Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

More sql sanitizing

Browse Source
This commit is contained in:
Laurent Destailleur
2021-09-02 13:58:42 +02:00
parent cac1a7ba5f
commit b04ea59a51
23 changed files with 26 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test/phpunit/CodingPhpTest.php
View File

@@ -354,7 +354,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase
// Check string sql|set...'.$yyy->xxx with xxx that is not 'escape', 'idate', .... It means we forget a db->escape when forging sql request.
preg_match_all('/(\$sql|SET\s|WHERE\s|INSERT\s|VALUES\s|VALUES\().+\s*\'\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER);
foreach ($matches as $key => $val) {
if (! in_array($val[2], array('this->db-', 'db->sanit', 'conf->ent', 'key : \'\')', 'key])."\')', 'excludefi', 'regexstri', 'filtermod'))) {
if (! in_array($val[2], array('this->db-', 'db->sanit', 'conf->ent', 'key : \'\')', 'key])."\')', 'excludefi', 'regexstri', ''))) {
$ok=false;
var_dump($matches);
break;