diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 0419e2cfc68..38bf8289ed5 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -51,12 +51,12 @@ class Form
* @var DoliDB Database handler.
*/
public $db;
-
+
/**
* @var string Error code (or message)
*/
public $error='';
-
+
var $num;
// Cache arrays
@@ -1099,8 +1099,8 @@ class Form
else if (!is_array($selected)) $selected = array($selected);
// Clean $filter that may contains sql conditions so sql code
- if (function_exists('test_sql_and_script_inject')) {
- if (test_sql_and_script_inject($filter, 3)>0) {
+ if (function_exists('testSqlAndScriptInject')) {
+ if (testSqlAndScriptInject($filter, 3)>0) {
$filter ='';
}
}
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 26dcb94a0ba..8af8147d552 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -75,7 +75,7 @@ if (function_exists('get_magic_quotes_gpc')) // magic_quotes_* deprecated in PHP
* @param string $type 1=GET, 0=POST, 2=PHP_SELF, 3=GET without sql reserved keywords (the less tolerant test)
* @return int >0 if there is an injection, 0 if none
*/
-function test_sql_and_script_inject($val, $type)
+function testSqlAndScriptInject($val, $type)
{
$inj = 0;
// For SQL Injection (only GET are used to be included into bad escaped SQL requests)
@@ -158,7 +158,7 @@ function analyseVarsForSqlAndScriptsInjection(&$var, $type)
}
else
{
- return (test_sql_and_script_inject($var, $type) <= 0);
+ return (testSqlAndScriptInject($var, $type) <= 0);
}
}
diff --git a/test/phpunit/CoreTest.php b/test/phpunit/CoreTest.php
index c29adf0861f..14493d3dbae 100644
--- a/test/phpunit/CoreTest.php
+++ b/test/phpunit/CoreTest.php
@@ -257,8 +257,7 @@ class CoreTest extends PHPUnit_Framework_TestCase
* @param string $type 1=GET, 0=POST, 2=PHP_SELF
* @return int >0 if there is an injection
*/
- // phpcs:ignore PEAR.NamingConventions.ValidFunctionName.NotCamelCaps
- function test_sql_and_script_inject($val, $type)
+ function testSqlAndScriptInject($val, $type)
{
$inj = 0;
// For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
@@ -307,55 +306,55 @@ class CoreTest extends PHPUnit_Framework_TestCase
$expectedresult=0;
$_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices';
- $result=test_sql_and_script_inject($_SERVER["PHP_SELF"], 2);
- $this->assertEquals($expectedresult, $result, 'Error on test_sql_and_script_inject 1a');
+ $result=testSqlAndScriptInject($_SERVER["PHP_SELF"], 2);
+ $this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject 1a');
// Should detect XSS
$expectedresult=1;
$_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices;badaction';
- $result=test_sql_and_script_inject($_SERVER["PHP_SELF"], 2);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject 1b');
+ $result=testSqlAndScriptInject($_SERVER["PHP_SELF"], 2);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject 1b');
$test="
";
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa');
$test="";
- $result=test_sql_and_script_inject($test, 2);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa2');
+ $result=testSqlAndScriptInject($test, 2);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa2');
$test='
';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa3');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa3');
$test='![]()
';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa4');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa4');
$test='![]()
';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa5');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa5');
$test='
';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa6');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa6');
$test=';)
';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa7');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa7');
$test=')
';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject bbb');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject bbb');
$test='';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject ccc');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject ccc');
$test=';)
';
- $result=test_sql_and_script_inject($test, 1);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject ddd');
+ $result=testSqlAndScriptInject($test, 1);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject ddd');
$test='![]()
">';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject eee');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject eee');
$test='
';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject eee');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject eee');
$test="![](\"jav\tascript:alert('XSS');\")
"; // Is locked by some brwoser like chrome because the default directive no-referrer-when-downgrade is sent when requesting the SRC and then refused because of browser protection on img src load without referrer.
$test="![](\"jav
ascript:alert('XSS');\")
"; // Same
$test='';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject fff1');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject fff1');
$test='';
- $result=test_sql_and_script_inject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject fff2');
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject fff2');
// This case seems to be filtered by browsers now.
$test='';
- //$result=test_sql_and_script_inject($test, 0);
- //$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject ggg');
+ //$result=testSqlAndScriptInject($test, 0);
+ //$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject ggg');
$test='