diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php
index 07b23c5d5f1..d862ee2607e 100644
--- a/htdocs/core/class/commonobject.class.php
+++ b/htdocs/core/class/commonobject.class.php
@@ -8299,7 +8299,12 @@ abstract class CommonObject
$value = ''.$langs->trans("Encrypted").'';
//$value = preg_replace('/./i', '*', $value);
} elseif ($type == 'array') {
- $value = implode('
', $value);
+ if (is_array($value)) {
+ $value = implode('
', $value);
+ } else {
+ dol_syslog(__METHOD__.' Expected array from dol_eval, but got '.gettype($value), LOG_ERR);
+ return 'Error unexpected result from code evaluation';
+ }
} else { // text|html|varchar
$value = dol_htmlentitiesbr($value);
}
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 9403de7500b..d697c7595f3 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -9925,7 +9925,7 @@ function verifCond($strToEvaluate, $onlysimplestring = '1')
* @param string $onlysimplestring '0' (deprecated, do not use it anymore)=Accept all chars,
* '1' (most common use)=Accept only simple string with char 'a-z0-9\s^$_+-.*>&|=!?():"\',/@';',
* '2' (used for example for the compute property of extrafields)=Accept also '[]'
- * @return mixed Nothing or return result of eval
+ * @return void|string Nothing or return result of eval (even if type can be int, it is safer to assume string and find all potential typing issues as abs(dol_eval(...)).
* @see verifCond()
* @phan-suppress PhanPluginUnsafeEval
*/
diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php
index fadb09ca3af..c2834b649df 100644
--- a/htdocs/projet/list.php
+++ b/htdocs/projet/list.php
@@ -226,7 +226,7 @@ $arrayfields = array();
foreach ($object->fields as $key => $val) {
// If $val['visible']==0, then we never show the field
if (!empty($val['visible'])) {
- $visible = dol_eval($val['visible'], 1, 1, '1');
+ $visible = (int) dol_eval($val['visible'], 1, 1, '1');
$arrayfields['p.'.$key] = array(
'label' => $val['label'],
'checked' => (($visible < 0) ? 0 : 1),