Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-13 11:15:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix #yogosha23464 possible RCE by an admin user.

Browse Source
This commit is contained in:
Laurent Destailleur
2024-07-23 18:27:18 +02:00
parent 1d04c0a37d
commit 7595609be2
2 changed files with 34 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
test/phpunit/SecurityTest.php
View File

@@ -1107,16 +1107,20 @@ class SecurityTest extends CommonClassTest
$a = 'ab';
$result = (string) dol_eval("(\$a.'s')", 1, 0);
print "result19 = ".$result."\n";
$this->assertStringContainsString('Bad string syntax to evaluate', $result);
$this->assertStringContainsString('Bad string syntax to evaluate', $result, 'Test 19');
$leftmenu = 'abs';
$result = (string) dol_eval('$leftmenu(-5)', 1, 0);
print "result20 = ".$result."\n";
$this->assertStringContainsString('Bad string syntax to evaluate', $result);
$this->assertStringContainsString('Bad string syntax to evaluate', $result, 'Test 20');
$result = (string) dol_eval('str_replace("z","e","zxzc")("whoami");', 1, 0);
print "result21 = ".$result."\n";
$this->assertStringContainsString('Bad string syntax to evaluate', $result);
$this->assertStringContainsString('Bad string syntax to evaluate', $result, 'Test 21');
$result = (string) dol_eval('($a = "ex") && ($b = "ec") && ($cmd = "$a$b") && $cmd ("curl localhost:5555")', 1, 0);
print "result22 = ".$result."\n";
$this->assertStringContainsString('Bad string syntax to evaluate', $result, 'Test 22');
}
/**