xss 2
This commit is contained in:
marcelo.cuiza
@@ -2356,7 +2356,11 @@ class processMap
|
||||
$G_PUBLISH->AddContent('propeltable', 'paged-table', '/cases/cases_Scheduler_List', $oCriteria, array('CONFIRM' => G::LoadTranslation('ID_MSG_CONFIRM_DELETE_CASE_SCHEDULER')));
|
||||
G::RenderPage('publish');
|
||||
//return true; */
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$schedulerPath = SYS_URI . "cases/cases_Scheduler_List";
|
||||
$schedulerPath = $filter->xssFilterHard($schedulerPath);
|
||||
$sProcessUID = $filter->xssFilterHard($sProcessUID);
|
||||
$html = "<iframe WIDTH=820 HEIGHT=530 FRAMEBORDER=0 src='" . $schedulerPath . '?PRO_UID=' . $sProcessUID . "'></iframe>";
|
||||
echo $html;
|
||||
} catch (Exception $oError) {
|
||||
|
||||
@@ -560,6 +560,12 @@ class propelTable
|
||||
*/
|
||||
public function renderTable ($block = '', $fields = '')
|
||||
{
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$fields = $filter->xssFilterHard($fields);
|
||||
$this->orderBy = $filter->xssFilterHard($this->orderBy);
|
||||
$this->currentPage = $filter->xssFilterHard($this->currentPage);
|
||||
|
||||
//Render Title
|
||||
$thereisnotitle = true;
|
||||
foreach ($this->fields as $r => $rval) {
|
||||
@@ -603,6 +609,11 @@ class propelTable
|
||||
$this->tpl->assign( 'pagedTable_Name', $this->name );
|
||||
$this->tpl->assign( 'pagedTable_Height', $this->xmlForm->height );
|
||||
$this->tpl->assign( "title", $this->title );
|
||||
|
||||
$this->xmlForm->home = $filter->xssFilterHard($this->xmlForm->home);
|
||||
$this->filterForm = $filter->xssFilterHard($this->filterForm);
|
||||
$this->menu = $filter->xssFilterHard($this->menu);
|
||||
|
||||
if (file_exists( $this->xmlForm->home . $this->filterForm . '.xml' )) {
|
||||
$filterForm = new filterForm( $this->filterForm, $this->xmlForm->home );
|
||||
if ($this->menu === '') {
|
||||
@@ -839,6 +850,12 @@ class propelTable
|
||||
}
|
||||
$this->tpl->assign( "pagesEnum", $pagesEnum );
|
||||
}
|
||||
|
||||
$this->name = $filter->xssFilterHard($this->name);
|
||||
$this->orderBy = $filter->xssFilterHard($this->orderBy);
|
||||
$this->currentPage = $filter->xssFilterHard($this->currentPage);
|
||||
$this->id = $filter->xssFilterHard($this->id);
|
||||
|
||||
?>
|
||||
|
||||
<script language='JavaScript'>
|
||||
|
||||
@@ -40,6 +40,12 @@ require_once ("classes/model/AdditionalTables.php");
|
||||
require_once ("classes/model/AppDelay.php");*/
|
||||
G::LoadClass( 'case' );
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
$_REQUEST = $filter->xssFilterHard($_REQUEST);
|
||||
$_SESSION = $filter->xssFilterHard($_SESSION);
|
||||
|
||||
$actionAjax = isset( $_REQUEST['actionAjax'] ) ? $_REQUEST['actionAjax'] : null;
|
||||
|
||||
function filterUserListArray($users = array(), $filter = '')
|
||||
|
||||
@@ -1,4 +1,8 @@
|
||||
<?php
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_REQUEST = $filter->xssFilterHard($_REQUEST);
|
||||
|
||||
if (! isset( $_REQUEST['action'] )) {
|
||||
$res['success'] = false;
|
||||
$res['error'] = $res['message'] = G::LoadTranslation('ID_REQUEST_ACTION');
|
||||
@@ -360,6 +364,10 @@ function exportSkin ($skinToExport = "")
|
||||
function deleteSkin ()
|
||||
{
|
||||
try {
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_REQUEST['SKIN_FOLDER_ID'] = $filter->xssFilterHard($_REQUEST['SKIN_FOLDER_ID']);
|
||||
|
||||
if (! (isset( $_REQUEST['SKIN_FOLDER_ID'] ))) {
|
||||
throw (new Exception( G::LoadTranslation( 'ID_SKIN_FOLDER_REQUIRED' ) ));
|
||||
}
|
||||
|
||||
@@ -22,6 +22,10 @@
|
||||
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
||||
*/
|
||||
try {
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
|
||||
if (isset( $_POST['form']['action'] )) {
|
||||
$_POST['action'] = $_POST['form']['action'];
|
||||
}
|
||||
|
||||
@@ -1,4 +1,13 @@
|
||||
<?php
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
if(isset($_SESSION['USER_LOGGED'])) {
|
||||
$_SESSION['USER_LOGGED'] = $filter->xssFilterHard($_SESSION['USER_LOGGED']);
|
||||
}
|
||||
if(isset($_SESSION['USR_USERNAME'])) {
|
||||
$_SESSION['USR_USERNAME'] = $filter->xssFilterHard($_SESSION['USR_USERNAME']);
|
||||
}
|
||||
|
||||
global $RBAC;
|
||||
$result = new StdClass();
|
||||
|
||||
@@ -23,6 +23,12 @@
|
||||
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
||||
*/
|
||||
try {
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_GET = $filter->xssFilterHard($_GET);
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
$_REQUEST = $filter->xssFilterHard($_REQUEST);
|
||||
|
||||
global $RBAC;
|
||||
switch ($RBAC->userCanAccess('PM_LOGIN')) {
|
||||
case - 2:
|
||||
|
||||
Reference in New Issue
Block a user