Merge pull request from GHSA-qv6w-68gq-wx2v

CVE-2020-15108 Add test to reproduce error Add test on calendar duplication
glpi-project · Jul 16, 2020 · a4baa64 · a4baa64
1 parent 78f7e40
commit a4baa64
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 7 deletions.
diff --git a/inc/calendar.class.php b/inc/calendar.class.php
@@ -201,7 +201,7 @@ static function processMassiveActionsForOneItemtype(MassiveAction $ma, CommonDBT
     */
    function duplicate($options = []) {
 
-      $input = $this->fields;
+      $input = Toolbox::addslashes_deep($this->fields);
       unset($input['id']);
 
       if (is_array($options) && count($options)) {

diff --git a/inc/commondbtm.class.php b/inc/commondbtm.class.php
@@ -1206,7 +1206,7 @@ function clone(array $override_input = [], bool $history = true) {
          return false;
       }
       $new_item = new static();
-      $input = $this->fields;
+      $input = Toolbox::addslashes_deep($this->fields);
       foreach ($override_input as $key => $value) {
          $input[$key] = $value;
       }

diff --git a/tests/functionnal/Calendar.php b/tests/functionnal/Calendar.php
@@ -254,5 +254,19 @@ public function testClone() {
       $this->boolean($calendar->getFromDB($id))->isTrue();
       //should have been duplicated too.
       $this->checkXmas($calendar);
+
+      //change name, and clone again
+      $this->boolean($calendar->update(['id' => $id, 'name' => "Je s\'apelle Groot"]))->isTrue();
+
+      $calendar = new \Calendar();
+      $this->boolean($calendar->getFromDB($id))->isTrue();
+
+      $this->boolean($calendar->duplicate())->isTrue();
+      $other_id = $calendar->fields['id'];
+      $this->integer($other_id)->isGreaterThan($id);
+      $this->boolean($calendar->getFromDB($other_id))->isTrue();
+      //should have been duplicated too.
+      $this->checkXmas($calendar);
+
    }
 }
diff --git a/tests/functionnal/Computer.php b/tests/functionnal/Computer.php
@@ -38,14 +38,20 @@
 
 class Computer extends DbTestCase {
 
+   protected function getUniqueString() {
+      $string = parent::getUniqueString();
+      $string .= "with a ' inside!";
+      return $string;
+   }
+
    private function getNewComputer() {
       $computer = getItemByTypeName('Computer', '_test_pc01');
       $fields   = $computer->fields;
       unset($fields['id']);
       unset($fields['date_creation']);
       unset($fields['date_mod']);
       $fields['name'] = $this->getUniqueString();
-      $this->integer((int)$computer->add($fields))->isGreaterThan(0);
+      $this->integer((int)$computer->add(\Toolbox::addslashes_deep($fields)))->isGreaterThan(0);
       return $computer;
    }
 
@@ -56,7 +62,7 @@ private function getNewPrinter() {
       unset($pfields['date_creation']);
       unset($pfields['date_mod']);
       $pfields['name'] = $this->getUniqueString();
-      $this->integer((int)$printer->add($pfields))->isGreaterThan(0);
+      $this->integer((int)$printer->add(\Toolbox::addslashes_deep($pfields)))->isGreaterThan(0);
       return $printer;
    }
 
@@ -89,7 +95,7 @@ public function testUpdate() {
              'states_id'    => $this->getUniqueInteger(),
              'locations_id' => $this->getUniqueInteger(),
       ];
-      $this->boolean($computer->update($in))->isTrue();
+      $this->boolean($computer->update(\Toolbox::addslashes_deep($in)))->isTrue();
       $this->boolean($computer->getFromDB($computer->getID()))->isTrue();
       $this->boolean($printer->getFromDB($printer->getID()))->isTrue();
       unset($in['id']);
@@ -134,7 +140,7 @@ public function testUpdate() {
              'states_id'    => $this->getUniqueInteger(),
              'locations_id' => $this->getUniqueInteger(),
       ];
-      $this->boolean($computer->update($in2))->isTrue();
+      $this->boolean($computer->update(\Toolbox::addslashes_deep($in2)))->isTrue();
       $this->boolean($computer->getFromDB($computer->getID()))->isTrue();
       $this->boolean($printer->getFromDB($printer->getID()))->isTrue();
       unset($in2['id']);
@@ -255,7 +261,7 @@ public function testCreateLinks() {
              'states_id'    => $this->getUniqueInteger(),
              'locations_id' => $this->getUniqueInteger(),
       ];
-      $this->boolean($computer->update($in))->isTrue();
+      $this->boolean($computer->update(\Toolbox::addslashes_deep($in)))->isTrue();
       $this->boolean($computer->getFromDB($computer->getID()))->isTrue();
 
       $printer = new \Printer();
@@ -431,6 +437,8 @@ public function testClone() {
       )->isGreaterThan(0);
 
       //clone!
+      $computer = new \Computer(); //$computer->fields contents is already escaped!
+      $this->boolean($computer->getFromDB($id))->isTrue();
       $added = $computer->clone();
       $this->integer((int)$added)->isGreaterThan(0);
       $this->integer($added)->isNotEqualTo($computer->fields['id']);