I solved some issues with Directory traversal

2015-03-26 15:47:31 -04:00
parent f4664ce34c
commit 1bb9f57152
2 changed files with 4 additions and 1 deletions
--- a/gulliver/system/class.dbMaintenance.php
+++ b/gulliver/system/class.dbMaintenance.php
@@ -502,7 +502,7 @@ class DataBaseMaintenance
            $data .= ");\n";
        }

-        $data = $filter->xssFilterHard($data);
+        $data = $filter->preventSqlInjection($data);
        printf( "%-59s%20s", "Dump of table $table", strlen( $data ) . " Bytes Saved\n" );
        return $data;
    }
--- a/workflow/engine/methods/users/users_ViewPhoto.php
+++ b/workflow/engine/methods/users/users_ViewPhoto.php
@@ -91,6 +91,9 @@ function DumpHeaders ($filename)
    }

    //$filename = PATH_UPLOAD . "$filename";
+    G::LoadSystem('inputfilter');
+    $filter = new InputFilter();
+    $filename = $filter->xssFilterHard($filename, 'path');
    readfile( $filename );
 }