mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2026-02-13 03:12:35 +01:00
Merge branch '15.0' of git@github.com:Dolibarr/dolibarr.git into develop
Conflicts: htdocs/core/lib/functions.lib.php
This commit is contained in:
Laurent Destailleur
@@ -877,12 +877,12 @@ class SecurityTest extends PHPUnit\Framework\TestCase
|
||||
include_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php';
|
||||
|
||||
$s = '(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref : "Parent project not found"';
|
||||
$result=dol_eval($s, 1, 1, '');
|
||||
$result=dol_eval($s, 1, 1, '2');
|
||||
print "result = ".$result."\n";
|
||||
$this->assertEquals('Parent project not found', $result);
|
||||
|
||||
$s = '(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref : \'Parent project not found\'';
|
||||
$result=dol_eval($s, 1, 1, '');
|
||||
$result=dol_eval($s, 1, 1, '2');
|
||||
print "result = ".$result."\n";
|
||||
$this->assertEquals('Parent project not found', $result);
|
||||
|
||||
@@ -914,7 +914,24 @@ class SecurityTest extends PHPUnit\Framework\TestCase
|
||||
print "result = ".$result."\n";
|
||||
$this->assertContains('Bad string syntax to evaluate', $result);
|
||||
|
||||
global $leftmenu; // Used into strings to eval
|
||||
|
||||
$leftmenu = 'AAA';
|
||||
$conf->barcode->enabled = 1;
|
||||
$result=dol_eval('$conf->barcode->enabled && preg_match(\'/^(AAA|BBB)/\',$leftmenu)', 1, 1, '1');
|
||||
print "result = ".$result."\n";
|
||||
$this->assertTrue($result);
|
||||
|
||||
// Same with syntax error
|
||||
$leftmenu = 'XXX';
|
||||
$conf->barcode->enabled = 1;
|
||||
$result=dol_eval('$conf->barcode->enabled && preg_match(\'/^(AAA|BBB)/\',$leftmenu)', 1, 1, '1');
|
||||
print "result = ".$result."\n";
|
||||
$this->assertFalse($result);
|
||||
|
||||
|
||||
// Case with param onlysimplestring = 1
|
||||
|
||||
$result=dol_eval('1 && getDolGlobalInt("doesnotexist1") && $conf->global->MAIN_FEATURES_LEVEL', 1, 0); // Should return false and not a 'Bad string syntax to evaluate ...'
|
||||
print "result = ".$result."\n";
|
||||
$this->assertFalse($result);
|
||||
|
||||
Reference in New Issue
Block a user