From cc3445d5ad1518e1e48b4766bf8381786cd8da4c Mon Sep 17 00:00:00 2001 From: jyhere Date: Wed, 24 Apr 2024 20:40:19 +0200 Subject: [PATCH] NEW: add some dolibarr functions to dol_eval forbidden functions (#29459) * NEW: add some dolibarr dangerous functions to dol_eval forbidden functions * NEW: dol_copy added to forbidden functions --------- Co-authored-by: Laurent Destailleur --- htdocs/core/lib/functions.lib.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 51770eb03a4..d6d7f4016a2 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -10109,6 +10109,7 @@ function dol_eval($s, $returnvalue = 1, $hideerrors = 1, $onlysimplestring = '1' $forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("function", "call_user_func")); $forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("require", "include", "require_once", "include_once")); $forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("eval", "create_function", "assert", "mb_ereg_replace")); // function with eval capabilities + $forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("dol_compress_dir", "dol_decode", "dol_delete_file", "dol_delete_dir", "dol_delete_dir_recursive", "dol_copy")); // more dolibarr functions $forbiddenphpmethods = array('invoke', 'invokeArgs'); // Method of ReflectionFunction to execute a function