mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-12-06 17:48:25 +01:00
FIX javascript xss injection and a translation
This commit is contained in:
Laurent Destailleur
@@ -27,7 +27,7 @@
|
||||
-- de l'install et tous les sigles '--' sont supprimés.
|
||||
--
|
||||
|
||||
insert into llx_c_payment_term(rowid, code, sortorder, active, libelle, libelle_facture, fdm, nbjour) values (1,'RECEP', 1,1, 'A réception de facture','Réception de facture',0,1);
|
||||
insert into llx_c_payment_term(rowid, code, sortorder, active, libelle, libelle_facture, fdm, nbjour) values (1,'RECEP', 1,1, 'Due Upon Receipt','Due Upon Receipt',0,1);
|
||||
insert into llx_c_payment_term(rowid, code, sortorder, active, libelle, libelle_facture, fdm, nbjour) values (2,'30D', 2,1, '30 jours','Réglement à 30 jours',0,30);
|
||||
insert into llx_c_payment_term(rowid, code, sortorder, active, libelle, libelle_facture, fdm, nbjour) values (3,'30DENDMONTH', 3,1, '30 jours fin de mois','Réglement à 30 jours fin de mois',1,30);
|
||||
insert into llx_c_payment_term(rowid, code, sortorder, active, libelle, libelle_facture, fdm, nbjour) values (4,'60D', 4,1, '60 jours','Réglement à 60 jours',0,60);
|
||||
|
||||
@@ -329,8 +329,8 @@ GeneratedFromRecurringInvoice=Generated from template recurring invoice %s
|
||||
DateIsNotEnough=Date not reached yet
|
||||
InvoiceGeneratedFromTemplate=Invoice %s generated from recurring template invoice %s
|
||||
# PaymentConditions
|
||||
PaymentConditionShortRECEP=Immediate
|
||||
PaymentConditionRECEP=Immediate
|
||||
PaymentConditionShortRECEP=Due Upon Receipt
|
||||
PaymentConditionRECEP=Due Upon Receipt
|
||||
PaymentConditionShort30D=30 days
|
||||
PaymentCondition30D=30 days
|
||||
PaymentConditionShort30DENDMONTH=30 days of month-end
|
||||
|
||||
@@ -89,7 +89,6 @@ function test_sql_and_script_inject($val, $type)
|
||||
$sql_inj += preg_match('/union.+select/i', $val);
|
||||
$sql_inj += preg_match('/into\s+(outfile|dumpfile)/i', $val);
|
||||
$sql_inj += preg_match('/(\.\.%2f)+/i', $val);
|
||||
$sql_inj += preg_match('/onerror=/i', $val);
|
||||
}
|
||||
// For XSS Injection done by adding javascript with script
|
||||
// This is all cases a browser consider text is javascript:
|
||||
@@ -98,7 +97,8 @@ function test_sql_and_script_inject($val, $type)
|
||||
$sql_inj += preg_match('/<script/i', $val);
|
||||
if (! defined('NOSTYLECHECK')) $sql_inj += preg_match('/<style/i', $val);
|
||||
$sql_inj += preg_match('/base[\s]+href/si', $val);
|
||||
$sql_inj += preg_match('/<.*onmouse/si', $val); // onmouseover can be set on img or any html tag like <img title='>' onmouseover=alert(1)>
|
||||
$sql_inj += preg_match('/<.*onmouse/si', $val); // onmousexxx can be set on img or any html tag like <img title='>' onmouseover=alert(1)>
|
||||
$sql_inj += preg_match('/onerror\s*=/i', $val); // onerror can be set on img or any html tag like <img title='>' onerror = alert(1)>
|
||||
if ($type == 1)
|
||||
{
|
||||
$sql_inj += preg_match('/javascript:/i', $val);
|
||||
|
||||
@@ -219,7 +219,7 @@ class CoreTest extends PHPUnit_Framework_TestCase
|
||||
|
||||
print __METHOD__." DOL_MAIN_URL_ROOT=".DOL_MAIN_URL_ROOT."\n";
|
||||
print __METHOD__." DOL_URL_ROOT=".DOL_URL_ROOT."\n";
|
||||
$this->assertEquals(DOL_URL_ROOT,$expectedresult);
|
||||
$this->assertEquals($expectedresult, DOL_URL_ROOT);
|
||||
|
||||
return true;
|
||||
}
|
||||
@@ -245,7 +245,7 @@ class CoreTest extends PHPUnit_Framework_TestCase
|
||||
global $dolibarr_main_db_prefix;
|
||||
|
||||
|
||||
// This is code copied from main.inc.php
|
||||
// This is code copied from main.inc.php !!!!!!!!!!!!!!!
|
||||
|
||||
/**
|
||||
* Security: SQL Injection and XSS Injection (scripts) protection (Filters on GET, POST, PHP_SELF).
|
||||
@@ -258,13 +258,15 @@ class CoreTest extends PHPUnit_Framework_TestCase
|
||||
{
|
||||
$sql_inj = 0;
|
||||
// For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
|
||||
if ($type != 2) {
|
||||
$sql_inj += preg_match('/delete[\s]+from/i', $val);
|
||||
$sql_inj += preg_match('/create[\s]+table/i', $val);
|
||||
if ($type != 2)
|
||||
{
|
||||
$sql_inj += preg_match('/delete\s+from/i', $val);
|
||||
$sql_inj += preg_match('/create\s+table/i', $val);
|
||||
$sql_inj += preg_match('/update.+set.+=/i', $val);
|
||||
$sql_inj += preg_match('/insert[\s]+into/i', $val);
|
||||
$sql_inj += preg_match('/insert\s+into/i', $val);
|
||||
$sql_inj += preg_match('/select.+from/i', $val);
|
||||
$sql_inj += preg_match('/union.+select/i', $val);
|
||||
$sql_inj += preg_match('/into\s+(outfile|dumpfile)/i', $val);
|
||||
$sql_inj += preg_match('/(\.\.%2f)+/i', $val);
|
||||
}
|
||||
// For XSS Injection done by adding javascript with script
|
||||
@@ -273,22 +275,40 @@ class CoreTest extends PHPUnit_Framework_TestCase
|
||||
// All examples on page: http://ha.ckers.org/xss.html#XSScalc
|
||||
$sql_inj += preg_match('/<script/i', $val);
|
||||
if (! defined('NOSTYLECHECK')) $sql_inj += preg_match('/<style/i', $val);
|
||||
$sql_inj += preg_match('/base[\s]+href/i', $val);
|
||||
if ($type == 1) {
|
||||
$sql_inj += preg_match('/base[\s]+href/si', $val);
|
||||
$sql_inj += preg_match('/<.*onmouse/si', $val); // onmousexxx can be set on img or any html tag like <img title='>' onmouseover=alert(1)>
|
||||
$sql_inj += preg_match('/onerror\s*=/i', $val); // onerror can be set on img or any html tag like <img title='>' onerror = alert(1)>
|
||||
if ($type == 1)
|
||||
{
|
||||
$sql_inj += preg_match('/javascript:/i', $val);
|
||||
$sql_inj += preg_match('/vbscript:/i', $val);
|
||||
}
|
||||
// For XSS Injection done by adding javascript closing html tags like with onmousemove, etc... (closing a src or href tag with not cleaned param)
|
||||
if ($type == 1) $sql_inj += preg_match('/"/i', $val); // We refused " in GET parameters value
|
||||
if ($type == 2) $sql_inj += preg_match('/[\s;"]/', $val); // PHP_SELF is an url and must match url syntax
|
||||
if ($type == 2) $sql_inj += preg_match('/[;"]/', $val); // PHP_SELF is a file system path. It can contains spaces.
|
||||
return $sql_inj;
|
||||
}
|
||||
|
||||
//type=2 key=0 value=/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices
|
||||
// Run tests
|
||||
|
||||
$_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices';
|
||||
$result=test_sql_and_script_inject($_SERVER["PHP_SELF"], 2);
|
||||
$expectedresult=1;
|
||||
$expectedresult=0;
|
||||
$this->assertEquals($expectedresult, $result, 'Error on test_sql_and_script_inject 1a');
|
||||
|
||||
$this->assertEquals($result,$expectedresult);
|
||||
$_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices;badaction';
|
||||
$result=test_sql_and_script_inject($_SERVER["PHP_SELF"], 2);
|
||||
$expectedresult=1;
|
||||
$this->assertEquals($expectedresult, $result, 'Error on test_sql_and_script_inject 1b');
|
||||
|
||||
$_GET['aaa']="<img src='1.jpg' onerror =javascript:alert('XSS')>";
|
||||
$result=test_sql_and_script_inject($_GET['aaa'], 0);
|
||||
$expectedresult=1;
|
||||
$this->assertEquals($expectedresult, $result, 'Error on test_sql_and_script_inject 2');
|
||||
|
||||
$_POST['bbb']="<img src='1.jpg' onerror =javascript:alert('XSS')>";
|
||||
$result=test_sql_and_script_inject($_POST['bbb'], 2);
|
||||
$expectedresult=1;
|
||||
$this->assertEquals($expectedresult, $result, 'Error on test_sql_and_script_inject 3');
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user