Dolibarr /
dolibarr
@@ -380,11 +380,11 @@ discard block |
||
| 380 | 380 | $this->id = $res['rowid']; |
| 381 | 381 | //$this->ref = $res['rowid']; |
| 382 | 382 | $this->fk_parent = (int) $res['fk_parent']; |
| 383 | - $this->label = $res['label']; |
|
| 383 | + $this->label = $res['label']; |
|
| 384 | 384 | $this->description = $res['description']; |
| 385 | 385 | $this->color = $res['color']; |
| 386 | - $this->position = $res['position']; |
|
| 387 | - $this->socid = (int) $res['fk_soc']; |
|
| 386 | + $this->position = $res['position']; |
|
| 387 | + $this->socid = (int) $res['fk_soc']; |
|
| 388 | 388 | $this->visible = (int) $res['visible']; |
| 389 | 389 | $this->type = $res['type']; |
| 390 | 390 | $this->ref_ext = $res['ref_ext']; |
@@ -1035,10 +1035,10 @@ discard block |
||
| 1035 | 1035 | if ($category_static->fetch($obj->rowid)) { |
| 1036 | 1036 | $categories[$i]['id'] = $category_static->id; |
| 1037 | 1037 | $categories[$i]['fk_parent'] = $category_static->fk_parent; |
| 1038 | - $categories[$i]['label'] = $category_static->label; |
|
| 1038 | + $categories[$i]['label'] = $category_static->label; |
|
| 1039 | 1039 | $categories[$i]['description'] = $category_static->description; |
| 1040 | 1040 | $categories[$i]['color'] = $category_static->color; |
| 1041 | - $categories[$i]['position'] = $category_static->position; |
|
| 1041 | + $categories[$i]['position'] = $category_static->position; |
|
| 1042 | 1042 | $categories[$i]['socid'] = $category_static->socid; |
| 1043 | 1043 | $categories[$i]['ref_ext'] = $category_static->ref_ext; |
| 1044 | 1044 | $categories[$i]['visible'] = $category_static->visible; |
@@ -1720,7 +1720,7 @@ discard block |
||
| 1720 | 1720 | $result .= $link.dol_trunc(($this->ref ? $this->ref : $this->label), $maxlength).$linkend; |
| 1721 | 1721 | } |
| 1722 | 1722 | global $action; |
| 1723 | - $hookmanager->initHooks(array($this->element . 'dao')); |
|
| 1723 | + $hookmanager->initHooks(array($this->element.'dao')); |
|
| 1724 | 1724 | $parameters = array('id'=>$this->id, 'getnomurl' => &$result); |
| 1725 | 1725 | $reshook = $hookmanager->executeHooks('getNomUrl', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks |
| 1726 | 1726 | if ($reshook > 0) { |
@@ -24,42 +24,42 @@ discard block |
||
| 24 | 24 | * \remarks To run this script as CLI: phpunit filename.php |
| 25 | 25 | */ |
| 26 | 26 | |
| 27 | -global $conf,$user,$langs,$db; |
|
| 27 | +global $conf, $user, $langs, $db; |
|
| 28 | 28 | //define('TEST_DB_FORCE_TYPE','mysql'); // This is to force using mysql driver |
| 29 | 29 | //require_once 'PHPUnit/Autoload.php'; |
| 30 | 30 | require_once dirname(__FILE__).'/../../htdocs/master.inc.php'; |
| 31 | 31 | require_once dirname(__FILE__).'/../../htdocs/core/lib/security.lib.php'; |
| 32 | 32 | require_once dirname(__FILE__).'/../../htdocs/core/lib/security2.lib.php'; |
| 33 | 33 | |
| 34 | -if (! defined('NOREQUIREUSER')) { |
|
| 34 | +if (!defined('NOREQUIREUSER')) { |
|
| 35 | 35 | define('NOREQUIREUSER', '1'); |
| 36 | 36 | } |
| 37 | -if (! defined('NOREQUIREDB')) { |
|
| 37 | +if (!defined('NOREQUIREDB')) { |
|
| 38 | 38 | define('NOREQUIREDB', '1'); |
| 39 | 39 | } |
| 40 | -if (! defined('NOREQUIRESOC')) { |
|
| 40 | +if (!defined('NOREQUIRESOC')) { |
|
| 41 | 41 | define('NOREQUIRESOC', '1'); |
| 42 | 42 | } |
| 43 | -if (! defined('NOREQUIRETRAN')) { |
|
| 43 | +if (!defined('NOREQUIRETRAN')) { |
|
| 44 | 44 | define('NOREQUIRETRAN', '1'); |
| 45 | 45 | } |
| 46 | -if (! defined('NOCSRFCHECK')) { |
|
| 46 | +if (!defined('NOCSRFCHECK')) { |
|
| 47 | 47 | define('NOCSRFCHECK', '1'); |
| 48 | 48 | } |
| 49 | -if (! defined('NOTOKENRENEWAL')) { |
|
| 49 | +if (!defined('NOTOKENRENEWAL')) { |
|
| 50 | 50 | define('NOTOKENRENEWAL', '1'); |
| 51 | 51 | } |
| 52 | -if (! defined('NOREQUIREMENU')) { |
|
| 52 | +if (!defined('NOREQUIREMENU')) { |
|
| 53 | 53 | define('NOREQUIREMENU', '1'); // If there is no menu to show |
| 54 | 54 | } |
| 55 | -if (! defined('NOREQUIREHTML')) { |
|
| 55 | +if (!defined('NOREQUIREHTML')) { |
|
| 56 | 56 | define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php |
| 57 | 57 | } |
| 58 | -if (! defined('NOREQUIREAJAX')) { |
|
| 58 | +if (!defined('NOREQUIREAJAX')) { |
|
| 59 | 59 | define('NOREQUIREAJAX', '1'); |
| 60 | 60 | } |
| 61 | -if (! defined("NOLOGIN")) { |
|
| 62 | - define("NOLOGIN", '1'); // If this page is public (can be called outside logged session) |
|
| 61 | +if (!defined("NOLOGIN")) { |
|
| 62 | + define("NOLOGIN", '1'); // If this page is public (can be called outside logged session) |
|
| 63 | 63 | } |
| 64 | 64 | |
| 65 | 65 | if (empty($user->id)) { |
@@ -67,7 +67,7 @@ discard block |
||
| 67 | 67 | $user->fetch(1); |
| 68 | 68 | $user->getrights(); |
| 69 | 69 | } |
| 70 | -$conf->global->MAIN_DISABLE_ALL_MAILS=1; |
|
| 70 | +$conf->global->MAIN_DISABLE_ALL_MAILS = 1; |
|
| 71 | 71 | |
| 72 | 72 | |
| 73 | 73 | /** |
@@ -96,11 +96,11 @@ discard block |
||
| 96 | 96 | parent::__construct($name); |
| 97 | 97 | |
| 98 | 98 | //$this->sharedFixture |
| 99 | - global $conf,$user,$langs,$db; |
|
| 100 | - $this->savconf=$conf; |
|
| 101 | - $this->savuser=$user; |
|
| 102 | - $this->savlangs=$langs; |
|
| 103 | - $this->savdb=$db; |
|
| 99 | + global $conf, $user, $langs, $db; |
|
| 100 | + $this->savconf = $conf; |
|
| 101 | + $this->savuser = $user; |
|
| 102 | + $this->savlangs = $langs; |
|
| 103 | + $this->savdb = $db; |
|
| 104 | 104 | |
| 105 | 105 | print __METHOD__." db->type=".$db->type." user->id=".$user->id; |
| 106 | 106 | //print " - db ".$db->db; |
@@ -114,7 +114,7 @@ discard block |
||
| 114 | 114 | */ |
| 115 | 115 | public static function setUpBeforeClass(): void |
| 116 | 116 | { |
| 117 | - global $conf,$user,$langs,$db; |
|
| 117 | + global $conf, $user, $langs, $db; |
|
| 118 | 118 | $db->begin(); // This is to have all actions inside a transaction even if test launched without suite. |
| 119 | 119 | |
| 120 | 120 | print __METHOD__."\n"; |
@@ -127,7 +127,7 @@ discard block |
||
| 127 | 127 | */ |
| 128 | 128 | public static function tearDownAfterClass(): void |
| 129 | 129 | { |
| 130 | - global $conf,$user,$langs,$db; |
|
| 130 | + global $conf, $user, $langs, $db; |
|
| 131 | 131 | $db->rollback(); |
| 132 | 132 | |
| 133 | 133 | print __METHOD__."\n"; |
@@ -140,11 +140,11 @@ discard block |
||
| 140 | 140 | */ |
| 141 | 141 | protected function setUp(): void |
| 142 | 142 | { |
| 143 | - global $conf,$user,$langs,$db; |
|
| 144 | - $conf=$this->savconf; |
|
| 145 | - $user=$this->savuser; |
|
| 146 | - $langs=$this->savlangs; |
|
| 147 | - $db=$this->savdb; |
|
| 143 | + global $conf, $user, $langs, $db; |
|
| 144 | + $conf = $this->savconf; |
|
| 145 | + $user = $this->savuser; |
|
| 146 | + $langs = $this->savlangs; |
|
| 147 | + $db = $this->savdb; |
|
| 148 | 148 | |
| 149 | 149 | print __METHOD__."\n"; |
| 150 | 150 | } |
@@ -166,11 +166,11 @@ discard block |
||
| 166 | 166 | */ |
| 167 | 167 | public function testPHP() |
| 168 | 168 | { |
| 169 | - global $conf,$user,$langs,$db; |
|
| 170 | - $conf=$this->savconf; |
|
| 171 | - $user=$this->savuser; |
|
| 172 | - $langs=$this->savlangs; |
|
| 173 | - $db=$this->savdb; |
|
| 169 | + global $conf, $user, $langs, $db; |
|
| 170 | + $conf = $this->savconf; |
|
| 171 | + $user = $this->savuser; |
|
| 172 | + $langs = $this->savlangs; |
|
| 173 | + $db = $this->savdb; |
|
| 174 | 174 | |
| 175 | 175 | include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; |
| 176 | 176 | $filesarray = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, '\.php', null, 'fullname', SORT_ASC, 0, 1, '', 1); |
@@ -196,7 +196,7 @@ discard block |
||
| 196 | 196 | } |
| 197 | 197 | |
| 198 | 198 | //print 'Check php file '.$file['relativename']."\n"; |
| 199 | - $filecontent=file_get_contents($file['fullname']); |
|
| 199 | + $filecontent = file_get_contents($file['fullname']); |
|
| 200 | 200 | |
| 201 | 201 | if (preg_match('/\.class\.php/', $file['relativename']) |
| 202 | 202 | || preg_match('/boxes\/box_/', $file['relativename']) |
@@ -204,7 +204,7 @@ discard block |
||
| 204 | 204 | || preg_match('/modules\/(import|mailings|printing)\//', $file['relativename']) |
| 205 | 205 | || in_array($file['name'], array('modules_boxes.php', 'TraceableDB.php'))) { |
| 206 | 206 | // Check into Class files |
| 207 | - if (! in_array($file['name'], array( |
|
| 207 | + if (!in_array($file['name'], array( |
|
| 208 | 208 | 'api.class.php', |
| 209 | 209 | 'commonobject.class.php', |
| 210 | 210 | 'conf.class.php', |
@@ -215,12 +215,12 @@ discard block |
||
| 215 | 215 | 'multicurrency.class.php' |
| 216 | 216 | ))) { |
| 217 | 217 | // Must not find $db-> |
| 218 | - $ok=true; |
|
| 219 | - $matches=array(); |
|
| 218 | + $ok = true; |
|
| 219 | + $matches = array(); |
|
| 220 | 220 | // Check string $db-> inside a class.php file (it should be $this->db-> into such classes) |
| 221 | 221 | preg_match_all('/'.preg_quote('$db->', '/').'/', $filecontent, $matches, PREG_SET_ORDER); |
| 222 | 222 | foreach ($matches as $key => $val) { |
| 223 | - $ok=false; |
|
| 223 | + $ok = false; |
|
| 224 | 224 | break; |
| 225 | 225 | } |
| 226 | 226 | //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; |
@@ -228,7 +228,7 @@ discard block |
||
| 228 | 228 | //exit; |
| 229 | 229 | } |
| 230 | 230 | |
| 231 | - if (preg_match('/\.class\.php/', $file['relativename']) && ! in_array($file['relativename'], array( |
|
| 231 | + if (preg_match('/\.class\.php/', $file['relativename']) && !in_array($file['relativename'], array( |
|
| 232 | 232 | 'adherents/canvas/actions_adherentcard_common.class.php', |
| 233 | 233 | 'contact/canvas/actions_contactcard_common.class.php', |
| 234 | 234 | 'compta/facture/class/facture.class.php', |
@@ -271,7 +271,7 @@ discard block |
||
| 271 | 271 | } |
| 272 | 272 | } else { |
| 273 | 273 | // Check into Include files |
| 274 | - if (! in_array($file['name'], array( |
|
| 274 | + if (!in_array($file['name'], array( |
|
| 275 | 275 | 'objectline_view.tpl.php', |
| 276 | 276 | 'extrafieldsinexport.inc.php', |
| 277 | 277 | 'extrafieldsinimport.inc.php', |
@@ -279,12 +279,12 @@ discard block |
||
| 279 | 279 | 'DoliStorage.php' |
| 280 | 280 | ))) { |
| 281 | 281 | // Must not found $this->db-> |
| 282 | - $ok=true; |
|
| 283 | - $matches=array(); |
|
| 282 | + $ok = true; |
|
| 283 | + $matches = array(); |
|
| 284 | 284 | // Check string $this->db-> into a non class.php file (it should be $db-> into such classes) |
| 285 | 285 | preg_match_all('/'.preg_quote('$this->db->', '/').'/', $filecontent, $matches, PREG_SET_ORDER); |
| 286 | 286 | foreach ($matches as $key => $val) { |
| 287 | - $ok=false; |
|
| 287 | + $ok = false; |
|
| 288 | 288 | break; |
| 289 | 289 | } |
| 290 | 290 | //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; |
@@ -296,11 +296,11 @@ discard block |
||
| 296 | 296 | // Check we don't miss top_httphead() into any ajax pages |
| 297 | 297 | if (preg_match('/ajax\//', $file['relativename'])) { |
| 298 | 298 | print "Analyze ajax page ".$file['relativename']."\n"; |
| 299 | - $ok=true; |
|
| 300 | - $matches=array(); |
|
| 299 | + $ok = true; |
|
| 300 | + $matches = array(); |
|
| 301 | 301 | preg_match_all('/top_httphead/', $filecontent, $matches, PREG_SET_ORDER); |
| 302 | 302 | if (count($matches) == 0) { |
| 303 | - $ok=false; |
|
| 303 | + $ok = false; |
|
| 304 | 304 | } |
| 305 | 305 | //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; |
| 306 | 306 | $this->assertTrue($ok, 'Did not find top_httphead into the ajax page '.$file['relativename']); |
@@ -309,14 +309,14 @@ discard block |
||
| 309 | 309 | |
| 310 | 310 | // Check if a var_dump has been forgotten |
| 311 | 311 | if (!preg_match('/test\/phpunit/', $file['fullname'])) { |
| 312 | - if (! in_array($file['name'], array('class.nusoap_base.php'))) { |
|
| 313 | - $ok=true; |
|
| 314 | - $matches=array(); |
|
| 312 | + if (!in_array($file['name'], array('class.nusoap_base.php'))) { |
|
| 313 | + $ok = true; |
|
| 314 | + $matches = array(); |
|
| 315 | 315 | preg_match_all('/(.)\s*var_dump\(/', $filecontent, $matches, PREG_SET_ORDER); |
| 316 | 316 | //var_dump($matches); |
| 317 | 317 | foreach ($matches as $key => $val) { |
| 318 | 318 | if ($val[1] != '/' && $val[1] != '*') { |
| 319 | - $ok=false; |
|
| 319 | + $ok = false; |
|
| 320 | 320 | break; |
| 321 | 321 | } |
| 322 | 322 | break; |
@@ -328,11 +328,11 @@ discard block |
||
| 328 | 328 | } |
| 329 | 329 | |
| 330 | 330 | // Check get_class followed by __METHOD__ |
| 331 | - $ok=true; |
|
| 332 | - $matches=array(); |
|
| 331 | + $ok = true; |
|
| 332 | + $matches = array(); |
|
| 333 | 333 | preg_match_all('/'.preg_quote('get_class($this)."::".__METHOD__', '/').'/', $filecontent, $matches, PREG_SET_ORDER); |
| 334 | 334 | foreach ($matches as $key => $val) { |
| 335 | - $ok=false; |
|
| 335 | + $ok = false; |
|
| 336 | 336 | break; |
| 337 | 337 | } |
| 338 | 338 | //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; |
@@ -340,12 +340,12 @@ discard block |
||
| 340 | 340 | //exit; |
| 341 | 341 | |
| 342 | 342 | // Check string $this->db->idate without quotes |
| 343 | - $ok=true; |
|
| 344 | - $matches=array(); |
|
| 343 | + $ok = true; |
|
| 344 | + $matches = array(); |
|
| 345 | 345 | preg_match_all('/(..)\s*\.\s*\$this->db->idate\(/', $filecontent, $matches, PREG_SET_ORDER); |
| 346 | 346 | foreach ($matches as $key => $val) { |
| 347 | 347 | if ($val[1] != '\'"' && $val[1] != '\'\'') { |
| 348 | - $ok=false; |
|
| 348 | + $ok = false; |
|
| 349 | 349 | break; |
| 350 | 350 | } |
| 351 | 351 | //if ($reg[0] != 'db') $ok=false; |
@@ -357,8 +357,8 @@ discard block |
||
| 357 | 357 | |
| 358 | 358 | // Check sql string DELETE|OR|AND|WHERE|INSERT ... yyy = ".$xxx |
| 359 | 359 | // with xxx that is not 'thi' (for $this->db->sanitize) and 'db-' (for $db->sanitize). It means we forget a ' if string, or an (int) if int, when forging sql request. |
| 360 | - $ok=true; |
|
| 361 | - $matches=array(); |
|
| 360 | + $ok = true; |
|
| 361 | + $matches = array(); |
|
| 362 | 362 | preg_match_all('/(DELETE|OR|AND|WHERE|INSERT)\s.*([^\s][^\s][^\s])\s*=\s*(\'|")\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER); |
| 363 | 363 | foreach ($matches as $key => $val) { |
| 364 | 364 | if ($val[2] == 'ity' && $val[4] == 'con') { // exclude entity = ".$conf->entity |
@@ -371,7 +371,7 @@ discard block |
||
| 371 | 371 | continue; |
| 372 | 372 | } |
| 373 | 373 | var_dump($matches); |
| 374 | - $ok=false; |
|
| 374 | + $ok = false; |
|
| 375 | 375 | break; |
| 376 | 376 | } |
| 377 | 377 | //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; |
@@ -379,13 +379,13 @@ discard block |
||
| 379 | 379 | //exit; |
| 380 | 380 | |
| 381 | 381 | // Check that forged sql string is using ' instead of " as string PHP quotes |
| 382 | - $ok=true; |
|
| 383 | - $matches=array(); |
|
| 382 | + $ok = true; |
|
| 383 | + $matches = array(); |
|
| 384 | 384 | preg_match_all('/\$sql \.= \'\s*VALUES.*\$/', $filecontent, $matches, PREG_SET_ORDER); |
| 385 | 385 | foreach ($matches as $key => $val) { |
| 386 | 386 | //if ($val[1] != '\'"' && $val[1] != '\'\'') { |
| 387 | 387 | var_dump($matches); |
| 388 | - $ok=false; |
|
| 388 | + $ok = false; |
|
| 389 | 389 | break; |
| 390 | 390 | //} |
| 391 | 391 | //if ($reg[0] != 'db') $ok=false; |
@@ -395,20 +395,20 @@ discard block |
||
| 395 | 395 | //exit; |
| 396 | 396 | |
| 397 | 397 | // Check that forged sql string is using ' instead of " as string PHP quotes |
| 398 | - $ok=true; |
|
| 399 | - $matches=array(); |
|
| 398 | + $ok = true; |
|
| 399 | + $matches = array(); |
|
| 400 | 400 | preg_match_all('/\$sql \.?= \'SELECT.*\$/', $filecontent, $matches, PREG_SET_ORDER); |
| 401 | 401 | foreach ($matches as $key => $val) { |
| 402 | 402 | var_dump($matches); |
| 403 | - $ok=false; |
|
| 403 | + $ok = false; |
|
| 404 | 404 | break; |
| 405 | 405 | } |
| 406 | 406 | $this->assertTrue($ok, 'Found a forged SQL string that mix on same line the use of \' for PHP string and PHP variables into file '.$file['relativename'].' Use " to forge PHP string like this: $sql = "SELECT ".$myvar...'); |
| 407 | 407 | |
| 408 | 408 | // Check sql string VALUES ... , ".$xxx |
| 409 | 409 | // with xxx that is not 'db-' (for $db->escape). It means we forget a ' if string, or an (int) if int, when forging sql request. |
| 410 | - $ok=true; |
|
| 411 | - $matches=array(); |
|
| 410 | + $ok = true; |
|
| 411 | + $matches = array(); |
|
| 412 | 412 | preg_match_all('/(VALUES).*,\s*"\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER); |
| 413 | 413 | foreach ($matches as $key => $val) { |
| 414 | 414 | if ($val[1] == 'VALUES' && $val[2] == 'db-') { // exclude $db->escape( |
@@ -418,7 +418,7 @@ discard block |
||
| 418 | 418 | continue; |
| 419 | 419 | } |
| 420 | 420 | var_dump($matches); |
| 421 | - $ok=false; |
|
| 421 | + $ok = false; |
|
| 422 | 422 | break; |
| 423 | 423 | } |
| 424 | 424 | //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; |
@@ -428,12 +428,12 @@ discard block |
||
| 428 | 428 | // Check '".$xxx non escaped |
| 429 | 429 | |
| 430 | 430 | // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. |
| 431 | - $ok=true; |
|
| 432 | - $matches=array(); |
|
| 431 | + $ok = true; |
|
| 432 | + $matches = array(); |
|
| 433 | 433 | preg_match_all('/=\s*\'"\s*\.\s*\$this->(....)/', $filecontent, $matches, PREG_SET_ORDER); |
| 434 | 434 | foreach ($matches as $key => $val) { |
| 435 | 435 | if ($val[1] != 'db->' && $val[1] != 'esca') { |
| 436 | - $ok=false; |
|
| 436 | + $ok = false; |
|
| 437 | 437 | break; |
| 438 | 438 | } |
| 439 | 439 | } |
@@ -441,12 +441,12 @@ discard block |
||
| 441 | 441 | $this->assertTrue($ok, 'Found non escaped string in building of a sql request (case 1) in '.$file['relativename'].' - Bad.'); |
| 442 | 442 | |
| 443 | 443 | // Check string sql|set|WHERE|...'".$yyy->xxx with xxx that is not 'escape', 'idate', .... It means we forget a db->escape when forging sql request. |
| 444 | - $ok=true; |
|
| 445 | - $matches=array(); |
|
| 444 | + $ok = true; |
|
| 445 | + $matches = array(); |
|
| 446 | 446 | preg_match_all('/(sql|SET|WHERE|INSERT|VALUES|LIKE).+\s*\'"\s*\.\s*\$(.......)/', $filecontent, $matches, PREG_SET_ORDER); |
| 447 | 447 | foreach ($matches as $key => $val) { |
| 448 | - if (! in_array($val[2], array('this->d', 'this->e', 'db->esc', 'dbs->es', 'dbs->id', 'mydb->e', 'dbsessi', 'db->ida', 'escaped', 'exclude', 'include'))) { |
|
| 449 | - $ok=false; // This will generate error |
|
| 448 | + if (!in_array($val[2], array('this->d', 'this->e', 'db->esc', 'dbs->es', 'dbs->id', 'mydb->e', 'dbsessi', 'db->ida', 'escaped', 'exclude', 'include'))) { |
|
| 449 | + $ok = false; // This will generate error |
|
| 450 | 450 | break; |
| 451 | 451 | } |
| 452 | 452 | //if ($reg[0] != 'db') $ok=false; |
@@ -456,12 +456,12 @@ discard block |
||
| 456 | 456 | //exit; |
| 457 | 457 | |
| 458 | 458 | // Check string sql|set...'.$yyy->xxx with xxx that is not 'escape', 'idate', .... It means we forget a db->escape when forging sql request. |
| 459 | - $ok=true; |
|
| 460 | - $matches=array(); |
|
| 459 | + $ok = true; |
|
| 460 | + $matches = array(); |
|
| 461 | 461 | preg_match_all('/(\$sql|SET\s|WHERE\s|INSERT\s|VALUES\s|VALUES\().+\s*\'\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); |
| 462 | 462 | foreach ($matches as $key => $val) { |
| 463 | - if (! in_array($val[2], array('this->db-', 'db->prefi', 'db->sanit', 'dbs->pref', 'dbs->sani', 'conf->ent', 'key : \'\')', 'key])."\')', 'excludefi', 'regexstri', ''))) { |
|
| 464 | - $ok=false; |
|
| 463 | + if (!in_array($val[2], array('this->db-', 'db->prefi', 'db->sanit', 'dbs->pref', 'dbs->sani', 'conf->ent', 'key : \'\')', 'key])."\')', 'excludefi', 'regexstri', ''))) { |
|
| 464 | + $ok = false; |
|
| 465 | 465 | var_dump($matches); |
| 466 | 466 | break; |
| 467 | 467 | } |
@@ -474,13 +474,13 @@ discard block |
||
| 474 | 474 | // Checks with IN |
| 475 | 475 | |
| 476 | 476 | // Check string ' IN (".xxx' or ' IN (\'.xxx' with xxx that is not '$this->db->sanitize' and not '$db->sanitize'. It means we forget a db->sanitize when forging sql request. |
| 477 | - $ok=true; |
|
| 478 | - $matches=array(); |
|
| 477 | + $ok = true; |
|
| 478 | + $matches = array(); |
|
| 479 | 479 | preg_match_all('/\s+IN\s*\([\'"]\s*\.\s*(.........)/i', $filecontent, $matches, PREG_SET_ORDER); |
| 480 | 480 | foreach ($matches as $key => $val) { |
| 481 | 481 | //var_dump($val); |
| 482 | 482 | if (!in_array($val[1], array('$db->sani', '$this->db', 'getEntity', 'WON\',\'L', 'self::STA', 'Commande:', 'CommandeF', 'Entrepot:', 'Facture::', 'FactureFo', 'ExpenseRe', 'Societe::', 'Ticket::S'))) { |
| 483 | - $ok=false; |
|
| 483 | + $ok = false; |
|
| 484 | 484 | break; |
| 485 | 485 | } |
| 486 | 486 | //if ($reg[0] != 'db') $ok=false; |
@@ -490,13 +490,13 @@ discard block |
||
| 490 | 490 | //exit; |
| 491 | 491 | |
| 492 | 492 | // Check string ' IN (\'".xxx' with xxx that is not '$this->db->sanitize' and not '$db->sanitize'. It means we forget a db->sanitize when forging sql request. |
| 493 | - $ok=true; |
|
| 494 | - $matches=array(); |
|
| 493 | + $ok = true; |
|
| 494 | + $matches = array(); |
|
| 495 | 495 | preg_match_all('/\s+IN\s*\(\'"\s*\.\s*(.........)/i', $filecontent, $matches, PREG_SET_ORDER); |
| 496 | 496 | foreach ($matches as $key => $val) { |
| 497 | 497 | //var_dump($val); |
| 498 | 498 | if (!in_array($val[1], array('$db->sani', '$this->db', 'getEntity', 'WON\',\'L', 'self::STA', 'Commande:', 'CommandeF', 'Entrepot:', 'Facture::', 'FactureFo', 'ExpenseRe', 'Societe::', 'Ticket::S'))) { |
| 499 | - $ok=false; |
|
| 499 | + $ok = false; |
|
| 500 | 500 | break; |
| 501 | 501 | } |
| 502 | 502 | //if ($reg[0] != 'db') $ok=false; |
@@ -506,12 +506,12 @@ discard block |
||
| 506 | 506 | //exit; |
| 507 | 507 | |
| 508 | 508 | // Test that output of $_SERVER\[\'QUERY_STRING\'\] is escaped. |
| 509 | - $ok=true; |
|
| 510 | - $matches=array(); |
|
| 509 | + $ok = true; |
|
| 510 | + $matches = array(); |
|
| 511 | 511 | preg_match_all('/(..............)\$_SERVER\[\'QUERY_STRING\'\]/', $filecontent, $matches, PREG_SET_ORDER); |
| 512 | 512 | foreach ($matches as $key => $val) { |
| 513 | 513 | if ($val[1] != 'scape_htmltag(' && $val[1] != 'ing_nohtmltag(' && $val[1] != 'dol_escape_js(') { |
| 514 | - $ok=false; |
|
| 514 | + $ok = false; |
|
| 515 | 515 | break; |
| 516 | 516 | } |
| 517 | 517 | } |
@@ -519,8 +519,8 @@ discard block |
||
| 519 | 519 | |
| 520 | 520 | |
| 521 | 521 | // Check GETPOST(... 'none'); |
| 522 | - $ok=true; |
|
| 523 | - $matches=array(); |
|
| 522 | + $ok = true; |
|
| 523 | + $matches = array(); |
|
| 524 | 524 | preg_match_all('/GETPOST\s*\(([^\)]+),\s*["\']none["\']/i', $filecontent, $matches, PREG_SET_ORDER); |
| 525 | 525 | foreach ($matches as $key => $val) { |
| 526 | 526 | //var_dump($val); |
@@ -529,7 +529,7 @@ discard block |
||
| 529 | 529 | '"mysqldump"', '"postgresqldump"', |
| 530 | 530 | "'db_pass_root'", "'db_pass'", '"pass"', '"pass1"', '"pass2"', '"password"', "'password'", |
| 531 | 531 | '"MAIN_MAIL_SMTPS_PW"', '"MAIN_MAIL_SMTPS_PW_EMAILING"', '"MAIN_MAIL_SMTPS_PW_TICKET"'))) { |
| 532 | - $ok=false; |
|
| 532 | + $ok = false; |
|
| 533 | 533 | break; |
| 534 | 534 | } |
| 535 | 535 | //if ($reg[0] != 'db') $ok=false; |
@@ -540,24 +540,24 @@ discard block |
||
| 540 | 540 | |
| 541 | 541 | |
| 542 | 542 | // Test that first param of print_liste_field_titre is a translation key and not the translated value |
| 543 | - $ok=true; |
|
| 544 | - $matches=array(); |
|
| 543 | + $ok = true; |
|
| 544 | + $matches = array(); |
|
| 545 | 545 | // Check string ='print_liste_field_titre\(\$langs'. |
| 546 | 546 | preg_match_all('/print_liste_field_titre\(\$langs/', $filecontent, $matches, PREG_SET_ORDER); |
| 547 | 547 | foreach ($matches as $key => $val) { |
| 548 | - $ok=false; |
|
| 548 | + $ok = false; |
|
| 549 | 549 | break; |
| 550 | 550 | } |
| 551 | 551 | $this->assertTrue($ok, 'Found a use of print_liste_field_titre with first parameter that is a translated value instead of just the translation key in file '.$file['relativename'].'. Bad.'); |
| 552 | 552 | |
| 553 | 553 | |
| 554 | 554 | // Test we don't have <br /> |
| 555 | - $ok=true; |
|
| 556 | - $matches=array(); |
|
| 555 | + $ok = true; |
|
| 556 | + $matches = array(); |
|
| 557 | 557 | preg_match_all('/<br\s+\/>/', $filecontent, $matches, PREG_SET_ORDER); |
| 558 | 558 | foreach ($matches as $key => $val) { |
| 559 | 559 | if ($file['name'] != 'functions.lib.php') { |
| 560 | - $ok=false; |
|
| 560 | + $ok = false; |
|
| 561 | 561 | break; |
| 562 | 562 | } |
| 563 | 563 | } |
@@ -565,12 +565,12 @@ discard block |
||
| 565 | 565 | |
| 566 | 566 | |
| 567 | 567 | // Test we don't have name="token" value="'.$_SESSION['newtoken'], we must use name="token" value="'.newToken() instead. |
| 568 | - $ok=true; |
|
| 569 | - $matches=array(); |
|
| 568 | + $ok = true; |
|
| 569 | + $matches = array(); |
|
| 570 | 570 | preg_match_all('/name="token" value="\'\s*\.\s*\$_SESSION/', $filecontent, $matches, PREG_SET_ORDER); |
| 571 | 571 | foreach ($matches as $key => $val) { |
| 572 | 572 | if ($file['name'] != 'excludefile.php') { |
| 573 | - $ok=false; |
|
| 573 | + $ok = false; |
|
| 574 | 574 | break; |
| 575 | 575 | } |
| 576 | 576 | } |
@@ -578,12 +578,12 @@ discard block |
||
| 578 | 578 | |
| 579 | 579 | |
| 580 | 580 | // Test we don't have preg_grep with a param without preg_quote |
| 581 | - $ok=true; |
|
| 582 | - $matches=array(); |
|
| 581 | + $ok = true; |
|
| 582 | + $matches = array(); |
|
| 583 | 583 | preg_match_all('/preg_grep\(.*\$/', $filecontent, $matches, PREG_SET_ORDER); |
| 584 | 584 | foreach ($matches as $key => $val) { |
| 585 | 585 | if (strpos($val[0], 'preg_quote') === false) { |
| 586 | - $ok=false; |
|
| 586 | + $ok = false; |
|
| 587 | 587 | break; |
| 588 | 588 | } |
| 589 | 589 | } |
@@ -591,62 +591,62 @@ discard block |
||
| 591 | 591 | |
| 592 | 592 | |
| 593 | 593 | // Test we don't have "if ($resql >" |
| 594 | - $ok=true; |
|
| 595 | - $matches=array(); |
|
| 594 | + $ok = true; |
|
| 595 | + $matches = array(); |
|
| 596 | 596 | preg_match_all('/if \(\$resql >/', $filecontent, $matches, PREG_SET_ORDER); |
| 597 | 597 | foreach ($matches as $key => $val) { |
| 598 | - $ok=false; |
|
| 598 | + $ok = false; |
|
| 599 | 599 | break; |
| 600 | 600 | } |
| 601 | 601 | $this->assertTrue($ok, 'Found a if $resql with a > operator (when $resql is a boolean or resource) in file '.$file['relativename'].'. Please remove the > ... part.'); |
| 602 | 602 | |
| 603 | 603 | // Test we don't have empty($user->hasRight |
| 604 | - $ok=true; |
|
| 605 | - $matches=array(); |
|
| 604 | + $ok = true; |
|
| 605 | + $matches = array(); |
|
| 606 | 606 | preg_match_all('/empty\(\$user->hasRight/', $filecontent, $matches, PREG_SET_ORDER); |
| 607 | 607 | foreach ($matches as $key => $val) { |
| 608 | - $ok=false; |
|
| 608 | + $ok = false; |
|
| 609 | 609 | break; |
| 610 | 610 | } |
| 611 | 611 | $this->assertTrue($ok, 'Found code empty($user->hasRight in file '.$file['relativename'].'. empty() must not be used on a var not on a function.'); |
| 612 | 612 | |
| 613 | 613 | // Test we don't have empty(DolibarrApiAccess::$user->hasRight |
| 614 | - $ok=true; |
|
| 615 | - $matches=array(); |
|
| 614 | + $ok = true; |
|
| 615 | + $matches = array(); |
|
| 616 | 616 | preg_match_all('/empty\(DolibarrApiAccess::\$user->hasRight/', $filecontent, $matches, PREG_SET_ORDER); |
| 617 | 617 | foreach ($matches as $key => $val) { |
| 618 | - $ok=false; |
|
| 618 | + $ok = false; |
|
| 619 | 619 | break; |
| 620 | 620 | } |
| 621 | 621 | $this->assertTrue($ok, 'Found code empty(DolibarrApiAccess::$user->hasRight in file '.$file['relativename'].'. empty() must not be used on a var not on a function.'); |
| 622 | 622 | |
| 623 | 623 | // Test we don't have empty($user->hasRight |
| 624 | - $ok=true; |
|
| 625 | - $matches=array(); |
|
| 624 | + $ok = true; |
|
| 625 | + $matches = array(); |
|
| 626 | 626 | preg_match_all('/empty\(getDolGlobal/', $filecontent, $matches, PREG_SET_ORDER); |
| 627 | 627 | foreach ($matches as $key => $val) { |
| 628 | - $ok=false; |
|
| 628 | + $ok = false; |
|
| 629 | 629 | break; |
| 630 | 630 | } |
| 631 | 631 | $this->assertTrue($ok, 'Found code empty(getDolGlobal... in file '.$file['relativename'].'. empty() must be used on a var not on a function.'); |
| 632 | 632 | |
| 633 | 633 | // Test we don't have @var array( |
| 634 | - $ok=true; |
|
| 635 | - $matches=array(); |
|
| 634 | + $ok = true; |
|
| 635 | + $matches = array(); |
|
| 636 | 636 | preg_match_all('/@var\s+array\(/', $filecontent, $matches, PREG_SET_ORDER); |
| 637 | 637 | foreach ($matches as $key => $val) { |
| 638 | - $ok=false; |
|
| 638 | + $ok = false; |
|
| 639 | 639 | break; |
| 640 | 640 | } |
| 641 | 641 | $this->assertTrue($ok, 'Found a declaration @var array() instead of @var array in file '.$file['relativename'].'.'); |
| 642 | 642 | |
| 643 | 643 | |
| 644 | 644 | // Test we don't have CURDATE() |
| 645 | - $ok=true; |
|
| 646 | - $matches=array(); |
|
| 645 | + $ok = true; |
|
| 646 | + $matches = array(); |
|
| 647 | 647 | preg_match_all('/CURDATE\(\)/', $filecontent, $matches, PREG_SET_ORDER); |
| 648 | 648 | foreach ($matches as $key => $val) { |
| 649 | - $ok=false; |
|
| 649 | + $ok = false; |
|
| 650 | 650 | break; |
| 651 | 651 | } |
| 652 | 652 | $this->assertTrue($ok, 'Found a CURDATE\(\) into code. Do not use this SQL method in file '.$file['relativename'].'. You must use the PHP function dol_now() instead.'); |
