Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 17:48:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

NEW: add some dolibarr functions to dol_eval forbidden functions (#29459)

Browse Source 
* NEW: add some dolibarr dangerous functions to dol_eval forbidden functions

* NEW: dol_copy added to forbidden functions

---------

Co-authored-by: Laurent Destailleur <eldy@destailleur.fr>
This commit is contained in:
jyhere
2024-04-24 20:40:19 +02:00
committed by GitHub
parent 85b4077d0d
commit cc3445d5ad
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
htdocs/core/lib/functions.lib.php
View File

@@ -10109,6 +10109,7 @@ function dol_eval($s, $returnvalue = 1, $hideerrors = 1, $onlysimplestring = '1'
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("function", "call_user_func"));
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("require", "include", "require_once", "include_once"));
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("eval", "create_function", "assert", "mb_ereg_replace")); // function with eval capabilities
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("dol_compress_dir", "dol_decode", "dol_delete_file", "dol_delete_dir", "dol_delete_dir_recursive", "dol_copy")); // more dolibarr functions
$forbiddenphpmethods = array('invoke', 'invokeArgs'); // Method of ReflectionFunction to execute a function