Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Merge branch '21.0' of git@github.com:Dolibarr/dolibarr.git into 22.0

Browse Source
This commit is contained in:
ldestailleur
2025-09-01 16:47:39 +02:00
parent 1e98b14a75 bb0974add9
commit 4e89f046d1
7 changed files with 57 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
test/phpunit/CodingPhpTest.php
View File

@@ -293,6 +293,22 @@ class CodingPhpTest extends CommonClassTest
//exit;
// Part to scan code vulnerability on SQL injection
// Check sql using ' instead of "
$ok = true;
$matches = array();
preg_match_all('/LIKE \\\/', $filecontent, $matches, PREG_SET_ORDER);
foreach ($matches as $key => $val) {
var_dump($matches);
$ok = false;
break;
}
//print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
$this->assertTrue($ok, "Found a LIKE \' when we should have LIKE ' - Bad.");
//exit;
// Check sql string DELETE|OR|AND|WHERE|INSERT ... yyy = ".$xxx
// with xxx that is not 'thi' (for $this->db->sanitize) and 'db-' (for $db->sanitize). It means we forget a ' if string, or an (int) if int, when forging sql request.