Merge remote-tracking branch 'upstream/develop' into codesyntax

test/phpunit/SecurityTest.php

@@ -302,6 +302,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
 		$_POST["param8"]="Hacker<svg o&#110;load='console.log(&quot;123&quot;)'";	// html tag is not closed so it is not detected as html tag but is still harmfull
 		$_POST["param9"]='is_object($object) ? ($object->id < 10 ? round($object->id / 2, 2) : (2 * $user->id) * (int) substr($mysoc->zip, 1, 2)) : \'objnotdefined\'';
 		$_POST["param10"]='is_object($object) ? ($object->id < 10 ? round($object->id / 2, 2) : (2 * $user->id) * (int) substr($mysoc->zip, 1, 2)) : \'<abc>objnotdefined\'';
+		$_POST["param11"]=' Name <email@email.com> ';
 
 		$result=GETPOST('id', 'int');              // Must return nothing
 		print __METHOD__." result=".$result."\n";
@@ -349,6 +350,10 @@ class SecurityTest extends PHPUnit\Framework\TestCase
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals($_GET["param5"], $result);
 
+		$result=GETPOST("param6", 'alpha');
+		print __METHOD__." result=".$result."\n";
+		$this->assertEquals('\'\'>', $result);
+
 		$result=GETPOST("param6", 'nohtml');
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals('">', $result);
@@ -371,6 +376,14 @@ class SecurityTest extends PHPUnit\Framework\TestCase
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals($_POST["param9"], $result, 'We should get param9 after processing param10');
 
+		$result=GETPOST("param11", 'alphanohtml');
+		print __METHOD__." result=".$result."\n";
+		$this->assertEquals("Name", $result, 'Test an email string with alphanohtml');
+
+		$result=GETPOST("param11", 'alphawithlgt');
+		print __METHOD__." result=".$result."\n";
+		$this->assertEquals(trim($_POST["param11"]), $result, 'Test an email string with alphawithlgt');
+
 		return $result;
 	}