fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I reviewed the XSS - MEDIUM in files

Browse Source
This commit is contained in:
Paula V. Quispe
2015-03-18 13:47:30 -04:00
parent be4ce6c5d1
commit 02b3c93a98
3 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
workflow/engine/methods/roles/data_rolesList.php
View File

@@ -24,6 +24,9 @@
require_once (PATH_RBAC . "model/RolesPeer.php"); require_once (PATH_RBAC . "model/RolesPeer.php");
G::LoadClass( 'ArrayPeer' ); G::LoadClass( 'ArrayPeer' );
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_POST = $filter->xssFilterHard($_POST);
isset( $_POST['textFilter'] ) ? $filter = $_POST['textFilter'] : $filter = ''; isset( $_POST['textFilter'] ) ? $filter = $_POST['textFilter'] : $filter = '';

4
workflow/engine/methods/roles/data_rolesPermissions.php
View File

@@ -22,6 +22,10 @@
* Coral Gables, FL, 33134, USA, or email info@colosa.com. * Coral Gables, FL, 33134, USA, or email info@colosa.com.
*/ */
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_GET = $filter->xssFilterHard($_GET);
$_REQUEST = $filter->xssFilterHard($_REQUEST);
$ROL_UID = $_GET['rUID']; $ROL_UID = $_GET['rUID'];
$TYPE_DATA = $_GET["type"]; $TYPE_DATA = $_GET["type"];

6
workflow/engine/methods/services/Rest/CURLMessage.php
View File

@@ -122,7 +122,10 @@ abstract class CURLMessage
*/ */
public function displayResponse () public function displayResponse ()
{ {
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$error = curl_error( $this->ch ); $error = curl_error( $this->ch );
$error = $filter->xssFilterHard($error);
$result = array ('header' => '','body' => '','curl_error' => '','http_code' => '','last_url' => '' $result = array ('header' => '','body' => '','curl_error' => '','http_code' => '','last_url' => ''
); );
if ($error != "") { if ($error != "") {
@@ -130,12 +133,15 @@ abstract class CURLMessage
return $result; return $result;
} }
$response = $this->output; $response = $this->output;
$response = $filter->xssFilterHard($response);
$header_size = curl_getinfo( $this->ch, CURLINFO_HEADER_SIZE ); $header_size = curl_getinfo( $this->ch, CURLINFO_HEADER_SIZE );
$result['header'] = substr( $response, 0, $header_size ); $result['header'] = substr( $response, 0, $header_size );
$result['body'] = substr( $response, $header_size ); $result['body'] = substr( $response, $header_size );
$result['http_code'] = curl_getinfo( $this->ch, CURLINFO_HTTP_CODE ); $result['http_code'] = curl_getinfo( $this->ch, CURLINFO_HTTP_CODE );
$result['last_url'] = curl_getinfo( $this->ch, CURLINFO_EFFECTIVE_URL ); $result['last_url'] = curl_getinfo( $this->ch, CURLINFO_EFFECTIVE_URL );
$result = $filter->xssFilterHard($result);
$this->type = $filter->xssFilterHard($this->type);
echo $this->type . " Response: " . $response . "<BR>"; echo $this->type . " Response: " . $response . "<BR>";
foreach ($result as $index => $data) { foreach ($result as $index => $data) {
if ($data != "") { if ($data != "") {