From b103495071109b8cd687a410c1dc54bb1d19e9d3 Mon Sep 17 00:00:00 2001
From: MichaelDaum <daum@michaeldaumconsulting.com>
Date: Mon, 22 May 2023 12:23:47 +0200
Subject: [PATCH] Item15192: updated fix to $EVAL()

---
 .../lib/Foswiki/Plugins/SpreadSheetPlugin/Calc.pm           | 2 +-
 .../test/unit/SpreadSheetPlugin/SpreadSheetPluginTests.pm   | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/SpreadSheetPlugin/lib/Foswiki/Plugins/SpreadSheetPlugin/Calc.pm b/SpreadSheetPlugin/lib/Foswiki/Plugins/SpreadSheetPlugin/Calc.pm
index d86256838..18b52800e 100644
--- a/SpreadSheetPlugin/lib/Foswiki/Plugins/SpreadSheetPlugin/Calc.pm
+++ b/SpreadSheetPlugin/lib/Foswiki/Plugins/SpreadSheetPlugin/Calc.pm
@@ -1741,7 +1741,7 @@ sub _safeEvalPerl {
     # disable glob for security reasons
     $theText =~ s/^([\(\s]*)\<+/$1/g;
     $theText =~ s/\>+([\s\)]*)$/$1/g;
-    $theText =~ s/\<\s*\>/ /g;
+    $theText =~ s/\<[\.\*\/\?\s]*\>/ /g;
 
     return "" unless defined($theText);
 
diff --git a/SpreadSheetPlugin/test/unit/SpreadSheetPlugin/SpreadSheetPluginTests.pm b/SpreadSheetPlugin/test/unit/SpreadSheetPlugin/SpreadSheetPluginTests.pm
index 32333a262..af73306e6 100755
--- a/SpreadSheetPlugin/test/unit/SpreadSheetPlugin/SpreadSheetPluginTests.pm
+++ b/SpreadSheetPlugin/test/unit/SpreadSheetPlugin/SpreadSheetPluginTests.pm
@@ -444,6 +444,12 @@ sub test_EVAL_GLOB {
     $this->assert( $this->CALC('$EVAL(<>)') == 0 );
     $this->assert( $this->CALC('$EVAL(2+<>+2)') == 4 );
     $this->assert( $this->CALC('$EVAL(2+<   >+2)') == 4 );
+    $this->assert( $this->CALC('$EVAL(%+.<*>.2)') =~ /^ERROR:/ );
+    $this->assert( $this->CALC('$EVAL(2+<e>+2)') == 4 );
+    $this->assert( $this->CALC('$EVAL(2+<x>+2)') == 4 );
+    $this->assert( $this->CALC('$EVAL(%-.<*>.2)')    =~ /^ERROR:/ );
+    $this->assert( $this->CALC('$EVAL(%+.<../*>.2)') =~ /^ERROR:/ );
+    $this->assert( $this->CALC('$EVAL(3-<../*>-3)') == 6 );
 }
 
 sub test_EVEN {