fernando/luos
1
0
Fork 0
Code Releases Activity

I reviewed the XSS - MEDIUM in files

Browse Source
This commit is contained in:
Paula V. Quispe
2015-03-18 13:47:30 -04:00
parent be4ce6c5d1
commit 02b3c93a98
3 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
workflow/engine/methods/services/Rest/CURLMessage.php
View File

@@ -122,7 +122,10 @@ abstract class CURLMessage
*/
public function displayResponse ()
{
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$error = curl_error( $this->ch );
$error = $filter->xssFilterHard($error);
$result = array ('header' => '','body' => '','curl_error' => '','http_code' => '','last_url' => ''
);
if ($error != "") {
@@ -130,12 +133,15 @@ abstract class CURLMessage
return $result;
}
$response = $this->output;
$response = $filter->xssFilterHard($response);
$header_size = curl_getinfo( $this->ch, CURLINFO_HEADER_SIZE );
$result['header'] = substr( $response, 0, $header_size );
$result['body'] = substr( $response, $header_size );
$result['http_code'] = curl_getinfo( $this->ch, CURLINFO_HTTP_CODE );
$result['last_url'] = curl_getinfo( $this->ch, CURLINFO_EFFECTIVE_URL );
$result = $filter->xssFilterHard($result);
$this->type = $filter->xssFilterHard($this->type);
echo $this->type . " Response: " . $response . "<BR>";
foreach ($result as $index => $data) {
if ($data != "") {