lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix sanitizing backtopage

Browse Source
This commit is contained in:
Laurent Destailleur 2021-03-14 12:58:37 +01:00
parent cc10106a21
commit 95006ec94c
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/core/lib/functions.lib.php
View File

@ -613,7 +613,8 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null
// Sanitizing for special parameters. There is no reason to allow the backtopage parameter to contains an external URL.
if ($paramname == 'backtopage') {
$out = str_replace('\\', '/', $out);
$out = preg_replace(array('/^[a-z:]*\/\/+/i'), '', $out);
$out = str_replace(array(':', '@'), '', $out);
$out = preg_replace(array('/^[a-z]*\/\/+/i'), '', $out);
}
// Code for search criteria persistence.

9
test/phpunit/SecurityTest.php
View File

@ -336,6 +336,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$this->assertEquals($result, 333, 'Test on param1 with 3rd param = 2');
// Test alpha
$result=GETPOST("param2", 'alpha');
print __METHOD__." result=".$result."\n";
$this->assertEquals($result, $_GET["param2"], 'Test on param2');
@ -349,6 +350,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$this->assertEquals($result, 'dir');
// Test aZ09
$result=GETPOST("param1", 'aZ09');
print __METHOD__." result=".$result."\n";
$this->assertEquals($result, $_GET["param1"]);
@ -378,6 +380,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$this->assertEquals('">', $result);
// With restricthtml we must remove html open/close tag and content but not htmlentities like n
$result=GETPOST("param7", 'restricthtml');
print __METHOD__." result=".$result."\n";
$this->assertEquals('"c:\this is a path~1\aaan" abcdef', $result);
@ -424,6 +427,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$this->assertEquals(trim($_POST["param12"]), $result, 'Test a string with DOCTYPE and restricthtml');
// Special test for GETPOST of backtopage parameter
$_POST["backtopage"]='//www.google.com';
$result=GETPOST("backtopage");
print __METHOD__." result=".$result."\n";
@ -439,6 +443,11 @@ class SecurityTest extends PHPUnit\Framework\TestCase
print __METHOD__." result=".$result."\n";
$this->assertEquals('www.google.com', $result, 'Test for backtopage param');
$_POST["backtopage"]='http:www.google.com';
$result=GETPOST("backtopage");
print __METHOD__." result=".$result."\n";
$this->assertEquals('httpwww.google.com', $result, 'Test for backtopage param');
$_POST["backtopage"]='/mydir/mypage.php?aa=a%10a';
$result=GETPOST("backtopage");
print __METHOD__." result=".$result."\n";