Merged in mcuiza/processmaker/HOR-1115 (pull request #4354)

HOR-1115
2016-06-06 15:41:51 -04:00
parent 6b3310aa14 a2334a9c64
commit 27caf3ab19
1 changed files with 13 additions and 13 deletions
--- a/workflow/engine/methods/cases/proxyNewCasesList.php
+++ b/workflow/engine/methods/cases/proxyNewCasesList.php
@@ -16,23 +16,23 @@ if (!isset($_SESSION['USER_LOGGED'])) {

 try {
    $userUid = $_SESSION['USER_LOGGED'];
-    $filters['paged']    = isset( $_REQUEST["paged"] ) ? $_REQUEST["paged"] : true;
-    $filters['count']    = isset( $_REQUEST['count'] ) ? $_REQUEST['count'] : true;
-    $filters['category'] = isset( $_REQUEST["category"] ) ? $_REQUEST["category"] : "";
-    $filters['process']  = isset( $_REQUEST["process"] ) ? $_REQUEST["process"] : "";
-    $filters['search']   = isset( $_REQUEST["search"] ) ? $_REQUEST["search"] : "";
-    $filters['filter']   = isset( $_REQUEST["filter"] ) ? $_REQUEST["filter"] : "";
+    $filters['paged']    = isset( $_REQUEST["paged"] ) ? $filter->sanitizeInputValue($_REQUEST["paged"], 'nosql') : true;
+    $filters['count']    = isset( $_REQUEST['count'] ) ? $filter->sanitizeInputValue($_REQUEST["count"], 'nosql') : true;
+    $filters['category'] = isset( $_REQUEST["category"] ) ? $filter->sanitizeInputValue($_REQUEST["category"], 'nosql') : "";
+    $filters['process']  = isset( $_REQUEST["process"] ) ? $filter->sanitizeInputValue($_REQUEST["process"], 'nosql') : "";
+    $filters['search']   = isset( $_REQUEST["search"] ) ? $filter->sanitizeInputValue($_REQUEST["search"], 'nosql') : "";
+    $filters['filter']   = isset( $_REQUEST["filter"] ) ? $filter->sanitizeInputValue($_REQUEST["filter"], 'nosql') : "";
    $filters['dateFrom'] = (!empty( $_REQUEST["dateFrom"] )) ? substr( $_REQUEST["dateFrom"], 0, 10 ) : "";
    $filters['dateTo']   = (!empty( $_REQUEST["dateTo"] )) ? substr( $_REQUEST["dateTo"], 0, 10 ) : "";

-    $filters['start']    = isset( $_REQUEST["start"] ) ? $_REQUEST["start"] : "0";
-    $filters['limit']    = isset( $_REQUEST["limit"] ) ? $_REQUEST["limit"] : "25";
-    $filters['sort']     = (isset($_REQUEST['sort']))? (($_REQUEST['sort'] == 'APP_STATUS_LABEL')? 'APP_STATUS' : $_REQUEST['sort']) : '';
-    $filters['dir']      = isset( $_REQUEST["dir"] ) ? $_REQUEST["dir"] : "DESC";
+    $filters['start']    = isset( $_REQUEST["start"] ) ? $filter->sanitizeInputValue($_REQUEST["start"], 'nosql') : "0";
+    $filters['limit']    = isset( $_REQUEST["limit"] ) ? $filter->sanitizeInputValue($_REQUEST["limit"], 'nosql') : "25";
+    $filters['sort']     = (isset($_REQUEST['sort']))? (($_REQUEST['sort'] == 'APP_STATUS_LABEL')? 'APP_STATUS' : $filter->sanitizeInputValue($_REQUEST["sort"], 'nosql')) : '';
+    $filters['dir']      = isset( $_REQUEST["dir"] ) ? $filter->sanitizeInputValue($_REQUEST["dir"], 'nosql') : "DESC";

-    $filters['action']   = isset( $_REQUEST["action"] ) ? $_REQUEST["action"] : "";
-    $listName            = isset( $_REQUEST["list"] ) ? $_REQUEST["list"] : "inbox";
-    $filters['filterStatus']   = isset( $_REQUEST["filterStatus"] ) ? $_REQUEST["filterStatus"] : "";
+    $filters['action']   = isset( $_REQUEST["action"] ) ? $filter->sanitizeInputValue($_REQUEST["action"], 'nosql') : "";
+    $listName            = isset( $_REQUEST["list"] ) ? $filter->sanitizeInputValue($_REQUEST["list"], 'nosql') : "inbox";
+    $filters['filterStatus']   = isset( $_REQUEST["filterStatus"] ) ? $filter->sanitizeInputValue($_REQUEST["filterStatus"], 'nosql') : "";

    // Select list
    switch ($listName) {