fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I correct High - Code Injection(7 flaws) (8 April Report)

Browse Source
This commit is contained in:
Paula V. Quispe
2015-04-08 15:50:55 -04:00
parent 4f395793cb
commit 14d32cc29e
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
workflow/public_html/sysGeneric.php
View File

@@ -373,6 +373,10 @@ $virtualURITable['/skins/(*)'] = PATH_HTML . 'skins/'; //ugly
$virtualURITable['/images/(*)'] = PATH_HTML . 'images/'; //ugly $virtualURITable['/images/(*)'] = PATH_HTML . 'images/'; //ugly
$virtualURITable['/[a-zA-Z][a-zA-Z0-9]{0,}/'] = 'errorFile'; $virtualURITable['/[a-zA-Z][a-zA-Z0-9]{0,}/'] = 'errorFile';
//Load filter class
G::LoadSystem('inputfilter');
$filter = new InputFilter();
// Verify if we need to redirect or stream the file, if G:VirtualURI returns true means we are going to redirect the page // Verify if we need to redirect or stream the file, if G:VirtualURI returns true means we are going to redirect the page
if (Bootstrap::virtualURI( $_SERVER['REQUEST_URI'], $virtualURITable, $realPath )) { if (Bootstrap::virtualURI( $_SERVER['REQUEST_URI'], $virtualURITable, $realPath )) {
// review if the file requested belongs to public_html plugin // review if the file requested belongs to public_html plugin
@@ -726,10 +730,6 @@ $bWE = false;
$isControllerCall = false; $isControllerCall = false;
$isPluginController = false; $isPluginController = false;
//Load filter class
G::LoadSystem('inputfilter');
$filter = new InputFilter();
if (substr( SYS_COLLECTION, 0, 8 ) === 'gulliver') { if (substr( SYS_COLLECTION, 0, 8 ) === 'gulliver') {
$phpFile = PATH_GULLIVER_HOME . 'methods/' . substr( SYS_COLLECTION, 8 ) . SYS_TARGET . '.php'; $phpFile = PATH_GULLIVER_HOME . 'methods/' . substr( SYS_COLLECTION, 8 ) . SYS_TARGET . '.php';
} else { } else {