Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Merge branch '21.0' of git@github.com:Dolibarr/dolibarr.git into 22.0

Browse Source
This commit is contained in:
ldestailleur
2025-07-15 15:21:59 +02:00
parent cb447b608b 5396578a75
commit 61dcd176e0
6 changed files with 121 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
test/phpunit/SecurityTest.php
View File

@@ -687,6 +687,18 @@ class SecurityTest extends CommonClassTest
print "result = ".$result."\n";
$this->assertStringContainsString('Bad string syntax to evaluate', $result, 'The string was not detected as evil');
$result = dol_eval('json_encode(array_map(implode("",["ex","ec"]), ["id"]))', 1, 1, '1'); // result of dol_eval may be an object Closure
print "result4a = ".json_encode($result)."\n";
$this->assertStringContainsString('Bad string syntax to evaluate', json_encode($result), 'The string was not detected as evil, it should due to the [ char and method "2"');
$result = dol_eval('json_encode(array_map(implode("",["ex","ec"]), ["id"]))', 1, 1, '2'); // result of dol_eval may be an object Closure
print "result4b = ".json_encode($result)."\n";
$this->assertStringContainsString('Bad string syntax to evaluate', json_encode($result), 'The string was not detected as evil, it should due to the use of array_map');
$result = dol_eval('json_encode(array_map(implode("",array("ex","ec"), array("id")))', 1, 1, '1'); // result of dol_eval may be an object Closure
print "result4c = ".json_encode($result)."\n";
$this->assertStringContainsString('Bad string syntax to evaluate', json_encode($result), 'The string was not detected as evil, it should due to the use of array_map');
$result = dol_eval('$a=function() { }; $a', 1, 1, '0'); // result of dol_eval may be an object Closure
print "result5 = ".json_encode($result)."\n";
$this->assertStringContainsString('Bad string syntax to evaluate', json_encode($result), 'The string was not detected as evil');