fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I reviewed the XSS - MEDIUM in files

Browse Source
This commit is contained in:
Paula V. Quispe
2015-03-19 17:24:54 -04:00
parent 02847a5a51
commit 0ef17ab94b
6 changed files with 38 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
workflow/engine/methods/dynaforms/fieldsHandlerAjax.php
View File

@@ -25,6 +25,9 @@
* @Date Aug 26th, 2009
*/
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_POST = $filter->xssFilterHard($_POST);
$request = $_POST['request'];
switch ($request) {
@@ -32,6 +35,7 @@ switch ($request) {
if (isset( $_POST['items'] )) {
$items = $_POST['items'];
$tmpfilename = $_SESSION['Current_Dynafom']['Parameters']['FILE'];
$tmpfilename = $filter->xssFilterHard($tmpfilename);
G::LoadSystem( 'dynaformhandler' );
$o = new dynaFormHandler( PATH_DYNAFORM . "{$tmpfilename}.xml" );
@@ -53,6 +57,7 @@ switch ($request) {
break;
case 'saveHidden':
$tmpfilename = $_SESSION['Current_Dynafom']['Parameters']['FILE'];
$tmpfilename = $filter->xssFilterHard($tmpfilename);
G::LoadSystem( 'dynaformhandler' );
$o = new dynaFormHandler( PATH_DYNAFORM . "{$tmpfilename}.xml" );
$hidden_items = Array ();