![]()
';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa5');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa5');
$test='
';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa6');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa6');
$test=';)
';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa7');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa7');
$test=')
';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject bbb');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject bbb');
$test='';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject ccc');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject ccc');
$test=';)
';
- $result=test_sql_and_script_inject($test, 1);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject ddd');
+ $result=testSqlAndScriptInject($test, 1);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject ddd');
$test='![]()
">';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject eee');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject eee');
$test='
';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject eee');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject eee');
$test="![](\"jav\tascript:alert('XSS');\")
"; // Is locked by some brwoser like chrome because the default directive no-referrer-when-downgrade is sent when requesting the SRC and then refused because of browser protection on img src load without referrer.
$test="![](\"jav
ascript:alert('XSS');\")
"; // Same
$test='';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject fff1');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject fff1');
$test='';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject fff2');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject fff2');
// This case seems to be filtered by browsers now.
$test='';
- //$result=test_sql_and_script_inject($test, 0);
- //$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject ggg');
+ //$result=testSqlAndScriptInject($test, 0);
+ //$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject ggg');
$test='