forked from Wavyzz/dolibarr
FIx #yogosha13798
This commit is contained in:
Laurent Destailleur
@@ -221,6 +221,10 @@ class SecurityTest extends PHPUnit\Framework\TestCase
|
||||
$result=testSqlAndScriptInject($test, 1);
|
||||
$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject for SQL2a. Should find an attack on GET param and did not.');
|
||||
|
||||
$test = "delete\nfrom";
|
||||
$result=testSqlAndScriptInject($test, 1);
|
||||
$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject for SQL2b. Should find an attack on GET param and did not.');
|
||||
|
||||
$test = 'action=update& ... set ... =';
|
||||
$result=testSqlAndScriptInject($test, 1);
|
||||
$this->assertEquals(0, $result, 'Error on testSqlAndScriptInject for SQL2b. Should not find an attack on GET param and did.');
|
||||
@@ -332,7 +336,11 @@ class SecurityTest extends PHPUnit\Framework\TestCase
|
||||
|
||||
$test="Text with ' encoded with the numeric html entity converted into text entity ' (like when submited by CKEditor)";
|
||||
$result=testSqlAndScriptInject($test, 0); // result must be 0
|
||||
$this->assertEquals(0, $result, 'Error on testSqlAndScriptInject mmm');
|
||||
$this->assertEquals(0, $result, 'Error on testSqlAndScriptInject mmm, result should be 0 and is not');
|
||||
|
||||
$test ='<a href="j	a	v	asc
ri	pt:(a	l	e	r	t	(document.cookie))">XSS</a>';
|
||||
$result=testSqlAndScriptInject($test, 0);
|
||||
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject nnn, result should be >= 1 and is not');
|
||||
|
||||
$test="/dolibarr/htdocs/index.php/".chr('246')."abc"; // Add the char %F6 into the variable
|
||||
$result=testSqlAndScriptInject($test, 2);
|
||||
@@ -385,9 +393,8 @@ class SecurityTest extends PHPUnit\Framework\TestCase
|
||||
$_POST["param16"]='<a style="z-index: 1000">abc</a>';
|
||||
$_POST["param17"]='<span style="background-image: url(logout.php)">abc</span>';
|
||||
$_POST["param18"]='<span style="background-image: url(...?...action=aaa)">abc</span>';
|
||||
//$_POST["param13"]='javascript%26colon%26%23x3B%3Balert(1)';
|
||||
//$_POST["param14"]='javascripT&javascript#x3a alert(1)';
|
||||
|
||||
$_POST["param19"]='<a href="j	a	v	asc
ri	pt:(alert(document.cookie))">XSS</a>';
|
||||
//$_POST["param19"]='<a href="javascript:alert(document.cookie)">XSS</a>';
|
||||
|
||||
$result=GETPOST('id', 'int'); // Must return nothing
|
||||
print __METHOD__." result=".$result."\n";
|
||||
@@ -507,7 +514,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
|
||||
print __METHOD__." result=".$result."\n";
|
||||
$this->assertEquals(trim($_POST["param11"]), $result, 'Test an email string with alphawithlgt');
|
||||
|
||||
// Test with restricthtml we must remove html open/close tag and content but not htmlentities (we can decode html entities for ascii chars like n)
|
||||
// Test with restricthtml: we must remove html open/close tag and content but not htmlentities (we can decode html entities for ascii chars like n)
|
||||
|
||||
$result=GETPOST("param6", 'restricthtml');
|
||||
print __METHOD__." result param6=".$result."\n";
|
||||
@@ -541,6 +548,11 @@ class SecurityTest extends PHPUnit\Framework\TestCase
|
||||
print __METHOD__." result=".$result."\n";
|
||||
$this->assertEquals("<img onerror=alert(document.domain) src=>0xbeefed", $result, 'Test 15'); // The GETPOST return a harmull string
|
||||
|
||||
$result=GETPOST("param19", 'restricthtml');
|
||||
print __METHOD__." result=".$result."\n";
|
||||
$this->assertEquals('<a href="(alert(document.cookie))">XSS</a>', $result, 'Test 19');
|
||||
|
||||
|
||||
// Test with restricthtml + MAIN_RESTRICTHTML_ONLY_VALID_HTML to test disabling of bad atrributes
|
||||
$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML = 1;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user