Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Debug v20

Browse Source
This commit is contained in:
Laurent Destailleur
2024-06-26 21:45:36 +02:00
parent 33d5dea17b
commit 04f64714f1
4 changed files with 65 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
test/phpunit/SecurityTest.php
View File

@@ -309,6 +309,7 @@ class SecurityTest extends CommonClassTest
$_GET["param3"] = '"na/b#e(pr)qq-rr\cc'; // Same than param2 + " and n
$_GET["param4a"] = '../../dir';
$_GET["param4b"] = '..\..\dirwindows';
$_GET["param4c"] = '\a123 \123 \u123 \x123';
$_GET["param5"] = "a_1-b";
$_POST["param6"] = "&quot;&gt;<svg o&#110;load='console.log(&quot;123&quot;)'&gt;";
$_POST["param6b"] = '<<<../>../>../svg><<<../>../>../animate =alert(1)>abc';
@@ -358,19 +359,23 @@ class SecurityTest extends CommonClassTest
$result = GETPOST("param2", 'alpha');
print __METHOD__." result=".$result."\n";
$this->assertEquals($result, 'a/b#e(pr)qq-rr/cc', 'Test on param2');
$this->assertEquals('a/b#e(pr)qq-rr\cc', $result, 'Test on param2');
$result = GETPOST("param3", 'alpha'); // Must return string sanitized from char "
print __METHOD__." result=".$result."\n";
$this->assertEquals($result, 'na/b#e(pr)qq-rr/cc', 'Test on param3');
$this->assertEquals('na/b#e(pr)qq-rr\cc', $result, 'Test on param3');
$result = GETPOST("param4a", 'alpha'); // Must return string sanitized from ../
print __METHOD__." result=".$result."\n";
$this->assertEquals($result, 'dir');
$this->assertEquals('dir', $result);
$result = GETPOST("param4b", 'alpha'); // Must return string sanitized from ../
print __METHOD__." result=".$result."\n";
$this->assertEquals($result, 'dirwindows');
$this->assertEquals('dirwindows', $result);
$result = GETPOST("param4c", 'alpha'); // Must return string sanitized from ../
print __METHOD__." result=".$result."\n";
$this->assertEquals('\a123 /123 /u123 /x123', $result);
// Test with aZ09
@@ -1185,35 +1190,6 @@ class SecurityTest extends CommonClassTest
}
/**
* testCheckLoginPassEntity
*
* @return void
*/
public function testCheckLoginPassEntity()
{
$login = checkLoginPassEntity('loginbidon', 'passwordbidon', 1, array('dolibarr'));
print __METHOD__." login=".$login."\n";
$this->assertEquals($login, '');
$login = checkLoginPassEntity('admin', 'passwordbidon', 1, array('dolibarr'));
print __METHOD__." login=".$login."\n";
$this->assertEquals($login, '');
$login = checkLoginPassEntity('admin', 'admin', 1, array('dolibarr')); // Should works because admin/admin exists
print __METHOD__." login=".$login."\n";
$this->assertEquals($login, 'admin', 'The test to check if pass of user "admin" is "admin" has failed');
$login = checkLoginPassEntity('admin', 'admin', 1, array('http','dolibarr')); // Should work because of second authentication method
print __METHOD__." login=".$login."\n";
$this->assertEquals($login, 'admin');
$login = checkLoginPassEntity('admin', 'admin', 1, array('forceuser'));
print __METHOD__." login=".$login."\n";
$this->assertEquals('', $login, 'Error'); // Expected '' because should failed because login 'auto' does not exists
}
/**
* testRealCharforNumericEntities()
*
@@ -1278,4 +1254,33 @@ class SecurityTest extends CommonClassTest
return 0;
}
/**
* testCheckLoginPassEntity
*
* @return void
*/
public function testCheckLoginPassEntity()
{
$login = checkLoginPassEntity('loginbidon', 'passwordbidon', 1, array('dolibarr'));
print __METHOD__." login=".$login."\n";
$this->assertEquals($login, '');
$login = checkLoginPassEntity('admin', 'passwordbidon', 1, array('dolibarr'));
print __METHOD__." login=".$login."\n";
$this->assertEquals($login, '');
$login = checkLoginPassEntity('admin', 'admin', 1, array('dolibarr')); // Should works because admin/admin exists
print __METHOD__." login=".$login."\n";
$this->assertEquals($login, 'admin', 'The test to check if pass of user "admin" is "admin" has failed');
$login = checkLoginPassEntity('admin', 'admin', 1, array('http','dolibarr')); // Should work because of second authentication method
print __METHOD__." login=".$login."\n";
$this->assertEquals($login, 'admin');
$login = checkLoginPassEntity('admin', 'admin', 1, array('forceuser'));
print __METHOD__." login=".$login."\n";
$this->assertEquals('', $login, 'Error'); // Expected '' because should failed because login 'auto' does not exists
}
}