fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xss 2

Browse Source
This commit is contained in:
marcelo.cuiza
2015-03-17 17:09:30 -04:00
parent db29297e35
commit 177a85512e
7 changed files with 56 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
workflow/engine/classes/class.processMap.php
View File

@@ -2356,7 +2356,11 @@ class processMap
$G_PUBLISH->AddContent('propeltable', 'paged-table', '/cases/cases_Scheduler_List', $oCriteria, array('CONFIRM' => G::LoadTranslation('ID_MSG_CONFIRM_DELETE_CASE_SCHEDULER')));
G::RenderPage('publish');
//return true; */
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$schedulerPath = SYS_URI . "cases/cases_Scheduler_List";
$schedulerPath = $filter->xssFilterHard($schedulerPath);
$sProcessUID = $filter->xssFilterHard($sProcessUID);
$html = "<iframe WIDTH=820 HEIGHT=530 FRAMEBORDER=0 src='" . $schedulerPath . '?PRO_UID=' . $sProcessUID . "'></iframe>";
echo $html;
} catch (Exception $oError) {

19
workflow/engine/classes/class.propelTable.php
View File

@@ -559,7 +559,13 @@ class propelTable
* @return string
*/
public function renderTable ($block = '', $fields = '')
{
{
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$fields = $filter->xssFilterHard($fields);
$this->orderBy = $filter->xssFilterHard($this->orderBy);
$this->currentPage = $filter->xssFilterHard($this->currentPage);
//Render Title
$thereisnotitle = true;
foreach ($this->fields as $r => $rval) {
@@ -603,6 +609,11 @@ class propelTable
$this->tpl->assign( 'pagedTable_Name', $this->name );
$this->tpl->assign( 'pagedTable_Height', $this->xmlForm->height );
$this->tpl->assign( "title", $this->title );
$this->xmlForm->home = $filter->xssFilterHard($this->xmlForm->home);
$this->filterForm = $filter->xssFilterHard($this->filterForm);
$this->menu = $filter->xssFilterHard($this->menu);
if (file_exists( $this->xmlForm->home . $this->filterForm . '.xml' )) {
$filterForm = new filterForm( $this->filterForm, $this->xmlForm->home );
if ($this->menu === '') {
@@ -839,6 +850,12 @@ class propelTable
}
$this->tpl->assign( "pagesEnum", $pagesEnum );
}
$this->name = $filter->xssFilterHard($this->name);
$this->orderBy = $filter->xssFilterHard($this->orderBy);
$this->currentPage = $filter->xssFilterHard($this->currentPage);
$this->id = $filter->xssFilterHard($this->id);
?>
<script language='JavaScript'>