Accueil Explorer Aide
Connexion
iProspective
/
dolibarr
3
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

Add one more test

Laurent Destailleur il y a 3 ans
Parent
909c974bad
commit
42f252b636
1 fichiers modifiés avec 6 ajouts et 2 suppressions
Vue séparée Afficher les stats Diff
  1. 6 2
      test/phpunit/SecurityTest.php

+ 6 - 2
test/phpunit/SecurityTest.php
Voir le fichier 

@@ -359,7 +359,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
 
 		$_POST['param8b']='<img src=x onerror=alert(document.location) t=';		// this is html obfuscated by non closing tag
 
 		$_POST['param8c']='< with space after is ok';
 
 		$_POST['param8d']='<abc123 is html to clean';
 
-		$_POST['param8e']='<123abc is not html to clean';
 
+		$_POST['param8e']='<123abc is not html to clean';	// other similar case: '<2021-12-12'
 
 		$_POST['param8f']='abc<<svg <><<animate onbegin=alert(document.domain) a';
 
 		$_POST["param9"]='is_object($object) ? ($object->id < 10 ? round($object->id / 2, 2) : (2 * $user->id) * (int) substr($mysoc->zip, 1, 2)) : \'objnotdefined\'';
 
 		$_POST["param10"]='is_object($object) ? ($object->id < 10 ? round($object->id / 2, 2) : (2 * $user->id) * (int) substr($mysoc->zip, 1, 2)) : \'<abc>objnotdefined\'';
 
@@ -501,6 +501,10 @@ class SecurityTest extends PHPUnit\Framework\TestCase
 
 		print __METHOD__." result param7 = ".$result."\n";
 
 		$this->assertEquals('"c:\this is a path~1\aaan &#x;;;;" abcdef', $result);
 
 
+		$result=GETPOST("param8e", 'restricthtml');
 
+		print __METHOD__." result param8e = ".$result."\n";
 
+		$this->assertEquals('', $result);
 
+
 
 		$result=GETPOST("param12", 'restricthtml');
 
 		print __METHOD__." result=".$result."\n";
 
 		$this->assertEquals(trim($_POST["param12"]), $result, 'Test a string with DOCTYPE and restricthtml');
 
@@ -519,7 +523,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
 
 
 		$result=GETPOST("param15", 'restricthtml');		// <img onerror<=alert(document.domain)> src=>0xbeefed
 
 		print __METHOD__." result=".$result."\n";
 
-		$this->assertEquals("<img onerror=alert(document.domain) src=>0xbeefed", $result, 'Test 15a');	// The GETPOST return a harmull string
 
+		$this->assertEquals("<img onerror=alert(document.domain) src=>0xbeefed", $result, 'Test 15');	// The GETPOST return a harmull string
 
 
 		// Test with restricthtml + MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES to test disabling of bad atrributes
 
 		$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML = 1;