Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix regression in dol_eval

Browse Source
This commit is contained in:
Laurent Destailleur 2022-05-09 21:56:21 +02:00
parent b3bfe22f58
commit ef18456724
2 changed files with 38 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/core/lib/functions.lib.php
View File

@ -8200,7 +8200,7 @@ function verifCond($strToEvaluate)
* @param string $s String to evaluate
* @param int $returnvalue 0=No return (used to execute eval($a=something)). 1=Value of eval is returned (used to eval($something)).
* @param int $hideerrors 1=Hide errors
* @param string $onlysimplestring 0=Accept all chars, 1=Accept only simple string with char 'a-z0-9\s$_->&|=';, 2=Accept also '!?():"\';,/'
* @param string $onlysimplestring 0=Accept all chars, 1=Accept only simple string with char 'a-z0-9\s^$_+-.*\/>&|=!?():"\',/';, 2=Accept also ';[]'
* @return mixed Nothing or return result of eval
*/
function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1')
@ -8218,7 +8218,7 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1'
// Test dangerous char (used for RCE), we allow only PHP variable testing.
if ($onlysimplestring == '1') {
//print preg_quote('$_->&|', '/');
if (preg_match('/[^a-z0-9\s'.preg_quote('$_+-*/>&|=!?():"', '/').']/i', $s)) {
if (preg_match('/[^a-z0-9\s'.preg_quote('^$_+-.*/>&|=!?():"\',/', '/').']/i', $s)) {
if ($returnvalue) {
return 'Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s;
} else {
@ -8228,7 +8228,7 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1'
}
} elseif ($onlysimplestring == '2') {
//print preg_quote('$_->&|', '/');
if (preg_match('/[^a-z0-9\s'.preg_quote('^$_+-*/>&|=!?():"\';,/', '/').']/i', $s)) {
if (preg_match('/[^a-z0-9\s'.preg_quote('^$_+-.*/>&|=!?():"\',/;[]', '/').']/i', $s)) {
if ($returnvalue) {
return 'Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s;
} else {
@ -8245,7 +8245,7 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1'
return '';
}
}
if (strpos($s, '.') !== false) {
if (preg_match('/[^0-9]+\.[^0-9]+/', $s)) { // We refuse . if not between 2 numbers
if ($returnvalue) {
return 'Bad string syntax to evaluate (dot char is forbidden): '.$s;
} else {

62
test/phpunit/SecurityTest.php
View File

@ -584,34 +584,6 @@ class SecurityTest extends PHPUnit\Framework\TestCase
return $result;
}
/**
* testCheckLoginPassEntity
*
* @return void
*/
public function testCheckLoginPassEntity()
{
$login=checkLoginPassEntity('loginbidon', 'passwordbidon', 1, array('dolibarr'));
print __METHOD__." login=".$login."\n";
$this->assertEquals($login, '');
$login=checkLoginPassEntity('admin', 'passwordbidon', 1, array('dolibarr'));
print __METHOD__." login=".$login."\n";
$this->assertEquals($login, '');
$login=checkLoginPassEntity('admin', 'admin', 1, array('dolibarr')); // Should works because admin/admin exists
print __METHOD__." login=".$login."\n";
$this->assertEquals($login, 'admin', 'The test to check if pass of user "admin" is "admin" has failed');
$login=checkLoginPassEntity('admin', 'admin', 1, array('http','dolibarr')); // Should work because of second authentication method
print __METHOD__." login=".$login."\n";
$this->assertEquals($login, 'admin');
$login=checkLoginPassEntity('admin', 'admin', 1, array('forceuser'));
print __METHOD__." login=".$login."\n";
$this->assertEquals($login, ''); // Expected '' because should failed because login 'auto' does not exists
}
/**
* testEncodeDecode
*
@ -919,6 +891,11 @@ class SecurityTest extends PHPUnit\Framework\TestCase
print "result = ".$result."\n";
$this->assertContains('Bad string syntax to evaluate', $result);
$result=dol_eval("90402.38+267678+0", 1, 1, 1);
print "result = ".$result."\n";
$this->assertEquals('358080.38', $result);
global $leftmenu;
$leftmenu = 'admintools';
$result=dol_eval('$conf->currency && preg_match(\'/^(admintools|all)/\',$leftmenu)', 1, 0, '2');
@ -936,4 +913,33 @@ class SecurityTest extends PHPUnit\Framework\TestCase
print "result = ".$result."\n";
$this->assertContains('Bad string syntax to evaluate', $result);
}
/**
* testCheckLoginPassEntity
*
* @return void
*/
public function testCheckLoginPassEntity()
{
$login=checkLoginPassEntity('loginbidon', 'passwordbidon', 1, array('dolibarr'));
print __METHOD__." login=".$login."\n";
$this->assertEquals($login, '');
$login=checkLoginPassEntity('admin', 'passwordbidon', 1, array('dolibarr'));
print __METHOD__." login=".$login."\n";
$this->assertEquals($login, '');
$login=checkLoginPassEntity('admin', 'admin', 1, array('dolibarr')); // Should works because admin/admin exists
print __METHOD__." login=".$login."\n";
$this->assertEquals($login, 'admin', 'The test to check if pass of user "admin" is "admin" has failed');
$login=checkLoginPassEntity('admin', 'admin', 1, array('http','dolibarr')); // Should work because of second authentication method
print __METHOD__." login=".$login."\n";
$this->assertEquals($login, 'admin');
$login=checkLoginPassEntity('admin', 'admin', 1, array('forceuser'));
print __METHOD__." login=".$login."\n";
$this->assertEquals($login, ''); // Expected '' because should failed because login 'auto' does not exists
}
}