Merged in paulis/processmaker/PM-VERACODE-18 (pull request #1889)
I correct High - Code Injection(7 flaws) (8 April Report)
This commit is contained in:
Julio Cesar Laura Avendaño
@@ -266,6 +266,10 @@
|
|||||||
G::LoadSystem('headPublisher');
|
G::LoadSystem('headPublisher');
|
||||||
$oHeadPublisher =& headPublisher::getSingleton();
|
$oHeadPublisher =& headPublisher::getSingleton();
|
||||||
|
|
||||||
|
//Load filter class
|
||||||
|
G::LoadSystem('inputfilter');
|
||||||
|
$filter = new InputFilter();
|
||||||
|
|
||||||
// Installer, redirect to install if we don't have a valid shared data folder
|
// Installer, redirect to install if we don't have a valid shared data folder
|
||||||
if ( !defined('PATH_DATA') || !file_exists(PATH_DATA)) {
|
if ( !defined('PATH_DATA') || !file_exists(PATH_DATA)) {
|
||||||
|
|
||||||
@@ -331,12 +335,15 @@
|
|||||||
else { //when we are in global pages, outside any valid workspace
|
else { //when we are in global pages, outside any valid workspace
|
||||||
if (SYS_TARGET==='newSite') {
|
if (SYS_TARGET==='newSite') {
|
||||||
$phpFile = G::ExpandPath('methods') . SYS_COLLECTION . "/" . SYS_TARGET.'.php';
|
$phpFile = G::ExpandPath('methods') . SYS_COLLECTION . "/" . SYS_TARGET.'.php';
|
||||||
|
$phpFile = $filter->validateInput($phpFile,'path');
|
||||||
require_once($phpFile);
|
require_once($phpFile);
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if(SYS_TARGET=="dbInfo"){ //Show dbInfo when no SYS_SYS
|
if(SYS_TARGET=="dbInfo"){ //Show dbInfo when no SYS_SYS
|
||||||
require_once( PATH_METHODS . "login/dbInfo.php" );
|
$pathFile = PATH_METHODS . "login/dbInfo.php";
|
||||||
|
$pathFile = $filter->validateInput($pathFile,'path');
|
||||||
|
require_once($pathFile);
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
|
|
||||||
@@ -352,7 +359,9 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
else { // classic sysLogin interface
|
else { // classic sysLogin interface
|
||||||
require_once( PATH_METHODS . "login/sysLogin.php" ) ;
|
$pathFile = PATH_METHODS . "login/sysLogin.php";
|
||||||
|
$pathFile = $filter->validateInput($pathFile,'path');
|
||||||
|
require_once($pathFile) ;
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -373,6 +373,10 @@ $virtualURITable['/skins/(*)'] = PATH_HTML . 'skins/'; //ugly
|
|||||||
$virtualURITable['/images/(*)'] = PATH_HTML . 'images/'; //ugly
|
$virtualURITable['/images/(*)'] = PATH_HTML . 'images/'; //ugly
|
||||||
$virtualURITable['/[a-zA-Z][a-zA-Z0-9]{0,}/'] = 'errorFile';
|
$virtualURITable['/[a-zA-Z][a-zA-Z0-9]{0,}/'] = 'errorFile';
|
||||||
|
|
||||||
|
//Load filter class
|
||||||
|
G::LoadSystem('inputfilter');
|
||||||
|
$filter = new InputFilter();
|
||||||
|
|
||||||
// Verify if we need to redirect or stream the file, if G:VirtualURI returns true means we are going to redirect the page
|
// Verify if we need to redirect or stream the file, if G:VirtualURI returns true means we are going to redirect the page
|
||||||
if (Bootstrap::virtualURI( $_SERVER['REQUEST_URI'], $virtualURITable, $realPath )) {
|
if (Bootstrap::virtualURI( $_SERVER['REQUEST_URI'], $virtualURITable, $realPath )) {
|
||||||
// review if the file requested belongs to public_html plugin
|
// review if the file requested belongs to public_html plugin
|
||||||
@@ -564,6 +568,7 @@ if (defined( 'SYS_TEMP' ) && SYS_TEMP != '') {
|
|||||||
} else { //when we are in global pages, outside any valid workspace
|
} else { //when we are in global pages, outside any valid workspace
|
||||||
if (SYS_TARGET === 'newSite') {
|
if (SYS_TARGET === 'newSite') {
|
||||||
$phpFile = G::ExpandPath( 'methods' ) . SYS_COLLECTION . "/" . SYS_TARGET . '.php';
|
$phpFile = G::ExpandPath( 'methods' ) . SYS_COLLECTION . "/" . SYS_TARGET . '.php';
|
||||||
|
$phpFile = $filter->validateInput($phpFile,'path');
|
||||||
//NewRelic Snippet - By JHL
|
//NewRelic Snippet - By JHL
|
||||||
transactionLog($phpFile);
|
transactionLog($phpFile);
|
||||||
require_once ($phpFile);
|
require_once ($phpFile);
|
||||||
@@ -786,14 +791,16 @@ if (substr( SYS_COLLECTION, 0, 8 ) === 'gulliver') {
|
|||||||
|
|
||||||
$pluginControllerPath = PATH_PLUGINS . $pluginName . PATH_SEP . 'controllers' . PATH_SEP;
|
$pluginControllerPath = PATH_PLUGINS . $pluginName . PATH_SEP . 'controllers' . PATH_SEP;
|
||||||
|
|
||||||
if (is_file($pluginControllerPath. $controllerClass . '.php')) {
|
$pathFile = $pluginControllerPath. $controllerClass . '.php';
|
||||||
require_once $pluginControllerPath. $controllerClass . '.php';
|
$pathFile = $filter->validateInput($pathFile,'path');
|
||||||
|
if (is_file($pathFile)) {
|
||||||
|
require_once $pathFile;
|
||||||
} elseif (is_file($pluginControllerPath. ucfirst($controllerClass) . '.php')) {
|
} elseif (is_file($pluginControllerPath. ucfirst($controllerClass) . '.php')) {
|
||||||
$controllerClass = ucfirst($controllerClass);
|
$controllerClass = ucfirst($controllerClass);
|
||||||
require_once $pluginControllerPath. $controllerClass . '.php';
|
require_once $pathFile;
|
||||||
} elseif (is_file($pluginControllerPath. ucfirst($controllerClass) . 'Controller.php')) {
|
} elseif (is_file($pluginControllerPath. ucfirst($controllerClass) . 'Controller.php')) {
|
||||||
$controllerClass = ucfirst($controllerClass) . 'Controller';
|
$controllerClass = ucfirst($controllerClass) . 'Controller';
|
||||||
require_once $pluginControllerPath. $controllerClass . '.php';
|
require_once $pathFile;
|
||||||
}
|
}
|
||||||
|
|
||||||
//if the method exists
|
//if the method exists
|
||||||
|
|||||||
Reference in New Issue
Block a user