Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Add phpunit for dol_eval

Browse Source
This commit is contained in:
Laurent Destailleur
2021-06-09 17:47:27 +02:00
parent f1c94ac659
commit f472ff4fd9
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/core/lib/functions.lib.php
View File

@@ -8003,7 +8003,8 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1)
// We block using of php exec or php file functions
$forbiddenphpcommands = array("exec(", "passthru(", "shell_exec(", "system(", "proc_open(", "popen(", "eval(", "dol_eval(", "executeCLI(");
$forbiddenphpcommands = array_merge($forbiddenphpcommands, array("fopen(", "file_put_contents(", "fputs(", "fputscsv(", "fwrite(", "fpassthru(", "unlink(", "mkdir(", "rmdir(", "symlink(", "touch(", "umask("));
$forbiddenphpcommands = array_merge($forbiddenphpcommands, array('function(', '$$', 'call_user_func(', '_SESSION', '_COOKIE'));
$forbiddenphpcommands = array_merge($forbiddenphpcommands, array('function(', '$$', 'call_user_func('));
$forbiddenphpcommands = array_merge($forbiddenphpcommands, array('global', '_ENV', '_SESSION', '_COOKIE', '_GET', '_POST', '_REQUEST'));
do {
$oldstringtoclean = $s;
$s = str_ireplace($forbiddenphpcommands, '__forbiddenstring__', $s);