Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

FIX Security when using feature Advanced Target of emailing (hidden in

Browse Source 
v21, default in v22+). Possible SQL injection by users with permissions
to make mass emailing. Reported by Simon Perdrisat.
This commit is contained in:
ldestailleur
2025-09-01 16:38:01 +02:00
parent 6e3de32c36
commit bb0974add9
5 changed files with 52 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
test/phpunit/CodingPhpTest.php
View File

@@ -293,6 +293,22 @@ class CodingPhpTest extends CommonClassTest
//exit;
// Part to scan code vulnerability on SQL injection
// Check sql using ' instead of "
$ok = true;
$matches = array();
preg_match_all('/LIKE \\\/', $filecontent, $matches, PREG_SET_ORDER);
foreach ($matches as $key => $val) {
var_dump($matches);
$ok = false;
break;
}
//print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
$this->assertTrue($ok, "Found a LIKE \' when we should have LIKE ' - Bad.");
//exit;
// Check sql string DELETE|OR|AND|WHERE|INSERT ... yyy = ".$xxx
// with xxx that is not 'thi' (for $this->db->sanitize) and 'db-' (for $db->sanitize). It means we forget a ' if string, or an (int) if int, when forging sql request.