Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix regression in dol_eval

Browse Source
This commit is contained in:
Laurent Destailleur
2023-09-08 14:12:12 +02:00
parent e9787451a8
commit c379420d86
2 changed files with 29 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/core/lib/functions.lib.php
View File

@@ -9241,7 +9241,9 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1'
}
}
$scheck = preg_replace('/->[a-zA-Z0-9_]+\(/', '->__METHOD__', $s);
$scheck = preg_replace('/\s[a-zA-Z0-9_]+\(/', ' __FUNCTION__', $scheck);
$scheck = preg_replace('/^\(/', '__PARENTHESIS__', $scheck);
$scheck = preg_replace('/\s\(/', '__PARENTHESIS__', $scheck);
$scheck = preg_replace('/(|\s)[a-zA-Z0-9_]+\(/', '$1__FUNCTION__', $scheck);
$scheck = preg_replace('/(\^|\')\(/', '__REGEXSTART__', $scheck); // To allow preg_match('/^(aaa|bbb)/'... or isStringVarMatching('leftmenu', '(aaa|bbb)')
//print 'scheck='.$scheck." : ".strpos($scheck, '(')."\n";
if (strpos($scheck, '(') !== false) {

44
test/phpunit/SecurityTest.php
View File

@@ -940,11 +940,11 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$db=$this->savdb;
$result=dol_eval('1==1', 1, 0);
print "result = ".$result."\n";
print "result1 = ".$result."\n";
$this->assertTrue($result);
$result=dol_eval('1==2', 1, 0);
print "result = ".$result."\n";
print "result2 = ".$result."\n";
$this->assertFalse($result);
include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
@@ -952,44 +952,48 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$s = '(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref : "Parent project not found"';
$result=dol_eval($s, 1, 1, '2');
print "result = ".$result."\n";
print "result3 = ".$result."\n";
$this->assertEquals('Parent project not found', $result);
$s = '(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref : \'Parent project not found\'';
$result=dol_eval($s, 1, 1, '2');
print "result = ".$result."\n";
print "result4 = ".$result."\n";
$this->assertEquals('Parent project not found', $result);
$result=dol_eval('$a=function() { }; $a;', 1, 1, '0');
print "result = ".$result."\n";
print "result5 = ".$result."\n";
$this->assertContains('Bad string syntax to evaluate', $result);
$result=dol_eval('$a=function() { }; $a;', 1, 1, '1');
print "result6 = ".$result."\n";
$this->assertContains('Bad string syntax to evaluate', $result);
$result=dol_eval('$a=exec("ls");', 1, 1);
print "result = ".$result."\n";
print "result7 = ".$result."\n";
$this->assertContains('Bad string syntax to evaluate', $result);
$result=dol_eval('$a=exec ("ls")', 1, 1);
print "result = ".$result."\n";
print "result8 = ".$result."\n";
$this->assertContains('Bad string syntax to evaluate', $result);
$result=dol_eval('$a="test"; $$a;', 1, 0);
print "result = ".$result."\n";
print "result9 = ".$result."\n";
$this->assertContains('Bad string syntax to evaluate', $result);
$result=dol_eval('`ls`', 1, 0);
print "result = ".$result."\n";
print "result10 = ".$result."\n";
$this->assertContains('Bad string syntax to evaluate', $result);
$result=dol_eval("('ex'.'ec')('echo abc')", 1, 0);
print "result = ".$result."\n";
print "result11 = ".$result."\n";
$this->assertContains('Bad string syntax to evaluate', $result);
$result=dol_eval("sprintf(\"%s%s\", \"ex\", \"ec\")('echo abc')", 1, 0);
print "result = ".$result."\n";
print "result12 = ".$result."\n";
$this->assertContains('Bad string syntax to evaluate', $result);
$result=dol_eval("90402.38+267678+0", 1, 1, 1);
print "result = ".$result."\n";
print "result13 = ".$result."\n";
$this->assertEquals('358080.38', $result);
global $leftmenu; // Used into strings to eval
@@ -1002,32 +1006,36 @@ class SecurityTest extends PHPUnit\Framework\TestCase
// Same with a value that does not match
$leftmenu = 'XXX';
$result=dol_eval('$conf->currency && preg_match(\'/^(AAA|BBB)/\',$leftmenu)', 1, 1, '1');
print "result = ".$result."\n";
print "result14 = ".$result."\n";
$this->assertFalse($result);
$leftmenu = 'AAA';
$result=dol_eval('$conf->currency && isStringVarMatching(\'leftmenu\', \'(AAA|BBB)\')', 1, 1, '1');
print "result = ".$result."\n";
print "result15 = ".$result."\n";
$this->assertTrue($result);
$leftmenu = 'XXX';
$result=dol_eval('$conf->currency && isStringVarMatching(\'leftmenu\', \'(AAA|BBB)\')', 1, 1, '1');
print "result = ".$result."\n";
print "result16 = ".$result."\n";
$this->assertFalse($result);
$string = '(isModEnabled("agenda") || isModEnabled("resource")) && getDolGlobalInt("MAIN_FEATURES_LEVEL") >= 0 && preg_match(\'/^(admintools|all|XXX)/\', $leftmenu)';
$result=dol_eval($string, 1, 1, '1');
print "result17 = ".$result."\n";
$this->assertTrue($result);
// Case with param onlysimplestring = 1
$result=dol_eval('1 && getDolGlobalInt("doesnotexist1") && $conf->global->MAIN_FEATURES_LEVEL', 1, 0); // Should return false and not a 'Bad string syntax to evaluate ...'
print "result = ".$result."\n";
print "result18 = ".$result."\n";
$this->assertFalse($result);
$result=dol_eval("(\$a.'aa')", 1, 0);
print "result = ".$result."\n";
print "result19 = ".$result."\n";
$this->assertContains('Bad string syntax to evaluate', $result);
$result=dol_eval('$a="abs" && $a(5)', 1, 0);
print "result = a".$result."\n";
print "result20 = ".$result."\n";
$this->assertContains('Bad string syntax to evaluate', $result);
}