Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

FIX #34746

Browse Source
This commit is contained in:
ldestailleur
2025-07-15 21:51:50 +02:00
parent a145b3b44d
commit c0a0acf129
3 changed files with 54 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
test/phpunit/SecurityTest.php
View File

@@ -387,7 +387,8 @@ class SecurityTest extends CommonClassTest
{
$stringtotest = 'eée';
$decodedstring = dol_string_onlythesehtmlattributes($stringtotest);
$this->assertEquals('eée', $decodedstring, 'Function did not sanitize correctly with test 1');
//$this->assertEquals('eée', $decodedstring, 'Function did not sanitize correctly with test 1');
$this->assertEquals('eée', $decodedstring, 'Function did not sanitize correctly with test 1');
$stringtotest = '<div onload="ee"><a href="123"><span class="abc">abc</span></a></div>';
$decodedstring = dol_string_onlythesehtmlattributes($stringtotest);
@@ -1296,6 +1297,30 @@ class SecurityTest extends CommonClassTest
{
global $conf;
// Test on a string in hindi with MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES because
// in past this case was losing the UTF8.
$conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = 0;
$result = dol_htmlwithnojs('String in Hindi लेखाकर्म', 0, 'restricthtml');
print __METHOD__." result=".$result."\n";
$this->assertEquals('String in Hindi लेखाकर्म', $result, 'Test js sanitizing a Hindi string is ko');
$conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = 1;
$result = dol_htmlwithnojs('String in Hindi लेखाकर्म', 0, 'restricthtml');
print __METHOD__." result=".$result."\n";
$this->assertEquals('String in Hindi लेखाकर्म', $result, 'Test js sanitizing a Hindi string is ko');
$conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = 1;
$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML = 1;
$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY = 1;
$result = dol_htmlwithnojs('String in Hindi लेखाकर्म', 0, 'restricthtml');
print __METHOD__." result=".$result."\n";
$this->assertEquals('String in Hindi लेखाकर्म', $result, 'Test js sanitizing a Hindi string is ko');
$conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = 0;
// If we set this to 1, it will also convert emoticon in htmlentities, so tests must be modified.