Fix sanitize website module
This commit is contained in:
parent
a633766b23
commit
e0cd351b3e
@ -35,8 +35,10 @@ function dolStripPhpCode($str, $replacewith = '')
|
||||
|
||||
$newstr = '';
|
||||
|
||||
//split on each opening tag
|
||||
$parts = explode('<?php', $str);
|
||||
// Split on each opening tag
|
||||
//$parts = explode('<?php', $str);
|
||||
$parts = preg_split('/'.preg_quote('<?php', '/').'/i', $str);
|
||||
|
||||
if (!empty($parts)) {
|
||||
$i = 0;
|
||||
foreach ($parts as $part) {
|
||||
@ -77,8 +79,10 @@ function dolKeepOnlyPhpCode($str)
|
||||
|
||||
$newstr = '';
|
||||
|
||||
//split on each opening tag
|
||||
$parts = explode('<?php', $str);
|
||||
// Split on each opening tag
|
||||
//$parts = explode('<?php', $str);
|
||||
$parts = preg_split('/'.preg_quote('<?php', '/').'/i', $str);
|
||||
|
||||
if (!empty($parts)) {
|
||||
$i = 0;
|
||||
foreach ($parts as $part) {
|
||||
|
||||
@ -219,6 +219,7 @@ class AllTests
|
||||
require_once dirname(__FILE__).'/AccountingAccountTest.php';
|
||||
$suite->addTestSuite('AccountingAccountTest');
|
||||
|
||||
// Rest
|
||||
require_once dirname(__FILE__).'/RestAPIUserTest.php';
|
||||
$suite->addTestSuite('RestAPIUserTest');
|
||||
require_once dirname(__FILE__).'/RestAPIDocumentTest.php';
|
||||
@ -270,6 +271,10 @@ class AllTests
|
||||
require_once dirname(__FILE__).'/EmailCollectorTest.php';
|
||||
$suite->addTestSuite('EmailCollectorTest');
|
||||
|
||||
// Website
|
||||
require_once dirname(__FILE__).'/WebsiteTest.php';
|
||||
$suite->addTestSuite('Website');
|
||||
|
||||
return $suite;
|
||||
}
|
||||
}
|
||||
|
||||
@ -175,4 +175,22 @@ class WebsiteTest extends PHPUnit\Framework\TestCase
|
||||
// We must found no line (so code should be KO). If we found somethiing, it means there is a SQL injection of the 1=1
|
||||
$this->assertEquals($res['code'], 'KO');
|
||||
}
|
||||
|
||||
/**
|
||||
* testDolStripPhpCode
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function testDolStripPhpCode()
|
||||
{
|
||||
global $db;
|
||||
|
||||
$s = "abc\n<?php echo 'def'\n// comment\n ?>ghi";
|
||||
$result = dolStripPhpCode($s);
|
||||
$this->assertEquals("abc\n<span phptag></span>ghi", $result);
|
||||
|
||||
$s = "abc\n<?PHP echo 'def'\n// comment\n ?>ghi";
|
||||
$result = dolStripPhpCode($s);
|
||||
$this->assertEquals("abc\n<span phptag></span>ghi", $result);
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user