Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-15 22:11:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Disallow $_ into php code.

Browse Source
This commit is contained in:
Laurent Destailleur
2024-07-23 16:19:08 +02:00
parent 5a7319664e
commit 56ed17a2c4
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/functions.lib.php
View File

@@ -10312,7 +10312,7 @@ function dol_eval($s, $returnvalue = 1, $hideerrors = 1, $onlysimplestring = '1'
} }
// We block use of php exec or php file functions // We block use of php exec or php file functions
$forbiddenphpstrings = array('$$'); $forbiddenphpstrings = array('$$', '$_');
$forbiddenphpstrings = array_merge($forbiddenphpstrings, array('_ENV', '_SESSION', '_COOKIE', '_GET', '_POST', '_REQUEST', 'ReflectionFunction')); $forbiddenphpstrings = array_merge($forbiddenphpstrings, array('_ENV', '_SESSION', '_COOKIE', '_GET', '_POST', '_REQUEST', 'ReflectionFunction'));
$forbiddenphpfunctions = array("exec", "passthru", "shell_exec", "system", "proc_open", "popen"); $forbiddenphpfunctions = array("exec", "passthru", "shell_exec", "system", "proc_open", "popen");