Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-07 10:08:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix add a protection against bad param of dol_eval

Browse Source
This commit is contained in:
Laurent Destailleur
2023-03-13 11:15:46 +01:00
parent abfd324301
commit 3300905599
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/core/lib/functions.lib.php
View File

@@ -8634,6 +8634,10 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1'
}
}
}
if (is_array($s) || $s === 'Array') {
return 'Bad string syntax to evaluate (value is Array) '.var_export($s, true);
}
if (strpos($s, '::') !== false) {
if ($returnvalue) {
return 'Bad string syntax to evaluate (double : char is forbidden): '.$s;