Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

18.0 fix CVE 2024 40137 (#34762)

Browse Source 
* Sec: Remove all functions that accept callable params - CVE-2024-40137

* FIX #34746 - More complete fix for CVE-2024-40137

---------

Co-authored-by: ldestailleur <eldy@destailleur.fr>
This commit is contained in:
ThomasNgr-OpenDSI
2025-09-04 14:59:44 +02:00
committed by GitHub
parent 96a74c4976
commit 01aa901f93
5 changed files with 145 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
test/phpunit/SecurityTest.php
View File

@@ -730,7 +730,8 @@ class SecurityTest extends PHPUnit\Framework\TestCase
{
$stringtotest = 'eée';
$decodedstring = dol_string_onlythesehtmlattributes($stringtotest);
$this->assertEquals('e&eacute;e', $decodedstring, 'Function did not sanitize correclty with test 1');
//$this->assertEquals('e&eacute;e', $decodedstring, 'Function did not sanitize correctly with test 1');
$this->assertEquals('eée', $decodedstring, 'Function did not sanitize correctly with test 1');
$stringtotest = '<div onload="ee"><a href="123"><span class="abc">abc</span></a></div>';
$decodedstring = dol_string_onlythesehtmlattributes($stringtotest);
@@ -986,6 +987,22 @@ class SecurityTest extends PHPUnit\Framework\TestCase
print "result = ".$result."\n";
$this->assertStringContainsString('Bad string syntax to evaluate', $result);
$result = dol_eval('json_encode(array_map(implode("",["ex","ec"]), ["id"]))', 1, 1, '1'); // result of dol_eval may be an object Closure
print "result4a = ".json_encode($result)."\n";
$this->assertStringContainsString('Bad string syntax to evaluate', json_encode($result), 'The string was not detected as evil, it should due to the [ char and method "2"');
$result = dol_eval('json_encode(array_map(implode("",["ex","ec"]), ["id"]))', 1, 1, '2'); // result of dol_eval may be an object Closure
print "result4b = ".json_encode($result)."\n";
$this->assertStringContainsString('Bad string syntax to evaluate', json_encode($result), 'The string was not detected as evil, it should due to the use of array_map');
$result = dol_eval('json_encode(array_map(implode("",array("ex","ec"), array("id")))', 1, 1, '1'); // result of dol_eval may be an object Closure
print "result4c = ".json_encode($result)."\n";
$this->assertStringContainsString('Bad string syntax to evaluate', json_encode($result), 'The string was not detected as evil, it should due to the use of array_map');
$result = dol_eval('$a=function() { }; $a', 1, 1, '0'); // result of dol_eval may be an object Closure
print "result5 = ".json_encode($result)."\n";
$this->assertStringContainsString('Bad string syntax to evaluate', json_encode($result), 'The string was not detected as evil');
$result=dol_eval('$a=exec ("ls")', 1, 1);
print "result = ".$result."\n";
$this->assertStringContainsString('Bad string syntax to evaluate', $result);