fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I solved some issues Cross-Site Scripting [April 18]

Browse Source
This commit is contained in:
Paula V. Quispe
2015-04-21 09:35:39 -04:00
parent cb1f02dc82
commit 135211ed71
8 changed files with 43 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
gulliver/system/class.g.php
View File

@@ -3133,6 +3133,9 @@ class G
*/ */
public function evalJScript ($c) public function evalJScript ($c)
{ {
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$c = $filter->xssFilterHard($c);
print ("<script language=\"javascript\">{$c}</script>") ; print ("<script language=\"javascript\">{$c}</script>") ;
} }

19
gulliver/thirdparty/pear/PEAR/Frontend/CLI.php vendored
View File

@@ -72,6 +72,15 @@ class PEAR_Frontend_CLI extends PEAR
function _displayLine($text) function _displayLine($text)
{ {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.inputfilter.php');
$filter = new InputFilter();
$text = $filter->xssFilterHard($text);
print "$this->lp$text\n"; print "$this->lp$text\n";
} }
@@ -124,15 +133,25 @@ class PEAR_Frontend_CLI extends PEAR
function userDialog($command, $prompts, $types = array(), $defaults = array()) function userDialog($command, $prompts, $types = array(), $defaults = array())
{ {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.inputfilter.php');
$filter = new InputFilter();
$result = array(); $result = array();
if (is_array($prompts)) { if (is_array($prompts)) {
$fp = fopen("php://stdin", "r"); $fp = fopen("php://stdin", "r");
foreach ($prompts as $key => $prompt) { foreach ($prompts as $key => $prompt) {
$type = $types[$key]; $type = $types[$key];
$default = @$defaults[$key]; $default = @$defaults[$key];
$default = $filter->xssFilterHard($default);
if ($type == 'password') { if ($type == 'password') {
system('stty -echo'); system('stty -echo');
} }
$prompt = $filter->xssFilterHard($prompt);
print "$this->lp$prompt "; print "$this->lp$prompt ";
if ($default) { if ($default) {
print "[$default] "; print "[$default] ";

13
gulliver/thirdparty/pear/SOAP/Interop/interop_client_run.php vendored
View File

@@ -82,10 +82,19 @@ function print_test_names()
function print_endpoint_names() function print_endpoint_names()
{ {
global $iop; global $iop;
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.inputfilter.php');
$filter = new InputFilter();
$currTest = $filter->xssFilterHard($iop->currentTest);
if (!$iop->getEndpoints($iop->currentTest)) { if (!$iop->getEndpoints($iop->currentTest)) {
die("Unable to retrieve endpoints for $iop->currentTest\n"); die("Unable to retrieve endpoints for $currTest\n");
} }
print "Interop Servers for $iop->currentTest:\n"; print "Interop Servers for $currTestt:\n";
foreach ($iop->endpoints as $server) { foreach ($iop->endpoints as $server) {
print " $server->name\n"; print " $server->name\n";
} }

2
workflow/engine/methods/cases/cases_StepToRevise.php
View File

@@ -138,7 +138,7 @@ if (! isset( $_GET['ex'] )) {
// DEPRECATED this JS section is marked for removal // DEPRECATED this JS section is marked for removal
function setSelect() function setSelect()
{ {
var ex=<?php echo $_GET['ex']?>; var ex=<?php echo $filter->xssFilterHard($_GET['ex'])?>;
try { try {
for(i=1; i<50; i++) { for(i=1; i<50; i++) {
if (i == ex) { if (i == ex) {

2
workflow/engine/methods/cases/cases_StepToReviseInputs.php
View File

@@ -140,7 +140,7 @@ G::RenderPage( 'publish', 'blank' );
//Deprecated Section since the interface are now movig to ExtJS //Deprecated Section since the interface are now movig to ExtJS
function setSelect() function setSelect()
{ {
var ex=<?php echo $_GET['ex']?>; var ex=<?php echo $filter->xssFilterHard($_GET['ex'])?>;
try { try {
for (i=1; i<50; i++) { for (i=1; i<50; i++) {
if (i == ex) { if (i == ex) {

2
workflow/engine/methods/cases/cases_StepToReviseOutputs.php
View File

@@ -84,7 +84,7 @@ if (! isset( $_GET['ex'] )) {
//Deprecated Section since the interface are now movig to ExtJS //Deprecated Section since the interface are now movig to ExtJS
function setSelect() function setSelect()
{ {
var ex=<?php echo $_GET['ex']?>; var ex=<?php echo $filter->xssFilterHard($_GET['ex'])?>;
try{ try{
for (i=1; i<50; i++) { for (i=1; i<50; i++) {
if (i == ex) { if (i == ex) {

2
workflow/engine/methods/cases/cases_ToReviseOutputDocView.php
View File

@@ -104,7 +104,7 @@ if (! isset( $_GET['ex'] )) {
/*------------------------------ To Revise Routines ---------------------------*/ /*------------------------------ To Revise Routines ---------------------------*/
function setSelect() function setSelect()
{ {
var ex=<?php echo $_GET['ex']?>; var ex=<?php echo $filter->xssFilterHard($_GET['ex'])?>;
try{ try{
for(i=1; i<50; i++) for(i=1; i<50; i++)
{ {

12
workflow/engine/methods/dynaforms/dynaforms_FlatEditor.php
View File

@@ -170,12 +170,12 @@ G::RenderPage( "publish", "raw" );
<script> <script>
var toolbar = document.getElementById('fields_Toolbar') var toolbar = document.getElementById('fields_Toolbar')
var fieldsList = document.getElementById('dynaformEditor[0]') var fieldsList = document.getElementById('dynaformEditor[0]')
var tableHeight=<?php echo $config['FieldsList']['height'] ?>; var tableHeight=<?php echo $filter->xssFilterHard($config['FieldsList']['height']) ?>;
var tableWidth=<?php echo $config['FieldsList']['width'] ?>; var tableWidth=<?php echo $filter->xssFilterHard($config['FieldsList']['width']) ?>;
var toolbarTop=<?php echo $config['Toolbar']['top'] ?>; var toolbarTop=<?php echo $filter->xssFilterHard($config['Toolbar']['top']) ?>;
var toolbarLeft=<?php echo $config['Toolbar']['left'] ?>; var toolbarLeft=<?php echo $filter->xssFilterHard($config['Toolbar']['left']) ?>;
var fieldsListTop=<?php echo $config['FieldsList']['top'] ?>//(toolbarTop+toolbar.clientHeight+44+8 ); var fieldsListTop=<?php echo $filter->xssFilterHard($config['FieldsList']['top']) ?>//(toolbarTop+toolbar.clientHeight+44+8 );
var fieldsListLeft=<?php echo $config['FieldsList']['left'] ?>; var fieldsListLeft=<?php echo $filter->xssFilterHard($config['FieldsList']['left']) ?>;
mainPanel.elements.headerBar.style.backgroundColor='#CBDAEF'; mainPanel.elements.headerBar.style.backgroundColor='#CBDAEF';
mainPanel.elements.headerBar.style.borderBottom='1px solid #808080'; mainPanel.elements.headerBar.style.borderBottom='1px solid #808080';
mainPanel.elements.headerBar.appendChild(toolbar); mainPanel.elements.headerBar.appendChild(toolbar);