Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

FIX #24991

Browse Source
This commit is contained in:
Laurent Destailleur
2023-06-19 03:17:24 +02:00
parent 11d7e980bc
commit 7b84a6f49a
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/main.inc.php
View File

@@ -136,7 +136,7 @@ function testSqlAndScriptInject($val, $type)
$inj += preg_match('/user\s*\(/i', $val); // avoid to use function user() or mysql_user() that return current database login
$inj += preg_match('/information_schema/i', $val); // avoid to use request that read information_schema database
$inj += preg_match('/<svg/i', $val); // <svg can be allowed in POST
$inj += preg_match('/update[^&].*set.+=/i', $val); // the [^&] test is to avoir error when request is like action=update&...set...
$inj += preg_match('/update[^&=\w].*set.+=/i', $val); // the [^&=\w] test is to avoid error when request is like action=update&...set... or &updatemodule=...set...
$inj += preg_match('/union.+select/i', $val);
}
if ($type == 3) {

5
test/phpunit/SecurityTest.php
View File

@@ -202,6 +202,11 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$result=testSqlAndScriptInject($test, 0);
$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject expected 0c');
$test='/user/perms.php?id=1&action=addrights&entity=1&rights=123&confirm=yes&token=123456789&updatedmodulename=lmscoursetracking';
$result=testSqlAndScriptInject($test, 1);
print "test=".$test." result=".$result."\n";
$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject with a valid url');
// Should detect attack
$expectedresult=1;