Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Qual: Add check on addExtraField type argument (#28738)

Browse Source 
* Qual: Add check on addExtraField type argument

# Qual: Add check on addExtraField type argument

Added a check on the type argument for addExtraField

* Qual: Update phan ignore with more specific name
This commit is contained in:
MDW 2024-03-10 01:46:10 +01:00 committed by GitHub
parent 895aa5ee85
commit c95bab2818
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 34 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
dev/tools/phan/config.php
View File

@ -183,9 +183,40 @@ $VALID_MODULE_MAPPING = array(
'zapier' => 'Zapier',
);
// From ExtraFields class
$EXTRAFIELDS_TYPE2LABEL = array(
'varchar' => 'String1Line',
'text' => 'TextLongNLines',
'html' => 'HtmlText',
'int' => 'Int',
'double' => 'Float',
'date' => 'Date',
'datetime' => 'DateAndTime',
//'datetimegmt'=>'DateAndTimeUTC',
'boolean' => 'Boolean', // Remove as test
'price' => 'ExtrafieldPrice',
'pricecy' => 'ExtrafieldPriceWithCurrency',
'phone' => 'ExtrafieldPhone',
'mail' => 'ExtrafieldMail',
'url' => 'ExtrafieldUrl',
'ip' => 'ExtrafieldIP',
'icon' => 'Icon',
'password' => 'ExtrafieldPassword',
'select' => 'ExtrafieldSelect',
'sellist' => 'ExtrafieldSelectList',
'radio' => 'ExtrafieldRadio',
'checkbox' => 'ExtrafieldCheckBox',
'chkbxlst' => 'ExtrafieldCheckBoxFromList',
'link' => 'ExtrafieldLink',
'separate' => 'ExtrafieldSeparator',
);
$moduleNameRegex = '/^(?:'.implode('|', array_merge(array_keys($DEPRECATED_MODULE_MAPPING), array_keys($VALID_MODULE_MAPPING), array('\$modulename'))).')$/';
$deprecatedModuleNameRegex = '/^(?!(?:'.implode('|', array_keys($DEPRECATED_MODULE_MAPPING)).')$).*/';
$extraFieldTypeRegex = '/^(?:'.implode('|', array_keys($EXTRAFIELDS_TYPE2LABEL)).')$/';
/**
* This configuration will be read and overlaid on top of the
* default configuration. Command line arguments will be applied
@ -270,7 +301,8 @@ return [
'/^isModEnabled$/' => [0, $moduleNameRegex, 'UnknownModuleName'],
// Note: trick to have different key for same regex:
'/^isModEnable[d]$/' => [0, $deprecatedModuleNameRegex, "DeprecatedModuleName"],
'/^sanitizeVal$/' => [1, $sanitizeRegex],
'/^sanitizeVal$/' => [1, $sanitizeRegex,"UnknownSanitizeType"],
'/^\\\\ExtraFields::addExtraField$/' => [2, $extraFieldTypeRegex,"UnknownExtrafieldTypeBack"],
],
'plugins' => [
__DIR__.'/plugins/NoVarDumpPlugin.php',

2
htdocs/core/lib/functions.lib.php
View File

@ -951,7 +951,7 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null
$out = preg_replace('/([<>])([-+]?\d)/', '\1 \2', $out);
}
// @phan-suppress-next-line ParamMatchRegexError
// @phan-suppress-next-line UnknownSanitizeType
$out = sanitizeVal($out, $check, $filter, $options);
}