Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Ob buffer cleanup on exception

Browse Source 
# Fix: Ob buffer cleanup on exception

The OB buffer capture was incorrectly cleaned up on exception.
This fixes that.

Also modified the SecurityTest to enable running it standalone
This commit is contained in:
MDW 2024-03-10 15:17:58 +01:00
parent 4c442de1a2
commit 101d56a2c1
No known key found for this signature in database
3 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
htdocs/core/lib/functions.lib.php
View File

@ -9839,6 +9839,7 @@ function dol_eval($s, $returnvalue = 1, $hideerrors = 1, $onlysimplestring = '1'
global $object;
global $obj; // To get $obj used into list when dol_eval() is used for computed fields and $obj is not yet $object
$isObBufferActive = false; // When true, the ObBuffer must be cleaned in the exception handler
if (!in_array($onlysimplestring, array('0', '1', '2'))) {
return "Bad call of dol_eval. Parameter onlysimplestring must be '0' (deprecated), '1' or '2'";
}
@ -9957,16 +9958,20 @@ function dol_eval($s, $returnvalue = 1, $hideerrors = 1, $onlysimplestring = '1'
if ($returnvalue) {
if ($hideerrors) {
ob_start(); // An evaluation has no reason to output data
$isObBufferActive = true;
$tmps = @eval('return '.$s.';');
$tmpo = ob_get_clean();
$isObBufferActive = false;
if ($tmpo) {
print 'Bad string syntax to evaluate. Some data were output when it should not when evaluating: '.$s;
}
return $tmps;
} else {
ob_start(); // An evaluation has no reason to output data
$isObBufferActive = true;
$tmps = eval('return '.$s.';');
$tmpo = ob_get_clean();
$isObBufferActive = false;
if ($tmpo) {
print 'Bad string syntax to evaluate. Some data were output when it should not when evaluating: '.$s;
}
@ -9981,6 +9986,11 @@ function dol_eval($s, $returnvalue = 1, $hideerrors = 1, $onlysimplestring = '1'
}
}
} catch (Error $e) {
if ($isObBufferActive) {
// Clean up buffer which was left behind due to exception.
$tmpo = ob_get_clean();
$isObBufferActive = false;
}
$error = 'dol_eval try/catch error : ';
$error .= $e->getMessage();
dol_syslog($error, LOG_WARNING);

5
test/phpunit/CommonClassTest.class.php
View File

@ -26,11 +26,16 @@
* \remarks Class that extends all PHPunit tests. To share similare code between each test.
*/
// Workaround for false security issue with main.inc.php in tests:
$_SERVER['PHP_SELF'] = "phpunit";
global $conf,$user,$langs,$db;
//define('TEST_DB_FORCE_TYPE','mysql'); // This is to force using mysql driver
//require_once 'PHPUnit/Autoload.php';
require_once dirname(__FILE__).'/../../htdocs/master.inc.php';
if (empty($user->id)) {
print "Load permissions for admin user nb 1\n";
$user->fetch(1);

7
test/phpunit/SecurityTest.php
View File

@ -53,10 +53,11 @@ if (! defined("NOSESSION")) {
define("NOSESSION", '1');
}
require_once dirname(__FILE__).'/../../htdocs/main.inc.php';
// Implements workaround for PHP_SELF & includes common files:
require_once dirname(__FILE__).'/CommonClassTest.class.php';
require_once dirname(__FILE__).'/../../htdocs/core/lib/security.lib.php';
require_once dirname(__FILE__).'/../../htdocs/core/lib/security2.lib.php';
require_once dirname(__FILE__).'/CommonClassTest.class.php';
if (empty($user->id)) {
print "Load permissions for admin user nb 1\n";
@ -988,7 +989,7 @@ class SecurityTest extends CommonClassTest
include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
include_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php';
$result=dol_eval('1==1', 1, 0);
$result = dol_eval('1==1', 1, 0);
print "result1 = ".$result."\n";
$this->assertTrue($result);