Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-11 10:22:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

Clean code

Browse Source
This commit is contained in:
ldestailleur
2025-04-01 15:21:43 +02:00
parent 8efa60f4b0
commit 15f2f4f223
2 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
test/phpunit/SecurityTest.php
View File

@@ -709,7 +709,11 @@ class SecurityTest extends CommonClassTest
print "result10 = ".$result."\n";
$this->assertStringContainsString('Bad string syntax to evaluate', $result, 'The string was not detected as evil');
$result = (string) dol_eval("('ex'.'ec')('echo abc')", 1, 0);
$result = (string) dol_eval("('ex'.'ec')('ls')", 1, 0); // This will execute exec of ls
print "result11 = ".$result."\n";
$this->assertStringContainsString('Bad string syntax to evaluate (mode 1, found call of a function or method without using the direct name of the function)', $result, 'The string was not detected as evil');
$result = (string) dol_eval("('ex'.'ec') /* */ ('ls')", 1, 0); // This will execute exec of ls
print "result11 = ".$result."\n";
$this->assertStringContainsString('Bad string syntax to evaluate (mode 1, found call of a function or method without using the direct name of the function)', $result, 'The string was not detected as evil');