lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX #yogosha8272

Browse Source
This commit is contained in:
Laurent Destailleur 2022-01-08 19:50:55 +01:00
parent c3a42162d9
commit eddc2a1a26
3 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/product/ajax/products.php
View File

@ -47,7 +47,7 @@ if (empty($_GET['keysearch']) && !defined('NOREQUIREHTML')) {
require '../../main.inc.php';
$htmlname = GETPOST('htmlname', 'alpha');
$htmlname = GETPOST('htmlname', 'aZ09');
$socid = GETPOST('socid', 'int');
$type = GETPOST('type', 'int');
$mode = GETPOST('mode', 'int');
@ -242,7 +242,7 @@ if (!empty($action) && $action == 'fetch' && !empty($id)) {
// Filter on the product to search can be:
// Into an array with key $htmlname123 (we take first one found). Which page use this ?
// Into a var with name $htmlname can be 'prodid', 'productid', ...
$match = preg_grep('/('.$htmlname.'[0-9]+)/', array_keys($_GET));
$match = preg_grep('/('.preg_quote($htmlname, '/').'[0-9]+)/', array_keys($_GET));
sort($match);
$idprod = (empty($match[0]) ? '' : $match[0]); // Take first key found into GET array with matching $htmlname123

4
htdocs/societe/ajax/company.php
View File

@ -44,7 +44,7 @@ if (!defined('NOCSRFCHECK')) {
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
$htmlname = GETPOST('htmlname', 'alpha');
$htmlname = GETPOST('htmlname', 'aZ09');
$filter = GETPOST('filter', 'alpha');
$outjson = (GETPOST('outjson', 'int') ? GETPOST('outjson', 'int') : 0);
$action = GETPOST('action', 'aZ09');
@ -102,7 +102,7 @@ if (!empty($action) && $action == 'fetch' && !empty($id)) {
// Filter on the company to search can be:
// Into an array with key $htmlname123 (we take first one found). Which page use this ?
// Into a var with name $htmlname can be 'prodid', 'productid', ...
$match = preg_grep('/('.$htmlname.'[0-9]+)/', array_keys($_GET));
$match = preg_grep('/('.preg_quote($htmlname, '/').'[0-9]+)/', array_keys($_GET));
sort($match);
$id = (!empty($match[0]) ? $match[0] : ''); // Take first key found into GET array with matching $htmlname123

13
test/phpunit/CodingPhpTest.php
View File

@ -473,6 +473,19 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase
$this->assertTrue($ok, 'Found a forbidden string sequence into '.$file['relativename'].' : name="token" value="\'.$_SESSION[..., you must use a newToken() instead of $_SESSION[\'newtoken\'].');
// Test we don't have @var array(
$ok=true;
$matches=array();
preg_match_all('/preg_grep\(.*\$/', $filecontent, $matches, PREG_SET_ORDER);
foreach ($matches as $key => $val) {
if (strpos($val[0], 'preg_quote') === false) {
$ok=false;
break;
}
}
$this->assertTrue($ok, 'Found a preg_grep with a param that is a $var but without preg_quote in file '.$file['relativename'].'.');
// Test we don't have @var array(
$ok=true;
$matches=array();