From e0cd351b3eeb38909f5bffcfe7fcf3c00c93f06a Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 27 Mar 2023 17:37:09 +0200
Subject: [PATCH] Fix sanitize website module

---
 htdocs/core/lib/website.lib.php                | 12 ++++++++----
 test/phpunit/AllTests.php                      |  5 +++++
 ...Website.class.php => WebsiteTest.class.php} | 18 ++++++++++++++++++
 3 files changed, 31 insertions(+), 4 deletions(-)
 rename test/phpunit/{Website.class.php => WebsiteTest.class.php} (91%)

diff --git a/htdocs/core/lib/website.lib.php b/htdocs/core/lib/website.lib.php
index af48ec64885..8012d6cce4c 100644
--- a/htdocs/core/lib/website.lib.php
+++ b/htdocs/core/lib/website.lib.php
@@ -35,8 +35,10 @@ function dolStripPhpCode($str, $replacewith = '')
 
 	$newstr = '';
 
-	//split on each opening tag
-	$parts = explode('<?php', $str);
+	// Split on each opening tag
+	//$parts = explode('<?php', $str);
+	$parts = preg_split('/'.preg_quote('<?php', '/').'/i', $str);
+
 	if (!empty($parts)) {
 		$i = 0;
 		foreach ($parts as $part) {
@@ -77,8 +79,10 @@ function dolKeepOnlyPhpCode($str)
 
 	$newstr = '';
 
-	//split on each opening tag
-	$parts = explode('<?php', $str);
+	// Split on each opening tag
+	//$parts = explode('<?php', $str);
+	$parts = preg_split('/'.preg_quote('<?php', '/').'/i', $str);
+
 	if (!empty($parts)) {
 		$i = 0;
 		foreach ($parts as $part) {
diff --git a/test/phpunit/AllTests.php b/test/phpunit/AllTests.php
index 5979adabcec..2c492da6aee 100644
--- a/test/phpunit/AllTests.php
+++ b/test/phpunit/AllTests.php
@@ -219,6 +219,7 @@ class AllTests
 		require_once dirname(__FILE__).'/AccountingAccountTest.php';
 		$suite->addTestSuite('AccountingAccountTest');
 
+		// Rest
 		require_once dirname(__FILE__).'/RestAPIUserTest.php';
 		$suite->addTestSuite('RestAPIUserTest');
 		require_once dirname(__FILE__).'/RestAPIDocumentTest.php';
@@ -270,6 +271,10 @@ class AllTests
 		require_once dirname(__FILE__).'/EmailCollectorTest.php';
 		$suite->addTestSuite('EmailCollectorTest');
 
+		// Website
+		require_once dirname(__FILE__).'/WebsiteTest.php';
+		$suite->addTestSuite('Website');
+
 		return $suite;
 	}
 }
diff --git a/test/phpunit/Website.class.php b/test/phpunit/WebsiteTest.class.php
similarity index 91%
rename from test/phpunit/Website.class.php
rename to test/phpunit/WebsiteTest.class.php
index 50d0c16453d..2f0afbbed96 100644
--- a/test/phpunit/Website.class.php
+++ b/test/phpunit/WebsiteTest.class.php
@@ -175,4 +175,22 @@ class WebsiteTest extends PHPUnit\Framework\TestCase
 		// We must found no line (so code should be KO). If we found somethiing, it means there is a SQL injection of the 1=1
 		$this->assertEquals($res['code'], 'KO');
 	}
+
+	/**
+	 * testDolStripPhpCode
+	 *
+	 * @return	void
+	 */
+	public function testDolStripPhpCode()
+	{
+		global $db;
+
+		$s = "abc\n<?php echo 'def'\n// comment\n ?>ghi";
+		$result = dolStripPhpCode($s);
+		$this->assertEquals("abc\n<span phptag></span>ghi", $result);
+
+		$s = "abc\n<?PHP echo 'def'\n// comment\n ?>ghi";
+		$result = dolStripPhpCode($s);
+		$this->assertEquals("abc\n<span phptag></span>ghi", $result);
+	}
 }