From eddc2a1a262909ab16524517fdc39929b8d97bfe Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sat, 8 Jan 2022 19:50:55 +0100
Subject: [PATCH] FIX #yogosha8272

---
 htdocs/product/ajax/products.php |  4 ++--
 htdocs/societe/ajax/company.php  |  4 ++--
 test/phpunit/CodingPhpTest.php   | 13 +++++++++++++
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/htdocs/product/ajax/products.php b/htdocs/product/ajax/products.php
index e230d148026..c6ce5fb5873 100644
--- a/htdocs/product/ajax/products.php
+++ b/htdocs/product/ajax/products.php
@@ -47,7 +47,7 @@ if (empty($_GET['keysearch']) && !defined('NOREQUIREHTML')) {
 
 require '../../main.inc.php';
 
-$htmlname = GETPOST('htmlname', 'alpha');
+$htmlname = GETPOST('htmlname', 'aZ09');
 $socid = GETPOST('socid', 'int');
 $type = GETPOST('type', 'int');
 $mode = GETPOST('mode', 'int');
@@ -242,7 +242,7 @@ if (!empty($action) && $action == 'fetch' && !empty($id)) {
 	// Filter on the product to search can be:
 	// Into an array with key $htmlname123 (we take first one found). Which page use this ?
 	// Into a var with name $htmlname can be 'prodid', 'productid', ...
-	$match = preg_grep('/('.$htmlname.'[0-9]+)/', array_keys($_GET));
+	$match = preg_grep('/('.preg_quote($htmlname, '/').'[0-9]+)/', array_keys($_GET));
 	sort($match);
 
 	$idprod = (empty($match[0]) ? '' : $match[0]);		// Take first key found into GET array with matching $htmlname123
diff --git a/htdocs/societe/ajax/company.php b/htdocs/societe/ajax/company.php
index 7edd00db4d5..9dfe3909393 100644
--- a/htdocs/societe/ajax/company.php
+++ b/htdocs/societe/ajax/company.php
@@ -44,7 +44,7 @@ if (!defined('NOCSRFCHECK')) {
 require '../../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
 
-$htmlname = GETPOST('htmlname', 'alpha');
+$htmlname = GETPOST('htmlname', 'aZ09');
 $filter = GETPOST('filter', 'alpha');
 $outjson = (GETPOST('outjson', 'int') ? GETPOST('outjson', 'int') : 0);
 $action = GETPOST('action', 'aZ09');
@@ -102,7 +102,7 @@ if (!empty($action) && $action == 'fetch' && !empty($id)) {
 	// Filter on the company to search can be:
 	// Into an array with key $htmlname123 (we take first one found). Which page use this ?
 	// Into a var with name $htmlname can be 'prodid', 'productid', ...
-	$match = preg_grep('/('.$htmlname.'[0-9]+)/', array_keys($_GET));
+	$match = preg_grep('/('.preg_quote($htmlname, '/').'[0-9]+)/', array_keys($_GET));
 	sort($match);
 
 	$id = (!empty($match[0]) ? $match[0] : '');		// Take first key found into GET array with matching $htmlname123
diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php
index 7f894fe8b29..b173779538b 100644
--- a/test/phpunit/CodingPhpTest.php
+++ b/test/phpunit/CodingPhpTest.php
@@ -473,6 +473,19 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase
 			$this->assertTrue($ok, 'Found a forbidden string sequence into '.$file['relativename'].' : name="token" value="\'.$_SESSION[..., you must use a newToken() instead of $_SESSION[\'newtoken\'].');
 
 
+			// Test we don't have @var array(
+			$ok=true;
+			$matches=array();
+			preg_match_all('/preg_grep\(.*\$/', $filecontent, $matches, PREG_SET_ORDER);
+			foreach ($matches as $key => $val) {
+				if (strpos($val[0], 'preg_quote') === false) {
+					$ok=false;
+					break;
+				}
+			}
+			$this->assertTrue($ok, 'Found a preg_grep with a param that is a $var but without preg_quote in file '.$file['relativename'].'.');
+
+
 			// Test we don't have @var array(
 			$ok=true;
 			$matches=array();