Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Merge branch '19.0' of git@github.com:Dolibarr/dolibarr.git into 20.0

Browse Source
This commit is contained in:
ldestailleur
2025-05-10 13:25:31 +02:00
parent 584d37784f 629533494a
commit ae94c71a10
5 changed files with 29 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
test/phpunit/SecurityTest.php
View File

@@ -1063,10 +1063,9 @@ class SecurityTest extends CommonClassTest
print "result = ".$result."\n";
$this->assertEquals('Bad string syntax to evaluate: new __forbiddenstring__(\'abc\')', $result);
$result = (string) dol_eval('$a=function() { }; $a;', 1, 1, '0');
print "result5 = ".$result."\n";
$this->assertStringContainsString('Bad string syntax to evaluate', $result);
$this->assertStringContainsString('Bad string syntax to evaluate', $result, 'The string was not detected as evil');
$result = (string) dol_eval('$a=function() { }; $a;', 1, 1, '1');
print "result6 = ".$result."\n";
@@ -1080,6 +1079,8 @@ class SecurityTest extends CommonClassTest
print "result8 = ".$result."\n";
$this->assertStringContainsString('Bad string syntax to evaluate', $result);
$conf->global->MAIN_DISALLOW_STRING_OBFUSCATION_IN_DOL_EVAL = 1;
$result = (string) dol_eval('$a="test"; $$a;', 1, 0);
print "result9 = ".$result."\n";
$this->assertStringContainsString('Bad string syntax to evaluate', $result);