Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

FIX #CVE-2023-4197

Browse Source
This commit is contained in:
Laurent Destailleur
2023-09-05 00:49:01 +02:00
parent 119f6b6a7f
commit 0ed6a63fb0
2 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
test/phpunit/WebsiteTest.php
View File

@@ -226,4 +226,27 @@ class WebsiteTest extends PHPUnit\Framework\TestCase
print __METHOD__." result checkPHPCode=".$result."\n";
$this->assertEquals($result, 1, 'checkPHPCode did not detect the string was dangerous');
}
/**
* testDolKeepOnlyPhpCode
*
* @return void
*/
public function testDolKeepOnlyPhpCode()
{
$s = 'HTML content <?php exec("eee"); ?> and more HTML content';
$result = dolKeepOnlyPhpCode($s);
print __METHOD__." result dolKeepOnlyPhpCode=".$result."\n";
$this->assertEquals('<?php exec("eee"); ?>', $result, 'dolKeepOnlyPhpCode did extract the correct string');
$s = 'HTML content <? exec("eee"); ?> and more HTML content';
$result = dolKeepOnlyPhpCode($s);
print __METHOD__." result dolKeepOnlyPhpCode=".$result."\n";
$this->assertEquals('<?php exec("eee"); ?>', $result, 'dolKeepOnlyPhpCode did extract the correct string');
$s = 'HTML content <?php test() <?php test2(); ?> and more HTML content';
$result = dolKeepOnlyPhpCode($s);
print __METHOD__." result dolKeepOnlyPhpCode=".$result."\n";
$this->assertEquals('<?php test() ?><?php test2(); ?>', $result, 'dolKeepOnlyPhpCode did extract the correct string');
}
}