fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I corrected some files

Browse Source
This commit is contained in:
Paula V. Quispe
2015-03-11 12:07:16 -04:00
parent 3440e95d3f
commit 14c2edaaed
4 changed files with 36 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
gulliver/methods/genericAjax.php
View File

@@ -1,10 +1,10 @@
<?php <?php
G::LoadSystem('inputfilter'); G::LoadSystem('inputfilter');
$filter = new InputFilter(); $filter = new InputFilter();
$_GET = $filter->xssFilterHard($_GET); $_GET = $filter->xssFilterHard($_GET,"url");
$_POST = $filter->xssFilterHard($_POST); $_POST = $filter->xssFilterHard($_POST,"url");
$_REQUEST = $filter->xssFilterHard($_REQUEST); $_REQUEST = $filter->xssFilterHard($_REQUEST,"url");
$_SESSION = $filter->xssFilterHard($_SESSION); $_SESSION = $filter->xssFilterHard($_SESSION,"url");
$request = isset($_POST['request'])? $_POST['request']: null; $request = isset($_POST['request'])? $_POST['request']: null;
if( !isset($request) ){ if( !isset($request) ){

31
gulliver/system/class.inputfilter.php
View File

@@ -372,7 +372,7 @@ class InputFilter
* @param Array or String $input * @param Array or String $input
* @return Array or String $input * @return Array or String $input
*/ */
public function xssFilter($input) public function xssFilter($input, $type = "")
{ {
if(is_array($input)) { if(is_array($input)) {
if(sizeof($input)) { if(sizeof($input)) {
@@ -380,7 +380,16 @@ class InputFilter
if(is_array($val) && sizeof($val)) { if(is_array($val) && sizeof($val)) {
$input[$i] = $this->xssFilter($val); $input[$i] = $this->xssFilter($val);
} else { } else {
$input[$i] = addslashes(htmlspecialchars(filter_var($val, FILTER_SANITIZE_STRING), ENT_COMPAT, 'UTF-8')); if(!empty($val)) {
if($type != "url") {
$inputFiltered = addslashes(htmlspecialchars(filter_var($val, FILTER_SANITIZE_STRING), ENT_COMPAT, 'UTF-8'));
} else {
$inputFiltered = filter_var($val, FILTER_SANITIZE_STRING);
}
} else {
$inputFiltered = "";
}
$input[$i] = $inputFiltered;
} }
} }
} }
@@ -389,7 +398,11 @@ class InputFilter
if(!isset($input) || trim($input) === '' || $input === NULL ) { if(!isset($input) || trim($input) === '' || $input === NULL ) {
return ''; return '';
} else { } else {
return addslashes(htmlspecialchars(filter_var($input, FILTER_SANITIZE_STRING), ENT_COMPAT, 'UTF-8')); if($type != "url") {
return addslashes(htmlspecialchars(filter_var($input, FILTER_SANITIZE_STRING), ENT_COMPAT, 'UTF-8'));
} else {
return filter_var($input, FILTER_SANITIZE_STRING);
}
} }
} }
} }
@@ -401,10 +414,9 @@ class InputFilter
* @param Array or String $input * @param Array or String $input
* @return Array or String $input * @return Array or String $input
*/ */
function xssFilterHard($input) function xssFilterHard($input, $type = "")
{ {
require_once (PATH_THIRDPARTY . 'HTMLPurifier/HTMLPurifier.auto.php'); require_once (PATH_THIRDPARTY . 'HTMLPurifier/HTMLPurifier.auto.php');
//G::LoadThirdParty ('HTMLPurifier', 'HTMLPurifier.auto.php');
$config = HTMLPurifier_Config::createDefault(); $config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config); $purifier = new HTMLPurifier($config);
if(is_array($input)) { if(is_array($input)) {
@@ -415,7 +427,9 @@ class InputFilter
} else { } else {
if(!empty($val)) { if(!empty($val)) {
$inputFiltered = $purifier->purify($val); $inputFiltered = $purifier->purify($val);
$inputFiltered = addslashes(htmlspecialchars($inputFiltered, ENT_COMPAT, 'UTF-8')); if($type != "url") {
$inputFiltered = addslashes(htmlspecialchars($inputFiltered, ENT_COMPAT, 'UTF-8'));
}
} else { } else {
$inputFiltered = ""; $inputFiltered = "";
} }
@@ -429,7 +443,10 @@ class InputFilter
return ''; return '';
} else { } else {
$input = $purifier->purify($input); $input = $purifier->purify($input);
return addslashes(htmlspecialchars($input, ENT_COMPAT, 'UTF-8')); if($type != "url") {
$input = addslashes(htmlspecialchars($input, ENT_COMPAT, 'UTF-8'));
}
return $input;
} }
} }
} }

5
rbac/engine/templates/login/showDBFiles.php
View File

@@ -30,11 +30,14 @@
die; die;
} }
G::LoadSystem('inputfilter');
$filter = new InputFilter();
echo "<table class='basicTable' cellpadding='5' cellspacing='0' border='0'>"; echo "<table class='basicTable' cellpadding='5' cellspacing='0' border='0'>";
echo "<tr class='Record'><td colspan='2' class='formTitle'>Please select a valid workspace to continue</td></tr>"; echo "<tr class='Record'><td colspan='2' class='formTitle'>Please select a valid workspace to continue</td></tr>";
echo "<tr valign='top'>"; echo "<tr valign='top'>";
$curPage = getenv( "REQUEST_URI" ); $curPage = getenv( "REQUEST_URI" );
$curPage = $filter->xssFilterHard($curPage,"url");
//running the while loop //running the while loop
$first = 0; $first = 0;
while ($file = readdir($dir_handle)) while ($file = readdir($dir_handle))

5
workflow/engine/templates/login/showDBFiles.php
View File

@@ -30,11 +30,14 @@
die; die;
} }
G::LoadSystem('inputfilter');
$filter = new InputFilter();
echo "<table class='basicTable' cellpadding='5' cellspacing='0' border='0'>"; echo "<table class='basicTable' cellpadding='5' cellspacing='0' border='0'>";
echo "<tr class='Record'><td colspan='2' class='formTitle'>Please select a valid workspace to continue</td></tr>"; echo "<tr class='Record'><td colspan='2' class='formTitle'>Please select a valid workspace to continue</td></tr>";
echo "<tr valign='top'>"; echo "<tr valign='top'>";
$curPage = getenv( "REQUEST_URI" ); $curPage = getenv( "REQUEST_URI" );
$curPage = $filter->xssFilterHard($curPage,"url");
//running the while loop //running the while loop
$first = 0; $first = 0;
while ($file = readdir($dir_handle)) while ($file = readdir($dir_handle))