|
|
@@ -187,28 +187,28 @@ class SecurityTest extends PHPUnit\Framework\TestCase
|
|
|
print __METHOD__." result=".$result."\n";
|
|
|
$this->assertEquals($result, $_GET["param2"]);
|
|
|
|
|
|
- $result=GETPOST("param3", 'alpha'); // Must return '' as there is a forbidden char "
|
|
|
+ $result=GETPOST("param3", 'alpha'); // Must return string sanitized from char "
|
|
|
print __METHOD__." result=".$result."\n";
|
|
|
- $this->assertEquals($result, '');
|
|
|
+ $this->assertEquals($result, 'a/b#e(pr)qq-rr\cc');
|
|
|
|
|
|
- $result=GETPOST("param4", 'alpha'); // Must return '' as there is a forbidden char ../
|
|
|
+ $result=GETPOST("param4", 'alpha'); // Must return string sanitized from ../
|
|
|
print __METHOD__." result=".$result."\n";
|
|
|
- $this->assertEquals($result, '');
|
|
|
+ $this->assertEquals($result, 'dir');
|
|
|
|
|
|
// Test aZ09
|
|
|
- $result=GETPOST("param1", 'aZ09'); // Must return '' as there is a forbidden char ../
|
|
|
+ $result=GETPOST("param1", 'aZ09');
|
|
|
print __METHOD__." result=".$result."\n";
|
|
|
$this->assertEquals($result, $_GET["param1"]);
|
|
|
|
|
|
- $result=GETPOST("param2", 'aZ09'); // Must return '' as there is a forbidden char ../
|
|
|
+ $result=GETPOST("param2", 'aZ09'); // Must return '' as string contains car not in aZ09 definition
|
|
|
print __METHOD__." result=".$result."\n";
|
|
|
$this->assertEquals($result, '');
|
|
|
|
|
|
- $result=GETPOST("param3", 'aZ09'); // Must return '' as there is a forbidden char ../
|
|
|
+ $result=GETPOST("param3", 'aZ09'); // Must return '' as string contains car not in aZ09 definition
|
|
|
print __METHOD__." result=".$result."\n";
|
|
|
$this->assertEquals($result, '');
|
|
|
|
|
|
- $result=GETPOST("param4", 'aZ09'); // Must return '' as there is a forbidden char ../
|
|
|
+ $result=GETPOST("param4", 'aZ09'); // Must return '' as string contains car not in aZ09 definition
|
|
|
print __METHOD__." result=".$result."\n";
|
|
|
$this->assertEquals($result, '');
|
|
|
|
Laurent Destailleur