Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-11 18:32:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '21.0' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source
This commit is contained in:
Laurent Destailleur (aka Eldy)
2025-01-08 17:54:13 +01:00
parent 8febf249ce 13039a2942
commit 79ae59ee2a
124 changed files with 379 additions and 242 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
test/phpunit/SecurityTest.php
View File

@@ -760,13 +760,14 @@ class SecurityTest extends CommonClassTest
$this->assertStringContainsString('Bad string syntax to evaluate', json_encode($result), 'Test 23 - The string was not detected as evil - Can\'t find the string Bad string syntax when i should');
}
/**
* testDolPrintHTML.
* testDolPrintHTMLAndDolPrintHtmlForAttribute.
* This method include calls to dol_htmlwithnojs()
*
* @return int
*/
public function testDolPrintHTML()
public function testDolPrintHTMLAndDolPrintHtmlForAttribute()
{
global $conf;
@@ -781,17 +782,62 @@ class SecurityTest extends CommonClassTest
$conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = 0; // disabled, does not work on HTML5 and some libxml versions
// For a string that is already HTML (contains HTML tags) with special tags but badly formatted
$stringtotest = "">";
$stringfixed = "">";
// dolPrintHTML - With dolPrintHTML(), only content not already in HTML is encoded with HTML.
$stringtotest = "< > <b>bold</b>";
$stringfixed = "&lt; &gt; <b>bold</b>";
//$result = dol_htmlentitiesbr($stringtotest);
//$result = dol_string_onlythesehtmltags(dol_htmlentitiesbr($stringtotest), 1, 1, 1, 0);
//$result = dol_htmlwithnojs(dol_string_onlythesehtmltags(dol_htmlentitiesbr($stringtotest), 1, 1, 1, 0));
//$result = dol_escape_htmltag(dol_htmlwithnojs(dol_string_onlythesehtmltags(dol_htmlentitiesbr($stringtotest), 1, 1, 1, 0)), 1, 1, 'common', 0, 1);
//$result = dol_escape_htmltag(dol_htmlwithnojs(dol_string_onlythesehtmltags(dol_htmlentitiesbr($stringtotest), 1, 1, 1, 0, array())), 1, 1, 'common', 0, 1);
$result = dolPrintHTML($stringtotest);
print __METHOD__." result=".$result."\n";
$this->assertEquals($stringfixed, $result, 'Error'); // Expected '' because should failed because login 'auto' does not exists
$this->assertEquals($stringfixed, $result, 'Error in dolPrintHTML test 1'); // Expected '' because should failed because login 'auto' does not exists
// For a string that is already HTML (contains HTML tags) with special tags but badly formatted
$stringtotest = "&quot; &gt; &lt; <b>bold</b>";
$stringfixed = "&quot; &gt; &lt; <b>bold</b>";
//$result = dol_htmlentitiesbr($stringtotest);
//$result = dol_string_onlythesehtmltags(dol_htmlentitiesbr($stringtotest), 1, 1, 1, 0);
//$result = dol_htmlwithnojs(dol_string_onlythesehtmltags(dol_htmlentitiesbr($stringtotest), 1, 1, 1, 0));
//$result = dol_escape_htmltag(dol_htmlwithnojs(dol_string_onlythesehtmltags(dol_htmlentitiesbr($stringtotest), 1, 1, 1, 0, array())), 1, 1, 'common', 0, 1);
$result = dolPrintHTML($stringtotest);
print __METHOD__." result=".$result."\n";
$this->assertEquals($stringfixed, $result, 'Error in dolPrintHTML test 2'); // Expected '' because should failed because login 'auto' does not exists
// dolPrintHTMLForAttribute - With dolPrintHTMLForAttribute(), the content is HTML encode, even if it is already HTML content.
$stringtotest = "< > <b>bold</b>";
$stringfixed = "&lt; &gt; &lt;b&gt;bold&lt;/b&gt;";
//$result = dol_htmlentitiesbr($stringtotest);
//$result = dol_string_onlythesehtmltags(dol_htmlentitiesbr($stringtotest), 1, 1, 1, 0);
//$result = dol_htmlwithnojs(dol_string_onlythesehtmltags(dol_htmlentitiesbr($stringtotest), 1, 1, 1, 0));
//$result = dol_escape_htmltag(dol_htmlwithnojs(dol_string_onlythesehtmltags(dol_htmlentitiesbr($stringtotest), 1, 1, 1, 0, array())), 1, 1, 'common', 0, 1);
$result = dolPrintHTMLForAttribute($stringtotest);
print __METHOD__." result=".$result."\n";
$this->assertEquals($stringfixed, $result, 'Error in dolPrintHTMLForAttribute test 1'); // Expected '' because should failed because login 'auto' does not exists
// For a string that is already HTML (contains HTML tags) with special tags but badly formatted
$stringtotest = "&quot; &gt; &lt; <b>bold</b>";
$stringfixed = "&amp;quot; &amp;gt; &amp;lt; &lt;b&gt;bold&lt;/b&gt;";
//$result = dol_htmlentitiesbr($stringtotest);
//$result = dol_string_onlythesehtmltags(dol_htmlentitiesbr($stringtotest), 1, 1, 1, 0);
//$result = dol_htmlwithnojs(dol_string_onlythesehtmltags(dol_htmlentitiesbr($stringtotest), 1, 1, 1, 0));
//$result = dol_escape_htmltag(dol_htmlwithnojs(dol_string_onlythesehtmltags(dol_htmlentitiesbr($stringtotest), 1, 1, 1, 0, array())), 1, 1, 'common', 0, 1);
$result = dolPrintHTMLForAttribute($stringtotest);
print __METHOD__." result=".$result."\n";
$this->assertEquals($stringfixed, $result, 'Error in dolPrintHTMLForAttribute test 2'); // Expected '' because should failed because login 'auto' does not exists
// dolPrintHTML
/*
//return dol_escape_htmltag(dol_string_onlythesehtmltags(dol_htmlentitiesbr($s), 1, 0, 0, 0, array('br', 'b', 'font', 'hr', 'span')), 1, -1, '', 0, 1);
$result = dolPrintHTMLForAttribute($stringtotest);
print __METHOD__." result=".$result."\n";
$this->assertEquals($stringfixed, $result, 'Error in dolPrintHTML test 2'); // Expected '' because should failed because login 'auto' does not exists
*/
// For a string that is already HTML (contains HTML tags) with special tags but badly formatted
$stringtotest = "testA\n<h1>hhhh</h1><z>ddd</z><header>aaa</header><footer>bbb</footer>";