mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-02-20 13:46:52 +01:00
Try to fix phpunit on dol_eval
This commit is contained in:
Laurent Destailleur
parent
4f12346c3f
commit
33288ee66a
|
|
@ -9244,8 +9244,9 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1'
|
|||
$scheck = preg_replace('/->[a-zA-Z0-9_]+\(/', '->__METHOD__', $s); // accept parenthesis in '...->method(...'
|
||||
$scheck = preg_replace('/^\(/', '__PARENTHESIS__', $scheck); // accept parenthesis in '(...'
|
||||
$scheck = preg_replace('/\s\(/', '__PARENTHESIS__', $scheck); // accept parenthesis in '... ('
|
||||
$scheck = preg_replace('/(|\s)[a-zA-Z0-9_]+\(/', '$1__FUNCTION__', $scheck); // accept parenthesis in 'function(' or '... function('
|
||||
$scheck = preg_replace('/(\^|\')\(/', '__REGEXSTART__', $scheck); // To allow preg_match('/^(aaa|bbb)/'... or isStringVarMatching('leftmenu', '(aaa|bbb)')
|
||||
$scheck = preg_replace('/^[a-zA-Z0-9_]+\(/', '$1__FUNCTION__', $scheck); // accept parenthesis in 'function('
|
||||
$scheck = preg_replace('/\s[a-zA-Z0-9_]+\(/', '$1__FUNCTION__', $scheck); // accept parenthesis in '... function('
|
||||
$scheck = preg_replace('/(\^|\')\(/', '__REGEXSTART__', $scheck); // To allow preg_match('/^(aaa|bbb)/'... or isStringVarMatching('leftmenu', '(aaa|bbb)')
|
||||
//print 'scheck='.$scheck." : ".strpos($scheck, '(')."\n";
|
||||
if (strpos($scheck, '(') !== false) {
|
||||
if ($returnvalue) {
|
||||
|
|
@ -9270,7 +9271,8 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1'
|
|||
$scheck = preg_replace('/->[a-zA-Z0-9_]+\(/', '->__METHOD__', $s); // accept parenthesis in '...->method(...'
|
||||
$scheck = preg_replace('/^\(/', '__PARENTHESIS__', $scheck); // accept parenthesis in '(...'
|
||||
$scheck = preg_replace('/\s\(/', '__PARENTHESIS__', $scheck); // accept parenthesis in '... ('
|
||||
$scheck = preg_replace('/(|\s)[a-zA-Z0-9_]+\(/', '$1__FUNCTION__', $scheck); // accept parenthesis in 'function(' or '... function('
|
||||
$scheck = preg_replace('/^[a-zA-Z0-9_]+\(/', '$1__FUNCTION__', $scheck); // accept parenthesis in 'function('
|
||||
$scheck = preg_replace('/\s[a-zA-Z0-9_]+\(/', '$1__FUNCTION__', $scheck); // accept parenthesis in '... function('
|
||||
$scheck = preg_replace('/(\^|\')\(/', '__REGEXSTART__', $scheck); // To allow preg_match('/^(aaa|bbb)/'... or isStringVarMatching('leftmenu', '(aaa|bbb)')
|
||||
//print 'scheck='.$scheck." : ".strpos($scheck, '(')."\n";
|
||||
if (strpos($scheck, '(') !== false) {
|
||||
|
|
|
|||
|
|
@ -956,41 +956,41 @@ class SecurityTest extends PHPUnit\Framework\TestCase
|
|||
$this->assertEquals('Parent project not found', $result);
|
||||
|
||||
$s = '(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref : \'Parent project not found\'';
|
||||
$result=dol_eval($s, 1, 1, '2');
|
||||
$result = (string) dol_eval($s, 1, 1, '2');
|
||||
print "result4 = ".$result."\n";
|
||||
$this->assertEquals('Parent project not found', $result);
|
||||
|
||||
$result=dol_eval('$a=function() { }; $a;', 1, 1, '0');
|
||||
$result = (string) dol_eval('$a=function() { }; $a;', 1, 1, '0');
|
||||
print "result5 = ".$result."\n";
|
||||
$this->assertContains('Bad string syntax to evaluate', $result);
|
||||
$this->assertStringContainsString('Bad string syntax to evaluate', $result);
|
||||
|
||||
$result=dol_eval('$a=function() { }; $a;', 1, 1, '1');
|
||||
$result = (string) dol_eval('$a=function() { }; $a;', 1, 1, '1');
|
||||
print "result6 = ".$result."\n";
|
||||
$this->assertContains('Bad string syntax to evaluate', $result);
|
||||
$this->assertStringContainsString('Bad string syntax to evaluate', $result);
|
||||
|
||||
$result=dol_eval('$a=exec("ls");', 1, 1);
|
||||
$result = (string) dol_eval('$a=exec("ls");', 1, 1);
|
||||
print "result7 = ".$result."\n";
|
||||
$this->assertContains('Bad string syntax to evaluate', $result);
|
||||
$this->assertStringContainsString('Bad string syntax to evaluate', $result);
|
||||
|
||||
$result=dol_eval('$a=exec ("ls")', 1, 1);
|
||||
$result = (string) dol_eval('$a=exec ("ls")', 1, 1);
|
||||
print "result8 = ".$result."\n";
|
||||
$this->assertContains('Bad string syntax to evaluate', $result);
|
||||
$this->assertStringContainsString('Bad string syntax to evaluate', $result);
|
||||
|
||||
$result=dol_eval('$a="test"; $$a;', 1, 0);
|
||||
$result = (string) dol_eval('$a="test"; $$a;', 1, 0);
|
||||
print "result9 = ".$result."\n";
|
||||
$this->assertContains('Bad string syntax to evaluate', $result);
|
||||
$this->assertStringContainsString('Bad string syntax to evaluate', $result);
|
||||
|
||||
$result=dol_eval('`ls`', 1, 0);
|
||||
$result = (string) dol_eval('`ls`', 1, 0);
|
||||
print "result10 = ".$result."\n";
|
||||
$this->assertContains('Bad string syntax to evaluate', $result);
|
||||
$this->assertStringContainsString('Bad string syntax to evaluate', $result);
|
||||
|
||||
$result=dol_eval("('ex'.'ec')('echo abc')", 1, 0);
|
||||
$result = (string) dol_eval("('ex'.'ec')('echo abc')", 1, 0);
|
||||
print "result11 = ".$result."\n";
|
||||
$this->assertContains('Bad string syntax to evaluate', $result);
|
||||
$this->assertStringContainsString('Bad string syntax to evaluate', $result);
|
||||
|
||||
$result=dol_eval("sprintf(\"%s%s\", \"ex\", \"ec\")('echo abc')", 1, 0);
|
||||
$result = (string) dol_eval("sprintf(\"%s%s\", \"ex\", \"ec\")('echo abc')", 1, 0);
|
||||
print "result12 = ".$result."\n";
|
||||
$this->assertContains('Bad string syntax to evaluate', $result);
|
||||
$this->assertStringContainsString('Bad string syntax to evaluate', $result);
|
||||
|
||||
$result=dol_eval("90402.38+267678+0", 1, 1, 1);
|
||||
print "result13 = ".$result."\n";
|
||||
|
|
@ -1024,19 +1024,18 @@ class SecurityTest extends PHPUnit\Framework\TestCase
|
|||
print "result17 = ".$result."\n";
|
||||
$this->assertTrue($result);
|
||||
|
||||
// Case with param onlysimplestring = 1
|
||||
|
||||
$result=dol_eval('1 && getDolGlobalInt("doesnotexist1") && $conf->global->MAIN_FEATURES_LEVEL', 1, 0); // Should return false and not a 'Bad string syntax to evaluate ...'
|
||||
print "result18 = ".$result."\n";
|
||||
$this->assertFalse($result);
|
||||
|
||||
$result=dol_eval("(\$a.'aa')", 1, 0);
|
||||
$result = (string) dol_eval("(\$a.'aa')", 1, 0);
|
||||
print "result19 = ".$result."\n";
|
||||
$this->assertContains('Bad string syntax to evaluate', $result);
|
||||
$this->assertStringContainsString('Bad string syntax to evaluate', $result);
|
||||
|
||||
$result=dol_eval('$a="abs" && $a(5)', 1, 0);
|
||||
$leftmenu='abs';
|
||||
$result = (string) dol_eval('$leftmenu(-5)', 1, 0);
|
||||
print "result20 = ".$result."\n";
|
||||
$this->assertContains('Bad string syntax to evaluate', $result);
|
||||
$this->assertStringContainsString('Bad string syntax to evaluate', $result);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user