I solved some issues Cross-Site Scripting [April 18]
This commit is contained in:
Paula V. Quispe
@@ -3133,6 +3133,9 @@ class G
|
||||
*/
|
||||
public function evalJScript ($c)
|
||||
{
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$c = $filter->xssFilterHard($c);
|
||||
print ("<script language=\"javascript\">{$c}</script>") ;
|
||||
}
|
||||
|
||||
|
||||
19
gulliver/thirdparty/pear/PEAR/Frontend/CLI.php
vendored
19
gulliver/thirdparty/pear/PEAR/Frontend/CLI.php
vendored
@@ -72,6 +72,15 @@ class PEAR_Frontend_CLI extends PEAR
|
||||
|
||||
function _displayLine($text)
|
||||
{
|
||||
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
|
||||
$docuroot = explode( '/', $realdocuroot );
|
||||
array_pop( $docuroot );
|
||||
$pathhome = implode( '/', $docuroot ) . '/';
|
||||
array_pop( $docuroot );
|
||||
$pathTrunk = implode( '/', $docuroot ) . '/';
|
||||
require_once($pathTrunk.'gulliver/system/class.inputfilter.php');
|
||||
$filter = new InputFilter();
|
||||
$text = $filter->xssFilterHard($text);
|
||||
print "$this->lp$text\n";
|
||||
}
|
||||
|
||||
@@ -124,15 +133,25 @@ class PEAR_Frontend_CLI extends PEAR
|
||||
|
||||
function userDialog($command, $prompts, $types = array(), $defaults = array())
|
||||
{
|
||||
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
|
||||
$docuroot = explode( '/', $realdocuroot );
|
||||
array_pop( $docuroot );
|
||||
$pathhome = implode( '/', $docuroot ) . '/';
|
||||
array_pop( $docuroot );
|
||||
$pathTrunk = implode( '/', $docuroot ) . '/';
|
||||
require_once($pathTrunk.'gulliver/system/class.inputfilter.php');
|
||||
$filter = new InputFilter();
|
||||
$result = array();
|
||||
if (is_array($prompts)) {
|
||||
$fp = fopen("php://stdin", "r");
|
||||
foreach ($prompts as $key => $prompt) {
|
||||
$type = $types[$key];
|
||||
$default = @$defaults[$key];
|
||||
$default = $filter->xssFilterHard($default);
|
||||
if ($type == 'password') {
|
||||
system('stty -echo');
|
||||
}
|
||||
$prompt = $filter->xssFilterHard($prompt);
|
||||
print "$this->lp$prompt ";
|
||||
if ($default) {
|
||||
print "[$default] ";
|
||||
|
||||
@@ -82,10 +82,19 @@ function print_test_names()
|
||||
function print_endpoint_names()
|
||||
{
|
||||
global $iop;
|
||||
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
|
||||
$docuroot = explode( '/', $realdocuroot );
|
||||
array_pop( $docuroot );
|
||||
$pathhome = implode( '/', $docuroot ) . '/';
|
||||
array_pop( $docuroot );
|
||||
$pathTrunk = implode( '/', $docuroot ) . '/';
|
||||
require_once($pathTrunk.'gulliver/system/class.inputfilter.php');
|
||||
$filter = new InputFilter();
|
||||
$currTest = $filter->xssFilterHard($iop->currentTest);
|
||||
if (!$iop->getEndpoints($iop->currentTest)) {
|
||||
die("Unable to retrieve endpoints for $iop->currentTest\n");
|
||||
die("Unable to retrieve endpoints for $currTest\n");
|
||||
}
|
||||
print "Interop Servers for $iop->currentTest:\n";
|
||||
print "Interop Servers for $currTestt:\n";
|
||||
foreach ($iop->endpoints as $server) {
|
||||
print " $server->name\n";
|
||||
}
|
||||
|
||||
@@ -138,7 +138,7 @@ if (! isset( $_GET['ex'] )) {
|
||||
// DEPRECATED this JS section is marked for removal
|
||||
function setSelect()
|
||||
{
|
||||
var ex=<?php echo $_GET['ex']?>;
|
||||
var ex=<?php echo $filter->xssFilterHard($_GET['ex'])?>;
|
||||
try {
|
||||
for(i=1; i<50; i++) {
|
||||
if (i == ex) {
|
||||
|
||||
@@ -140,7 +140,7 @@ G::RenderPage( 'publish', 'blank' );
|
||||
//Deprecated Section since the interface are now movig to ExtJS
|
||||
function setSelect()
|
||||
{
|
||||
var ex=<?php echo $_GET['ex']?>;
|
||||
var ex=<?php echo $filter->xssFilterHard($_GET['ex'])?>;
|
||||
try {
|
||||
for (i=1; i<50; i++) {
|
||||
if (i == ex) {
|
||||
|
||||
@@ -84,7 +84,7 @@ if (! isset( $_GET['ex'] )) {
|
||||
//Deprecated Section since the interface are now movig to ExtJS
|
||||
function setSelect()
|
||||
{
|
||||
var ex=<?php echo $_GET['ex']?>;
|
||||
var ex=<?php echo $filter->xssFilterHard($_GET['ex'])?>;
|
||||
try{
|
||||
for (i=1; i<50; i++) {
|
||||
if (i == ex) {
|
||||
|
||||
@@ -104,7 +104,7 @@ if (! isset( $_GET['ex'] )) {
|
||||
/*------------------------------ To Revise Routines ---------------------------*/
|
||||
function setSelect()
|
||||
{
|
||||
var ex=<?php echo $_GET['ex']?>;
|
||||
var ex=<?php echo $filter->xssFilterHard($_GET['ex'])?>;
|
||||
try{
|
||||
for(i=1; i<50; i++)
|
||||
{
|
||||
|
||||
@@ -170,12 +170,12 @@ G::RenderPage( "publish", "raw" );
|
||||
<script>
|
||||
var toolbar = document.getElementById('fields_Toolbar')
|
||||
var fieldsList = document.getElementById('dynaformEditor[0]')
|
||||
var tableHeight=<?php echo $config['FieldsList']['height'] ?>;
|
||||
var tableWidth=<?php echo $config['FieldsList']['width'] ?>;
|
||||
var toolbarTop=<?php echo $config['Toolbar']['top'] ?>;
|
||||
var toolbarLeft=<?php echo $config['Toolbar']['left'] ?>;
|
||||
var fieldsListTop=<?php echo $config['FieldsList']['top'] ?>//(toolbarTop+toolbar.clientHeight+44+8 );
|
||||
var fieldsListLeft=<?php echo $config['FieldsList']['left'] ?>;
|
||||
var tableHeight=<?php echo $filter->xssFilterHard($config['FieldsList']['height']) ?>;
|
||||
var tableWidth=<?php echo $filter->xssFilterHard($config['FieldsList']['width']) ?>;
|
||||
var toolbarTop=<?php echo $filter->xssFilterHard($config['Toolbar']['top']) ?>;
|
||||
var toolbarLeft=<?php echo $filter->xssFilterHard($config['Toolbar']['left']) ?>;
|
||||
var fieldsListTop=<?php echo $filter->xssFilterHard($config['FieldsList']['top']) ?>//(toolbarTop+toolbar.clientHeight+44+8 );
|
||||
var fieldsListLeft=<?php echo $filter->xssFilterHard($config['FieldsList']['left']) ?>;
|
||||
mainPanel.elements.headerBar.style.backgroundColor='#CBDAEF';
|
||||
mainPanel.elements.headerBar.style.borderBottom='1px solid #808080';
|
||||
mainPanel.elements.headerBar.appendChild(toolbar);
|
||||
|
||||
Reference in New Issue
Block a user