Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-08 17:02:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '18.0' of git@github.com:Dolibarr/dolibarr.git into 19.0

Browse Source
This commit is contained in:
Laurent Destailleur
2024-03-03 19:50:22 +01:00
parent af6a091ab2 17ff0972ab
commit 1e00cf34d4
4 changed files with 56 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
test/phpunit/SecurityTest.php
View File

@@ -1084,7 +1084,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$this->assertEquals('0', $result3b);
$s = '(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref : "Parent project not found"';
$result=dol_eval($s, 1, 1, '2');
$result = (string) dol_eval($s, 1, 1, '2');
print "result3 = ".$result."\n";
$this->assertEquals('Parent project not found', $result);
@@ -1093,6 +1093,17 @@ class SecurityTest extends PHPUnit\Framework\TestCase
print "result4 = ".$result."\n";
$this->assertEquals('Parent project not found', $result);
$s = 'new abc->invoke(\'whoami\')';
$result = (string) dol_eval($s, 1, 1, '2');
print "result = ".$result."\n";
$this->assertEquals('Bad string syntax to evaluate: new abc__forbiddenstring__(\'whoami\')', $result);
$s = 'new ReflectionFunction(\'abc\')';
$result = (string) dol_eval($s, 1, 1, '2');
print "result = ".$result."\n";
$this->assertEquals('Bad string syntax to evaluate: new __forbiddenstring__(\'abc\')', $result);
$result = (string) dol_eval('$a=function() { }; $a;', 1, 1, '0');
print "result5 = ".$result."\n";
$this->assertStringContainsString('Bad string syntax to evaluate', $result);