Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix #hunterf1d1ce3e-ca92-4c7b-b1b8-934e28eaa486
Conflicts:
	test/phpunit/CodingPhpTest.php
  • Loading branch information
eldy committed Jan 13, 2022
1 parent 620a88b commit b9b45fb
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 5 deletions.
2 changes: 1 addition & 1 deletion htdocs/compta/sociales/list.php
Expand Up @@ -206,7 +206,7 @@
}
}
if (!empty($search_users)) {
$sql .= ' AND cs.fk_user IN('.implode(', ', $search_users).')';
$sql .= ' AND cs.fk_user IN ('.$db->sanitize(implode(', ', $search_users)).')';
}
if (!empty($search_type) && $search_type > 0) {
$sql .= ' AND cs.fk_mode_reglement='.$search_type;
Expand Down
16 changes: 12 additions & 4 deletions test/phpunit/CodingPhpTest.php
Expand Up @@ -328,9 +328,14 @@ public function testPHP()
$this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['relativename'].': '.$val[0].' - Bad.');
//exit;

// Check string 'IN (".xxx' or 'IN (\'.xxx' with xxx that is not '$this->db->sanitize' and not '$db->sanitize'. It means we forget a db->sanitize when forging sql request.
preg_match_all('/ IN \([\'"]\s*\.\s*(.........)/i', $filecontent, $matches, PREG_SET_ORDER);
// Checks with IN

// Check string ' IN (".xxx' or ' IN (\'.xxx' with xxx that is not '$this->db->sanitize' and not '$db->sanitize'. It means we forget a db->sanitize when forging sql request.
$ok=true;
$matches=array();
preg_match_all('/\s+IN\s*\([\'"]\s*\.\s*(.........)/i', $filecontent, $matches, PREG_SET_ORDER);
foreach ($matches as $key => $val) {
//var_dump($val);
if (!in_array($val[1], array('$db->sani', '$this->db', 'getEntity', 'WON\',\'L', 'self::STA', 'Commande:', 'CommandeF', 'Entrepot:', 'Facture::', 'FactureFo', 'ExpenseRe', 'Societe::', 'Ticket::S'))) {
$ok=false;
break;
Expand All @@ -341,9 +346,12 @@ public function testPHP()
$this->assertTrue($ok, 'Found non sanitized string in building of a IN or NOT IN sql request '.$file['relativename'].' - Bad.');
//exit;

// Check string 'IN (\'".xxx' with xxx that is not '$this->db->sanitize' and not '$db->sanitize'. It means we forget a db->sanitize when forging sql request.
preg_match_all('/ IN \(\'"\s*\.\s*(.........)/i', $filecontent, $matches, PREG_SET_ORDER);
// Check string ' IN (\'".xxx' with xxx that is not '$this->db->sanitize' and not '$db->sanitize'. It means we forget a db->sanitize when forging sql request.
$ok=true;
$matches=array();
preg_match_all('/\s+IN\s*\(\'"\s*\.\s*(.........)/i', $filecontent, $matches, PREG_SET_ORDER);
foreach ($matches as $key => $val) {
//var_dump($val);
if (!in_array($val[1], array('$db->sani', '$this->db', 'getEntity', 'WON\',\'L', 'self::STA', 'Commande:', 'CommandeF', 'Entrepot:', 'Facture::', 'FactureFo', 'ExpenseRe', 'Societe::', 'Ticket::S'))) {
$ok=false;
break;
Expand Down

0 comments on commit b9b45fb

Please sign in to comment.