fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I reviewed the XSS - MEDIUM in files

Browse Source
This commit is contained in:
Paula V. Quispe
2015-03-19 17:24:54 -04:00
parent 02847a5a51
commit 0ef17ab94b
6 changed files with 38 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
workflow/engine/methods/departments/departments_Ajax.php
View File

@@ -23,6 +23,11 @@
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*/
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_POST = $filter->xssFilterHard($_POST);
$_REQUEST = $filter->xssFilterHard($_REQUEST);
function LookForChildren ($parent, $level, $aDepUsers)
{
G::LoadClass( 'configuration' );

4
workflow/engine/methods/dynaforms/dynaforms_checkDependentFields.php
View File

@@ -28,6 +28,10 @@
* also the functionality of dependent fields in grids doesn't depends in this
* file so this is somewhat expendable.
*/
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_POST = $filter->xssFilterHard($_POST);
function subDependencies ($k, &$G_FORM, &$aux, $grid = '')
{
$myDependentFields = '';

5
workflow/engine/methods/dynaforms/fieldsHandlerAjax.php
View File

@@ -25,6 +25,9 @@
* @Date Aug 26th, 2009
*/
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_POST = $filter->xssFilterHard($_POST);
$request = $_POST['request'];
switch ($request) {
@@ -32,6 +35,7 @@ switch ($request) {
if (isset( $_POST['items'] )) {
$items = $_POST['items'];
$tmpfilename = $_SESSION['Current_Dynafom']['Parameters']['FILE'];
$tmpfilename = $filter->xssFilterHard($tmpfilename);
G::LoadSystem( 'dynaformhandler' );
$o = new dynaFormHandler( PATH_DYNAFORM . "{$tmpfilename}.xml" );
@@ -53,6 +57,7 @@ switch ($request) {
break;
case 'saveHidden':
$tmpfilename = $_SESSION['Current_Dynafom']['Parameters']['FILE'];
$tmpfilename = $filter->xssFilterHard($tmpfilename);
G::LoadSystem( 'dynaformhandler' );
$o = new dynaFormHandler( PATH_DYNAFORM . "{$tmpfilename}.xml" );
$hidden_items = Array ();

3
workflow/engine/methods/dynaforms/test.php
View File

@@ -51,8 +51,11 @@ for ($r = 1; $r < 10; $r ++) {
</select> <input type="submit" value="Send" />
</form>
<?php
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$test = $_POST['form']['test'];
if ($test) {
$test = $filter->xssFilterHard($test);
foreach ($test as $t) {
echo 'You selected ', $t, '<br />';
}