CodingPhpTest.php 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536
  1. <?php
  2. /* Copyright (C) 2013 Laurent Destailleur <eldy@users.sourceforge.net>
  3. *
  4. * This program is free software; you can redistribute it and/or modify
  5. * it under the terms of the GNU General Public License as published by
  6. * the Free Software Foundation; either version 3 of the License, or
  7. * (at your option) any later version.
  8. *
  9. * This program is distributed in the hope that it will be useful,
  10. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. * GNU General Public License for more details.
  13. *
  14. * You should have received a copy of the GNU General Public License
  15. * along with this program. If not, see <https://www.gnu.org/licenses/>.
  16. * or see https://www.gnu.org/
  17. */
  18. /**
  19. * \file test/phpunit/CodingPhpTest.php
  20. * \ingroup test
  21. * \brief PHPUnit test
  22. * \remarks To run this script as CLI: phpunit filename.php
  23. */
  24. global $conf,$user,$langs,$db;
  25. //define('TEST_DB_FORCE_TYPE','mysql'); // This is to force using mysql driver
  26. //require_once 'PHPUnit/Autoload.php';
  27. require_once dirname(__FILE__).'/../../htdocs/master.inc.php';
  28. require_once dirname(__FILE__).'/../../htdocs/core/lib/security.lib.php';
  29. require_once dirname(__FILE__).'/../../htdocs/core/lib/security2.lib.php';
  30. if (! defined('NOREQUIREUSER')) {
  31. define('NOREQUIREUSER', '1');
  32. }
  33. if (! defined('NOREQUIREDB')) {
  34. define('NOREQUIREDB', '1');
  35. }
  36. if (! defined('NOREQUIRESOC')) {
  37. define('NOREQUIRESOC', '1');
  38. }
  39. if (! defined('NOREQUIRETRAN')) {
  40. define('NOREQUIRETRAN', '1');
  41. }
  42. if (! defined('NOCSRFCHECK')) {
  43. define('NOCSRFCHECK', '1');
  44. }
  45. if (! defined('NOTOKENRENEWAL')) {
  46. define('NOTOKENRENEWAL', '1');
  47. }
  48. if (! defined('NOREQUIREMENU')) {
  49. define('NOREQUIREMENU', '1'); // If there is no menu to show
  50. }
  51. if (! defined('NOREQUIREHTML')) {
  52. define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
  53. }
  54. if (! defined('NOREQUIREAJAX')) {
  55. define('NOREQUIREAJAX', '1');
  56. }
  57. if (! defined("NOLOGIN")) {
  58. define("NOLOGIN", '1'); // If this page is public (can be called outside logged session)
  59. }
  60. if (empty($user->id)) {
  61. print "Load permissions for admin user nb 1\n";
  62. $user->fetch(1);
  63. $user->getrights();
  64. }
  65. $conf->global->MAIN_DISABLE_ALL_MAILS=1;
  66. /**
  67. * Class for PHPUnit tests
  68. *
  69. * @backupGlobals disabled
  70. * @backupStaticAttributes enabled
  71. * @remarks backupGlobals must be disabled to have db,conf,user and lang not erased.
  72. */
  73. class CodingPhpTest extends PHPUnit\Framework\TestCase
  74. {
  75. protected $savconf;
  76. protected $savuser;
  77. protected $savlangs;
  78. protected $savdb;
  79. /**
  80. * Constructor
  81. * We save global variables into local variables
  82. *
  83. * @return SecurityTest
  84. */
  85. public function __construct()
  86. {
  87. parent::__construct();
  88. //$this->sharedFixture
  89. global $conf,$user,$langs,$db;
  90. $this->savconf=$conf;
  91. $this->savuser=$user;
  92. $this->savlangs=$langs;
  93. $this->savdb=$db;
  94. print __METHOD__." db->type=".$db->type." user->id=".$user->id;
  95. //print " - db ".$db->db;
  96. print "\n";
  97. }
  98. /**
  99. * setUpBeforeClass
  100. *
  101. * @return void
  102. */
  103. public static function setUpBeforeClass()
  104. {
  105. global $conf,$user,$langs,$db;
  106. $db->begin(); // This is to have all actions inside a transaction even if test launched without suite.
  107. print __METHOD__."\n";
  108. }
  109. /**
  110. * tearDownAfterClass
  111. *
  112. * @return void
  113. */
  114. public static function tearDownAfterClass()
  115. {
  116. global $conf,$user,$langs,$db;
  117. $db->rollback();
  118. print __METHOD__."\n";
  119. }
  120. /**
  121. * Init phpunit tests
  122. *
  123. * @return void
  124. */
  125. protected function setUp()
  126. {
  127. global $conf,$user,$langs,$db;
  128. $conf=$this->savconf;
  129. $user=$this->savuser;
  130. $langs=$this->savlangs;
  131. $db=$this->savdb;
  132. print __METHOD__."\n";
  133. }
  134. /**
  135. * End phpunit tests
  136. *
  137. * @return void
  138. */
  139. protected function tearDown()
  140. {
  141. print __METHOD__."\n";
  142. }
  143. /**
  144. * testSql
  145. *
  146. * @return string
  147. */
  148. public function testPHP()
  149. {
  150. global $conf,$user,$langs,$db;
  151. $conf=$this->savconf;
  152. $user=$this->savuser;
  153. $langs=$this->savlangs;
  154. $db=$this->savdb;
  155. include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
  156. $filesarray = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, '\.php', null, 'fullname', SORT_ASC, 0, 0, '', 1);
  157. //$filesarray = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, '\.php', null, 'fullname');
  158. foreach ($filesarray as $key => $file) {
  159. if (preg_match('/\/htdocs\/includes\//', $file['fullname'])) {
  160. continue;
  161. }
  162. if (preg_match('/\/htdocs\/custom\//', $file['fullname'])) {
  163. continue;
  164. }
  165. if (preg_match('/\/htdocs\/dolimed/', $file['fullname'])) {
  166. continue;
  167. }
  168. if (preg_match('/\/htdocs\/nltechno/', $file['fullname'])) {
  169. continue;
  170. }
  171. if (preg_match('/\/htdocs\/teclib/', $file['fullname'])) {
  172. continue;
  173. }
  174. print 'Check php file '.$file['fullname']."\n";
  175. $filecontent=file_get_contents($file['fullname']);
  176. if (preg_match('/\.class\.php/', $file['relativename'])
  177. || preg_match('/boxes\/box_/', $file['relativename'])
  178. || preg_match('/modules\/.*\/doc\/(doc|pdf)_/', $file['relativename'])
  179. || preg_match('/modules\/(import|mailings|printing)\//', $file['relativename'])
  180. || in_array($file['name'], array('modules_boxes.php', 'rapport.pdf.php', 'TraceableDB.php'))) {
  181. if (! in_array($file['name'], array(
  182. 'api.class.php',
  183. 'commonobject.class.php',
  184. 'conf.class.php',
  185. 'html.form.class.php',
  186. 'html.formmail.class.php',
  187. 'translate.class.php',
  188. 'utils.class.php',
  189. 'modules_product.class.php',
  190. 'modules_societe.class.php',
  191. 'TraceableDB.php',
  192. 'multicurrency.class.php',
  193. 'productbatch.class.php',
  194. 'reception.class.php',
  195. 'infobox.class.php',
  196. 'link.class.php',
  197. ))) {
  198. // Must not find $db->
  199. $ok=true;
  200. $matches=array();
  201. // Check string $db-> inside a class.php file (it should be $this->db-> into such classes)
  202. preg_match_all('/'.preg_quote('$db->', '/').'/', $filecontent, $matches, PREG_SET_ORDER);
  203. foreach ($matches as $key => $val) {
  204. $ok=false;
  205. break;
  206. }
  207. //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
  208. $this->assertTrue($ok, 'Found string $db-> into a .class.php file in '.$file['relativename'].'. Inside a .class file, you should use $this->db-> instead.');
  209. //exit;
  210. }
  211. } else {
  212. if (! in_array($file['name'], array(
  213. 'extrafieldsinexport.inc.php',
  214. 'DolQueryCollector.php'
  215. ))) {
  216. // Must must not found $this->db->
  217. $ok=true;
  218. $matches=array();
  219. // Check string $this->db-> into a non class.php file (it shoud be $db-> into such classes)
  220. preg_match_all('/'.preg_quote('$this->db->', '/').'/', $filecontent, $matches, PREG_SET_ORDER);
  221. foreach ($matches as $key => $val) {
  222. $ok=false;
  223. break;
  224. }
  225. //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
  226. $this->assertTrue($ok, 'Found string $this->db-> in '.$file['relativename']);
  227. //exit;
  228. }
  229. }
  230. $ok=true;
  231. $matches=array();
  232. preg_match_all('/'.preg_quote('get_class($this)."::".__METHOD__', '/').'/', $filecontent, $matches, PREG_SET_ORDER);
  233. foreach ($matches as $key => $val) {
  234. $ok=false;
  235. break;
  236. }
  237. //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
  238. $this->assertTrue($ok, 'Found string get_class($this)."::".__METHOD__ that must be replaced with __METHOD__ only in '.$file['relativename']);
  239. //exit;
  240. // Check string $this->db->idate without quotes
  241. $ok=true;
  242. $matches=array();
  243. preg_match_all('/(..)\s*\.\s*\$this->db->idate\(/', $filecontent, $matches, PREG_SET_ORDER);
  244. foreach ($matches as $key => $val) {
  245. if ($val[1] != '\'"' && $val[1] != '\'\'') {
  246. $ok=false;
  247. break;
  248. }
  249. //if ($reg[0] != 'db') $ok=false;
  250. }
  251. //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
  252. $this->assertTrue($ok, 'Found a $this->db->idate to forge a sql request without quotes around this date field '.$file['relativename']);
  253. //exit;
  254. // Check sql string DELETE|OR|AND|WHERE|INSERT ... yyy = ".$xxx
  255. // with xxx that is not 'thi' (for $this->db->sanitize) and 'db-' (for $db->sanitize). It means we forget a ' if string, or an (int) if int, when forging sql request.
  256. $ok=true;
  257. $matches=array();
  258. preg_match_all('/(DELETE|OR|AND|WHERE|INSERT)\s.*([^\s][^\s][^\s])\s*=\s*(\'|")\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER);
  259. foreach ($matches as $key => $val) {
  260. if ($val[2] == 'ity' && $val[4] == 'con') { // exclude entity = ".$conf->entity
  261. continue;
  262. }
  263. if ($val[2] == 'ame' && $val[4] == 'db-' && preg_match('/WHERE name/', $val[0])) { // exclude name = ".$db->encrypt(
  264. continue;
  265. }
  266. if ($val[2] == 'ame' && $val[4] == 'thi' && preg_match('/WHERE name/', $val[0])) { // exclude name = ".$this->db->encrypt(
  267. continue;
  268. }
  269. var_dump($matches);
  270. $ok=false;
  271. break;
  272. }
  273. //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
  274. $this->assertTrue($ok, 'Found non quoted or not casted var into sql request '.$file['relativename'].' - Bad.');
  275. //exit;
  276. // Check that forged sql string is using ' instead of " as string PHP quotes
  277. $ok=true;
  278. $matches=array();
  279. preg_match_all('/\$sql \.= \'\s*VALUES.*\$/', $filecontent, $matches, PREG_SET_ORDER);
  280. foreach ($matches as $key => $val) {
  281. //if ($val[1] != '\'"' && $val[1] != '\'\'') {
  282. var_dump($matches);
  283. $ok=false;
  284. break;
  285. //}
  286. //if ($reg[0] != 'db') $ok=false;
  287. }
  288. //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
  289. $this->assertTrue($ok, 'Found a forged SQL string that mix on same line the use of \' for PHP string and PHP variables into file '.$file['relativename'].' Use " to forge PHP string like this: $sql = "SELET ".$myvar...');
  290. //exit;
  291. // Check that forged sql string is using ' instead of " as string PHP quotes
  292. $ok=true;
  293. $matches=array();
  294. preg_match_all('/\$sql \.?= \'SELECT.*\$/', $filecontent, $matches, PREG_SET_ORDER);
  295. foreach ($matches as $key => $val) {
  296. var_dump($matches);
  297. $ok=false;
  298. break;
  299. }
  300. $this->assertTrue($ok, 'Found a forged SQL string that mix on same line the use of \' for PHP string and PHP variables into file '.$file['relativename'].' Use " to forge PHP string like this: $sql = "SELET ".$myvar...');
  301. // Check sql string VALUES ... , ".$xxx
  302. // with xxx that is not 'db-' (for $db->escape). It means we forget a ' if string, or an (int) if int, when forging sql request.
  303. $ok=true;
  304. $matches=array();
  305. preg_match_all('/(VALUES).*,\s*"\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER);
  306. foreach ($matches as $key => $val) {
  307. if ($val[1] == 'VALUES' && $val[2] == 'db-') { // exclude $db->escape(
  308. continue;
  309. }
  310. if ($val[1] == 'VALUES' && $val[2] == 'thi' && preg_match('/this->db->encrypt/', $val[0])) { // exclude ".$this->db->encrypt(
  311. continue;
  312. }
  313. var_dump($matches);
  314. $ok=false;
  315. break;
  316. }
  317. //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
  318. $this->assertTrue($ok, 'Found non quoted or not casted var into sql request '.$file['relativename'].' - Bad.');
  319. //exit;
  320. // Check '".$xxx non escaped
  321. // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request.
  322. $ok=true;
  323. $matches=array();
  324. preg_match_all('/=\s*\'"\s*\.\s*\$this->(....)/', $filecontent, $matches, PREG_SET_ORDER);
  325. foreach ($matches as $key => $val) {
  326. if ($val[1] != 'db->' && $val[1] != 'esca') {
  327. $ok=false;
  328. break;
  329. }
  330. }
  331. //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
  332. $this->assertTrue($ok, 'Found non escaped string in building of a sql request (case 1) in '.$file['relativename'].' - Bad.');
  333. // Check string sql|set|WHERE|...'".$yyy->xxx with xxx that is not 'escape', 'idate', .... It means we forget a db->escape when forging sql request.
  334. $ok=true;
  335. $matches=array();
  336. preg_match_all('/(sql|SET|WHERE|INSERT|VALUES|LIKE).+\s*\'"\s*\.\s*\$(.......)/', $filecontent, $matches, PREG_SET_ORDER);
  337. foreach ($matches as $key => $val) {
  338. if (! in_array($val[2], array('this->d', 'this->e', 'db->esc', 'dbs->es', 'mydb->e', 'dbsessi', 'db->ida', 'escaped', 'exclude', 'include'))) {
  339. $ok=false; // This will generate error
  340. break;
  341. }
  342. //if ($reg[0] != 'db') $ok=false;
  343. }
  344. //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
  345. $this->assertTrue($ok, 'Found non escaped string in building of a sql request (case 2) in '.$file['relativename'].': '.$val[0].' - Bad.');
  346. //exit;
  347. // Check string sql|set...'.$yyy->xxx with xxx that is not 'escape', 'idate', .... It means we forget a db->escape when forging sql request.
  348. $ok=true;
  349. $matches=array();
  350. preg_match_all('/(\$sql|SET\s|WHERE\s|INSERT\s|VALUES\s|VALUES\().+\s*\'\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER);
  351. foreach ($matches as $key => $val) {
  352. if (! in_array($val[2], array('this->db-', 'db->prefi', 'db->sanit', 'conf->ent', 'key : \'\')', 'key])."\')', 'excludefi', 'regexstri', ''))) {
  353. $ok=false;
  354. var_dump($matches);
  355. break;
  356. }
  357. //if ($reg[0] != 'db') $ok=false;
  358. }
  359. //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
  360. $this->assertTrue($ok, 'Found non escaped string in building of a sql request (case 3) in '.$file['relativename'].': '.$val[0].' - Bad.');
  361. //exit;
  362. // Checks with IN
  363. // Check string ' IN (".xxx' or ' IN (\'.xxx' with xxx that is not '$this->db->sanitize' and not '$db->sanitize'. It means we forget a db->sanitize when forging sql request.
  364. $ok=true;
  365. $matches=array();
  366. preg_match_all('/\s+IN\s*\([\'"]\s*\.\s*(.........)/i', $filecontent, $matches, PREG_SET_ORDER);
  367. foreach ($matches as $key => $val) {
  368. //var_dump($val);
  369. if (!in_array($val[1], array('$db->sani', '$this->db', 'getEntity', 'WON\',\'L', 'self::STA', 'Commande:', 'CommandeF', 'Entrepot:', 'Facture::', 'FactureFo', 'ExpenseRe', 'Societe::', 'Ticket::S'))) {
  370. $ok=false;
  371. break;
  372. }
  373. //if ($reg[0] != 'db') $ok=false;
  374. }
  375. //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
  376. $this->assertTrue($ok, 'Found non sanitized string in building of a IN or NOT IN sql request '.$file['relativename'].' - Bad.');
  377. //exit;
  378. // Check string ' IN (\'".xxx' with xxx that is not '$this->db->sanitize' and not '$db->sanitize'. It means we forget a db->sanitize when forging sql request.
  379. $ok=true;
  380. $matches=array();
  381. preg_match_all('/\s+IN\s*\(\'"\s*\.\s*(.........)/i', $filecontent, $matches, PREG_SET_ORDER);
  382. foreach ($matches as $key => $val) {
  383. //var_dump($val);
  384. if (!in_array($val[1], array('$db->sani', '$this->db', 'getEntity', 'WON\',\'L', 'self::STA', 'Commande:', 'CommandeF', 'Entrepot:', 'Facture::', 'FactureFo', 'ExpenseRe', 'Societe::', 'Ticket::S'))) {
  385. $ok=false;
  386. break;
  387. }
  388. //if ($reg[0] != 'db') $ok=false;
  389. }
  390. //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
  391. $this->assertTrue($ok, 'Found non sanitized string in building of a IN or NOT IN sql request '.$file['relativename'].' - Bad.');
  392. //exit;
  393. // Test that output of $_SERVER\[\'QUERY_STRING\'\] is escaped.
  394. $ok=true;
  395. $matches=array();
  396. preg_match_all('/(..............)\$_SERVER\[\'QUERY_STRING\'\]/', $filecontent, $matches, PREG_SET_ORDER);
  397. foreach ($matches as $key => $val) {
  398. if ($val[1] != 'scape_htmltag(' && $val[1] != 'ing_nohtmltag(' && $val[1] != 'dol_escape_js(') {
  399. $ok=false;
  400. break;
  401. }
  402. }
  403. $this->assertTrue($ok, 'Found a $_SERVER[\'QUERY_STRING\'] without dol_escape_htmltag neither dol_string_nohtmltag around it, in file '.$file['relativename'].'. Bad.');
  404. // Check GETPOST(... 'none');
  405. $ok=true;
  406. $matches=array();
  407. preg_match_all('/GETPOST\s*\(([^\)]+),\s*["\']none["\']/i', $filecontent, $matches, PREG_SET_ORDER);
  408. foreach ($matches as $key => $val) {
  409. //var_dump($val);
  410. if (!in_array($val[1], array(
  411. "'replacestring'", "'htmlheader'", "'WEBSITE_HTML_HEADER'", "'WEBSITE_CSS_INLINE'", "'WEBSITE_JS_INLINE'", "'WEBSITE_MANIFEST_JSON'", "'PAGE_CONTENT'", "'WEBSITE_README'",
  412. "'search_status'", '"mysqldump"', '"postgresqldump"', "'db_pass_root'", "'db_pass'", '"pass"', '"pass1"', '"pass2"', '"password"', "'password'", '"MAIN_MAIL_SMTPS_PW"'))) {
  413. $ok=false;
  414. break;
  415. }
  416. //if ($reg[0] != 'db') $ok=false;
  417. }
  418. //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
  419. $this->assertTrue($ok, 'Found a GETPOST that use \'none\' as a parameter in file '.$file['relativename'].' and param is not an allowed parameter for using none - Bad.');
  420. //exit;
  421. // Test that first param of print_liste_field_titre is a translation key and not the translated value
  422. $ok=true;
  423. $matches=array();
  424. // Check string ='print_liste_field_titre\(\$langs'.
  425. preg_match_all('/print_liste_field_titre\(\$langs/', $filecontent, $matches, PREG_SET_ORDER);
  426. foreach ($matches as $key => $val) {
  427. $ok=false;
  428. break;
  429. }
  430. $this->assertTrue($ok, 'Found a use of print_liste_field_titre with first parameter that is a translated value instead of just the translation key in file '.$file['relativename'].'. Bad.');
  431. // Test we don't have <br />
  432. $ok=true;
  433. $matches=array();
  434. preg_match_all('/<br\s+\/>/', $filecontent, $matches, PREG_SET_ORDER);
  435. foreach ($matches as $key => $val) {
  436. if ($file['name'] != 'functions.lib.php') {
  437. $ok=false;
  438. break;
  439. }
  440. }
  441. $this->assertTrue($ok, 'Found a tag <br /> that is for xml in file '.$file['relativename'].'. You must use html syntax <br> instead.');
  442. // Test we don't have name="token" value="'.$_SESSION['newtoken'], we must use name="token" value="'.newToken() instead.
  443. $ok=true;
  444. $matches=array();
  445. preg_match_all('/name="token" value="\'\s*\.\s*\$_SESSION/', $filecontent, $matches, PREG_SET_ORDER);
  446. foreach ($matches as $key => $val) {
  447. if ($file['name'] != 'excludefile.php') {
  448. $ok=false;
  449. break;
  450. }
  451. }
  452. $this->assertTrue($ok, 'Found a forbidden string sequence into '.$file['relativename'].' : name="token" value="\'.$_SESSION[..., you must use a newToken() instead of $_SESSION[\'newtoken\'].');
  453. // Test we don't have @var array(
  454. $ok=true;
  455. $matches=array();
  456. preg_match_all('/preg_grep\(.*\$/', $filecontent, $matches, PREG_SET_ORDER);
  457. foreach ($matches as $key => $val) {
  458. if (strpos($val[0], 'preg_quote') === false) {
  459. $ok=false;
  460. break;
  461. }
  462. }
  463. $this->assertTrue($ok, 'Found a preg_grep with a param that is a $var but without preg_quote in file '.$file['relativename'].'.');
  464. // Test we don't have @var array(
  465. $ok=true;
  466. $matches=array();
  467. preg_match_all('/@var\s+array\(/', $filecontent, $matches, PREG_SET_ORDER);
  468. foreach ($matches as $key => $val) {
  469. $ok=false;
  470. break;
  471. }
  472. $this->assertTrue($ok, 'Found a declaration @var array() instead of @var array in file '.$file['relativename'].'.');
  473. // Test we don't have CURDATE()
  474. $ok=true;
  475. $matches=array();
  476. preg_match_all('/CURDATE\(\)/', $filecontent, $matches, PREG_SET_ORDER);
  477. foreach ($matches as $key => $val) {
  478. $ok=false;
  479. break;
  480. }
  481. $this->assertTrue($ok, 'Found a CURDATE\(\) into code. Do not use this SQL method in file '.$file['relativename'].'. You must use the PHP function dol_now() instead.');
  482. }
  483. return;
  484. }
  485. }