I solved all observation by Code Injection-Hight

2015-03-12 14:51:09 -04:00
parent 8d379a2a58
commit 056784289a
4 changed files with 25 additions and 8 deletions
--- a/workflow/engine/classes/model/AddonsManager.php
+++ b/workflow/engine/classes/model/AddonsManager.php
@@ -132,7 +132,11 @@ class AddonsManager extends BaseAddonsManager

        $oPluginRegistry = &PMPluginRegistry::getSingleton();

-        require_once (PATH_PLUGINS . $this->getAddonName() . ".php");
+        G::LoadSystem('inputfilter');
+        $filter = new InputFilter();
+        $requiredPath = PATH_PLUGINS . $this->getAddonName() . ".php";
+        $requiredPath = $filter->validateInput($requiredPath, 'path');
+        require_once ($requiredPath);

        if ($enable) {
            //$oDetails = $oPluginRegistry->getPluginDetails($this->getAddonName());