composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/support/3.2' into develop

Browse Source 
# Conflicts:
#	tests/php-unit-tests/unitary-tests/core/AttributeDefinitionTest.php
This commit is contained in:
jf-cbd
2025-02-04 10:52:18 +01:00
parent 902e2259a9 bd6ccc55f8
commit 5d5849b724
2 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php
View File

@@ -1166,6 +1166,14 @@ class ObjectController extends BrickController
$aHeaders['Content-Type'] = $oDocument->GetMimeType();
$aHeaders['Content-Disposition'] = (($sOperation === 'display') ? 'inline' : 'attachment').';filename="'.$oDocument->GetFileName().'"';
if (MetaModel::GetImageAttributeCode($sObjectClass) === $sObjectField) {
$sRequestedHash = $oRequest->get('s');
$sComputedHash = md5($oDocument->GetData());
if ($sRequestedHash !== $sComputedHash) {
throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist'));
}
}
// N°4129 - Prevent XSS attacks & other script executions
if (utils::GetConfig()->Get('security.disable_inline_documents_sandbox') === false) {
$aHeaders['Content-Security-Policy'] = 'sandbox';

6
tests/php-unit-tests/unitary-tests/core/AttributeDefinitionTest.php
View File

@@ -257,7 +257,7 @@ PHP
$defaultValue = $oDateAttribute->GetDefaultValue();
self::assertNull($defaultValue, 'Invalid default value for DateTime attribute should give null default value');
self::AssertLastErrorLogEntryContains("Invalid default value 'zabugomeuh' for field 'start_date' on class 'WorkOrder', defaulting to null", "Last error log entry should contain a meaningful message");
$this->AssertLastErrorLogEntryContains("Invalid default value 'zabugomeuh' for field 'start_date' on class 'WorkOrder', defaulting to null", "Last error log entry should contain a meaningful message");
}
public function testDateEmptyDefaultReturnsNullAsDefaultValue()
@@ -274,7 +274,7 @@ PHP
$oDateAttribute = $this->GivenAttribute(\WorkOrder::class, 'start_date', AttributeDate::class, 'zabugomeuh', false);
$defaultValue = $oDateAttribute->GetDefaultValue()
self::AssertLastErrorLogEntryContains("Invalid default value 'zabugomeuh' for field 'start_date' on class 'WorkOrder', defaulting to null", "Last error log entry should contain a meaningful message");
$this->AssertLastErrorLogEntryContains("Invalid default value 'zabugomeuh' for field 'start_date' on class 'WorkOrder', defaulting to null", "Last error log entry should contain a meaningful message");
self::assertNull($defaultValue, 'Invalid default value for Date attribute should give null default value');
}
@@ -286,7 +286,7 @@ PHP
$defaultValue = $oDateAttribute->GetDefaultValue();
self::AssertLastErrorLogEntryContains("Invalid default value '\"27/01/2025\"' for field 'start_date' on class 'WorkOrder', defaulting to null", "Last error log entry should contain a meaningful message");
$this->AssertLastErrorLogEntryContains("Invalid default value '\"27/01/2025\"' for field 'start_date' on class 'WorkOrder', defaulting to null", "Last error log entry should contain a meaningful message");
self::assertNull($defaultValue, 'Invalid default value for Date attribute should give null default value');
}