lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reduce possible actions

Browse Source
This commit is contained in:
Laurent Destailleur 2021-03-13 13:23:44 +01:00
parent ff2f93815f
commit 7755a44958
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/website/index.php
View File

@ -1908,7 +1908,7 @@ if (($action == 'updatesource' || $action == 'updatecontent' || $action == 'conf
// Security analysis
$phpfullcodestring = dolKeepOnlyPhpCode($objectpage->content);
//print dol_escape_htmltag($phpfullcodestring);exit;
$forbiddenphpcommands = array("exec", "passthru", "system", "shell_exec", "proc_open");
$forbiddenphpcommands = array("exec", "passthru", "system", "shell_exec", "proc_open", "eval", "dol_eval");
if (empty($conf->global->WEBSITE_PHP_ALLOW_WRITE)) { // If option is not on, we disallow functions to write files
$forbiddenphpcommands = array_merge($forbiddenphpcommands, array("fopen", "file_put_contents", "fputs", "fputscsv", "fwrite", "fpassthru", "unlink", "mkdir", "rmdir", "symlink", "touch", "umask"));
}