forked from Wavyzz/dolibarr
Fix regression verifCond
This commit is contained in:
Laurent Destailleur
@@ -8167,7 +8167,7 @@ function dol_getIdFromCode($db, $key, $tablename, $fieldkey = 'code', $fieldid =
|
|||||||
* Verify if condition in string is ok or not
|
* Verify if condition in string is ok or not
|
||||||
*
|
*
|
||||||
* @param string $strToEvaluate String with condition to check
|
* @param string $strToEvaluate String with condition to check
|
||||||
* @return boolean True or False. Note: It returns True if $strToEvaluate is ''
|
* @return boolean True or False. Note: It returns also True if $strToEvaluate is ''
|
||||||
*/
|
*/
|
||||||
function verifCond($strToEvaluate)
|
function verifCond($strToEvaluate)
|
||||||
{
|
{
|
||||||
@@ -8178,8 +8178,10 @@ function verifCond($strToEvaluate)
|
|||||||
//print $strToEvaluate."<br>\n";
|
//print $strToEvaluate."<br>\n";
|
||||||
$rights = true;
|
$rights = true;
|
||||||
if (isset($strToEvaluate) && $strToEvaluate !== '') {
|
if (isset($strToEvaluate) && $strToEvaluate !== '') {
|
||||||
$str = 'if(!('.$strToEvaluate.')) { $rights = false; }';
|
$str = 'if(!('.$strToEvaluate.')) $rights = false;';
|
||||||
dol_eval($str); // The dol_eval must contains all the global $xxx used into a condition
|
dol_eval($str, 0, 1, '2'); // The dol_eval must contains all the global $xxx used into a condition
|
||||||
|
//$rep = dol_eval($strToEvaluate, 1, 1 , '1'); // The dol_eval must contains all the global $xxx used into a condition
|
||||||
|
//$rights = ($rep ? true : false);
|
||||||
}
|
}
|
||||||
return $rights;
|
return $rights;
|
||||||
}
|
}
|
||||||
@@ -8191,7 +8193,7 @@ function verifCond($strToEvaluate)
|
|||||||
* @param string $s String to evaluate
|
* @param string $s String to evaluate
|
||||||
* @param int $returnvalue 0=No return (used to execute eval($a=something)). 1=Value of eval is returned (used to eval($something)).
|
* @param int $returnvalue 0=No return (used to execute eval($a=something)). 1=Value of eval is returned (used to eval($something)).
|
||||||
* @param int $hideerrors 1=Hide errors
|
* @param int $hideerrors 1=Hide errors
|
||||||
* @param string $onlysimplestring Accept only simple string with char 'a-z0-9\s$_->&|=';
|
* @param string $onlysimplestring 0=Accept all chars, 1=Accept only simple string with char 'a-z0-9\s$_->&|=';, 2=Accept also '!?():";'
|
||||||
* @return mixed Nothing or return result of eval
|
* @return mixed Nothing or return result of eval
|
||||||
*/
|
*/
|
||||||
function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1')
|
function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1')
|
||||||
@@ -8210,7 +8212,22 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1'
|
|||||||
if ($onlysimplestring == '1') {
|
if ($onlysimplestring == '1') {
|
||||||
//print preg_quote('$_->&|', '/');
|
//print preg_quote('$_->&|', '/');
|
||||||
if (preg_match('/[^a-z0-9\s'.preg_quote('$_->&|=', '/').']/i', $s)) {
|
if (preg_match('/[^a-z0-9\s'.preg_quote('$_->&|=', '/').']/i', $s)) {
|
||||||
|
if ($returnvalue) {
|
||||||
return 'Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s;
|
return 'Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s;
|
||||||
|
} else {
|
||||||
|
dol_syslog('Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s);
|
||||||
|
return '';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} elseif ($onlysimplestring == '2') {
|
||||||
|
//print preg_quote('$_->&|', '/');
|
||||||
|
if (preg_match('/[^a-z0-9\s'.preg_quote('$_->&|=!?():";', '/').']/i', $s)) {
|
||||||
|
if ($returnvalue) {
|
||||||
|
return 'Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s;
|
||||||
|
} else {
|
||||||
|
dol_syslog('Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s);
|
||||||
|
return '';
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (strpos($s, '`') !== false) {
|
if (strpos($s, '`') !== false) {
|
||||||
|
|||||||
@@ -876,12 +876,12 @@ class SecurityTest extends PHPUnit\Framework\TestCase
|
|||||||
include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
|
include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
|
||||||
include_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php';
|
include_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php';
|
||||||
|
|
||||||
$s = '(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref: "Parent project not found"';
|
$s = '(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref : "Parent project not found"';
|
||||||
$result=dol_eval($s, 1, 1, '');
|
$result=dol_eval($s, 1, 1, '');
|
||||||
print "result = ".$result."\n";
|
print "result = ".$result."\n";
|
||||||
$this->assertEquals('Parent project not found', $result);
|
$this->assertEquals('Parent project not found', $result);
|
||||||
|
|
||||||
$s = '(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref: \'Parent project not found\'';
|
$s = '(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref : \'Parent project not found\'';
|
||||||
$result=dol_eval($s, 1, 1, '');
|
$result=dol_eval($s, 1, 1, '');
|
||||||
print "result = ".$result."\n";
|
print "result = ".$result."\n";
|
||||||
$this->assertEquals('Parent project not found', $result);
|
$this->assertEquals('Parent project not found', $result);
|
||||||
@@ -910,6 +910,10 @@ class SecurityTest extends PHPUnit\Framework\TestCase
|
|||||||
print "result = ".$result."\n";
|
print "result = ".$result."\n";
|
||||||
$this->assertContains('Bad string syntax to evaluate', $result);
|
$this->assertContains('Bad string syntax to evaluate', $result);
|
||||||
|
|
||||||
|
$result=dol_eval("sprintf(\"%s%s\", \"ex\", \"ec\")('echo abc')", 1, 0, '');
|
||||||
|
print "result = ".$result."\n";
|
||||||
|
$this->assertContains('Bad string syntax to evaluate', $result);
|
||||||
|
|
||||||
// Case with param onlysimplestring = 1
|
// Case with param onlysimplestring = 1
|
||||||
$result=dol_eval('1 && $conf->abc->doesnotexist1 && $conf->def->doesnotexist1', 1, 0); // Should return false and not a 'Bad string syntax to evaluate ...'
|
$result=dol_eval('1 && $conf->abc->doesnotexist1 && $conf->def->doesnotexist1', 1, 0); // Should return false and not a 'Bad string syntax to evaluate ...'
|
||||||
print "result = ".$result."\n";
|
print "result = ".$result."\n";
|
||||||
|
|||||||
Reference in New Issue
Block a user