From 4f395793cb522756fc4445d016cc432a28cb2b58 Mon Sep 17 00:00:00 2001 From: "Paula V. Quispe" Date: Wed, 8 Apr 2015 15:47:39 -0400 Subject: [PATCH 1/2] I correct High - Code Injection(7 flaws) (8 April Report) --- workflow/public_html/bootstrap.php | 13 +++++++++++-- workflow/public_html/sysGeneric.php | 15 +++++++++++---- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/workflow/public_html/bootstrap.php b/workflow/public_html/bootstrap.php index 8c44ad0bb..cb9447084 100755 --- a/workflow/public_html/bootstrap.php +++ b/workflow/public_html/bootstrap.php @@ -266,6 +266,10 @@ G::LoadSystem('headPublisher'); $oHeadPublisher =& headPublisher::getSingleton(); + //Load filter class + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + // Installer, redirect to install if we don't have a valid shared data folder if ( !defined('PATH_DATA') || !file_exists(PATH_DATA)) { @@ -331,12 +335,15 @@ else { //when we are in global pages, outside any valid workspace if (SYS_TARGET==='newSite') { $phpFile = G::ExpandPath('methods') . SYS_COLLECTION . "/" . SYS_TARGET.'.php'; + $phpFile = $filter->validateInput($phpFile,'path'); require_once($phpFile); die(); } else { if(SYS_TARGET=="dbInfo"){ //Show dbInfo when no SYS_SYS - require_once( PATH_METHODS . "login/dbInfo.php" ); + $pathFile = PATH_METHODS . "login/dbInfo.php"; + $pathFile = $filter->validateInput($pathFile,'path'); + require_once($pathFile); } else{ @@ -352,7 +359,9 @@ } } else { // classic sysLogin interface - require_once( PATH_METHODS . "login/sysLogin.php" ) ; + $pathFile = PATH_METHODS . "login/sysLogin.php"; + $pathFile = $filter->validateInput($pathFile,'path'); + require_once($pathFile) ; die(); } } diff --git a/workflow/public_html/sysGeneric.php b/workflow/public_html/sysGeneric.php index 56cf5734a..908fd1988 100755 --- a/workflow/public_html/sysGeneric.php +++ b/workflow/public_html/sysGeneric.php @@ -564,6 +564,7 @@ if (defined( 'SYS_TEMP' ) && SYS_TEMP != '') { } else { //when we are in global pages, outside any valid workspace if (SYS_TARGET === 'newSite') { $phpFile = G::ExpandPath( 'methods' ) . SYS_COLLECTION . "/" . SYS_TARGET . '.php'; + $phpFile = $filter->validateInput($phpFile,'path'); //NewRelic Snippet - By JHL transactionLog($phpFile); require_once ($phpFile); @@ -725,6 +726,10 @@ $bWE = false; $isControllerCall = false; $isPluginController = false; +//Load filter class +G::LoadSystem('inputfilter'); +$filter = new InputFilter(); + if (substr( SYS_COLLECTION, 0, 8 ) === 'gulliver') { $phpFile = PATH_GULLIVER_HOME . 'methods/' . substr( SYS_COLLECTION, 8 ) . SYS_TARGET . '.php'; } else { @@ -786,14 +791,16 @@ if (substr( SYS_COLLECTION, 0, 8 ) === 'gulliver') { $pluginControllerPath = PATH_PLUGINS . $pluginName . PATH_SEP . 'controllers' . PATH_SEP; - if (is_file($pluginControllerPath. $controllerClass . '.php')) { - require_once $pluginControllerPath. $controllerClass . '.php'; + $pathFile = $pluginControllerPath. $controllerClass . '.php'; + $pathFile = $filter->validateInput($pathFile,'path'); + if (is_file($pathFile)) { + require_once $pathFile; } elseif (is_file($pluginControllerPath. ucfirst($controllerClass) . '.php')) { $controllerClass = ucfirst($controllerClass); - require_once $pluginControllerPath. $controllerClass . '.php'; + require_once $pathFile; } elseif (is_file($pluginControllerPath. ucfirst($controllerClass) . 'Controller.php')) { $controllerClass = ucfirst($controllerClass) . 'Controller'; - require_once $pluginControllerPath. $controllerClass . '.php'; + require_once $pathFile; } //if the method exists From 14d32cc29e47a4e84b98a3492befe7e9a2507ea1 Mon Sep 17 00:00:00 2001 From: "Paula V. Quispe" Date: Wed, 8 Apr 2015 15:50:55 -0400 Subject: [PATCH 2/2] I correct High - Code Injection(7 flaws) (8 April Report) --- workflow/public_html/sysGeneric.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/workflow/public_html/sysGeneric.php b/workflow/public_html/sysGeneric.php index 908fd1988..e93105a23 100755 --- a/workflow/public_html/sysGeneric.php +++ b/workflow/public_html/sysGeneric.php @@ -373,6 +373,10 @@ $virtualURITable['/skins/(*)'] = PATH_HTML . 'skins/'; //ugly $virtualURITable['/images/(*)'] = PATH_HTML . 'images/'; //ugly $virtualURITable['/[a-zA-Z][a-zA-Z0-9]{0,}/'] = 'errorFile'; +//Load filter class +G::LoadSystem('inputfilter'); +$filter = new InputFilter(); + // Verify if we need to redirect or stream the file, if G:VirtualURI returns true means we are going to redirect the page if (Bootstrap::virtualURI( $_SERVER['REQUEST_URI'], $virtualURITable, $realPath )) { // review if the file requested belongs to public_html plugin @@ -726,10 +730,6 @@ $bWE = false; $isControllerCall = false; $isPluginController = false; -//Load filter class -G::LoadSystem('inputfilter'); -$filter = new InputFilter(); - if (substr( SYS_COLLECTION, 0, 8 ) === 'gulliver') { $phpFile = PATH_GULLIVER_HOME . 'methods/' . substr( SYS_COLLECTION, 8 ) . SYS_TARGET . '.php'; } else {