ODF : fix : escape specials chars in IF ELSE ENDIF $key (#31796)

* ODF : fix : escape specials chars in IF ELSE ENDIF $key

* fix missing brackets

* add delimiter to preg_quote

---------

Co-authored-by: Brice Werry <bwerry@open-dsi.fr>

htdocs/includes/odtphp/Segment.php

@@ -117,14 +117,14 @@ class Segment implements IteratorAggregate, Countable
                 // Remove the IF tag
                 $this->xml = str_replace('[!-- IF '.$key.' --]', '', $this->xml);
                 // Remove everything between the ELSE tag (if it exists) and the ENDIF tag
-                $reg = '@(\[!--\sELSE\s' . $key . '\s--\](.*))?\[!--\sENDIF\s' . $key . '\s--\]@smU'; // U modifier = all quantifiers are non-greedy
+                $reg = '@(\[!--\sELSE\s' . preg_quote($key, '@') . '\s--\](.*))?\[!--\sENDIF\s' . preg_quote($key, '@') . '\s--\]@smU'; // U modifier = all quantifiers are non-greedy
                 $this->xml = preg_replace($reg, '', $this->xml);
             }
             // Else the value is false, then two cases: no ELSE and we're done, or there is at least one place where there is an ELSE clause, then we replace it
             else
             {
                 // Find all conditional blocks for this variable: from IF to ELSE and to ENDIF
-                $reg = '@\[!--\sIF\s' . $key . '\s--\](.*)(\[!--\sELSE\s' . $key . '\s--\](.*))?\[!--\sENDIF\s' . $key . '\s--\]@smU'; // U modifier = all quantifiers are non-greedy
+                $reg = '@\[!--\sIF\s' . preg_quote($key, '@') . '\s--\](.*)(\[!--\sELSE\s' . preg_quote($key, '@') . '\s--\](.*))?\[!--\sENDIF\s' . preg_quote($key, '@') . '\s--\]@smU'; // U modifier = all quantifiers are non-greedy
                 preg_match_all($reg, $this->xml, $matches, PREG_SET_ORDER);
                 foreach($matches as $match) { // For each match, if there is an ELSE clause, we replace the whole block by the value in the ELSE clause
                     if (!empty($match[3])) $this->xml = str_replace($match[0], $match[3], $this->xml);

htdocs/includes/odtphp/odf.php

@@ -539,7 +539,8 @@ IMG;
 	private function _parse($type='content')
 	{
 	    // Search all tags fou into condition to complete $this->vars, so we will proceed all tests even if not defined
-	    $reg='@\[!--\sIF\s([{}a-zA-Z0-9\.\,_]+)\s--\]@smU';
+	    $reg='@\[!--\sIF\s([\[\]{}a-zA-Z0-9\.\,_]+)\s--\]@smU';
+		$matches = array();
 	    preg_match_all($reg, $this->contentXml, $matches, PREG_SET_ORDER);
 
 	    //var_dump($this->vars);exit;
@@ -564,7 +565,7 @@ IMG;
 				// Remove the IF tag
 				$this->contentXml = str_replace('[!-- IF '.$key.' --]', '', $this->contentXml);
 				// Remove everything between the ELSE tag (if it exists) and the ENDIF tag
-				$reg = '@(\[!--\sELSE\s' . $key . '\s--\](.*))?\[!--\sENDIF\s' . $key . '\s--\]@smU'; // U modifier = all quantifiers are non-greedy
+				$reg = '@(\[!--\sELSE\s' . preg_quote($key, '@') . '\s--\](.*))?\[!--\sENDIF\s' . preg_quote($key, '@') . '\s--\]@smU'; // U modifier = all quantifiers are non-greedy
 				$this->contentXml = preg_replace($reg, '', $this->contentXml);
 				/*if ($sav != $this->contentXml)
 				{
@@ -578,7 +579,7 @@ IMG;
 			    //dol_syslog("Var ".$key." is not defined, we remove the IF, ELSE and ENDIF ");
 			    //$sav=$this->contentXml;
 				// Find all conditional blocks for this variable: from IF to ELSE and to ENDIF
-				$reg = '@\[!--\sIF\s' . $key . '\s--\](.*)(\[!--\sELSE\s' . $key . '\s--\](.*))?\[!--\sENDIF\s' . $key . '\s--\]@smU'; // U modifier = all quantifiers are non-greedy
+				$reg = '@\[!--\sIF\s' . preg_quote($key, '@') . '\s--\](.*)(\[!--\sELSE\s' . preg_quote($key, '@') . '\s--\](.*))?\[!--\sENDIF\s' . preg_quote($key, '@') . '\s--\]@smU'; // U modifier = all quantifiers are non-greedy
 				preg_match_all($reg, $this->contentXml, $matches, PREG_SET_ORDER);
 				foreach($matches as $match) { // For each match, if there is an ELSE clause, we replace the whole block by the value in the ELSE clause
 					if (!empty($match[3])) $this->contentXml = str_replace($match[0], $match[3], $this->contentXml);