Merged in paulis/processmaker/PM-VERACODE-15 (pull request #1794)
I solved some issues with Directory traversal
This commit is contained in:
Julio Cesar Laura Avendaño
@@ -515,6 +515,8 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax
|
||||
*/
|
||||
public function restore_html($A)
|
||||
{
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$script = null;
|
||||
$fileTmp = G::decrypt($A, URL_KEY);
|
||||
$form = new Form($fileTmp, PATH_DYNAFORM, SYS_LANG, true);
|
||||
@@ -527,10 +529,11 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax
|
||||
$form->enableTemplate = false;
|
||||
$html = $form->printTemplate($form->template, $script);
|
||||
$html = str_replace('{$form_className}', 'formDefault', $html);
|
||||
if (file_exists(PATH_DYNAFORM . $fileTmp . '.html')) {
|
||||
unlink(PATH_DYNAFORM . $fileTmp . '.html');
|
||||
$pathTmp = $filter->xssFilterHard(PATH_DYNAFORM . $fileTmp . '.html', 'path');
|
||||
if (file_exists($pathTmp)) {
|
||||
unlink($pathTmp);
|
||||
}
|
||||
$fp = fopen(PATH_DYNAFORM . $fileTmp . '.html', 'w');
|
||||
$fp = fopen($pathTmp, 'w');
|
||||
fwrite($fp, $html);
|
||||
fclose($fp);
|
||||
|
||||
@@ -546,6 +549,8 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax
|
||||
public function set_htmlcode($A, $htmlcode)
|
||||
{
|
||||
try {
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$iOcurrences = preg_match_all('/\{\$.*?\}/im', $htmlcode, $matches);
|
||||
if ($iOcurrences) {
|
||||
if (isset($matches[0])) {
|
||||
@@ -561,6 +566,7 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax
|
||||
$file = G::decrypt($A, URL_KEY);
|
||||
$form = new Form($file, PATH_DYNAFORM, SYS_LANG, true);
|
||||
$filename = substr($form->fileName, 0, - 3) . ($form->type === 'xmlform' ? '' : '.' . $form->type) . 'html';
|
||||
$filename = $filter->xssFilterHard($filename, 'path');
|
||||
$fp = fopen($filename, 'w');
|
||||
fwrite($fp, $htmlcode);
|
||||
fclose($fp);
|
||||
@@ -598,10 +604,13 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax
|
||||
*/
|
||||
public function set_xmlcode($A, $xmlcode)
|
||||
{
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$xmlcode = urldecode($xmlcode);
|
||||
$file = G::decrypt($A, URL_KEY);
|
||||
$xmlcode = str_replace(' ', ' ', trim($xmlcode));
|
||||
$fp = fopen(PATH_DYNAFORM . $file . '.xml', 'w');
|
||||
$pathFile = $filter->xssFilterHard(PATH_DYNAFORM . $file . '.xml', "path");
|
||||
$fp = fopen($pathFile, 'w');
|
||||
fwrite($fp, $xmlcode);
|
||||
fclose($fp);
|
||||
return "";
|
||||
@@ -647,6 +656,9 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax
|
||||
*/
|
||||
public function set_javascript($A, $fieldName, $sCode, $meta = '')
|
||||
{
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$fieldName = $filter->xssFilterHard($fieldName, 'path');
|
||||
if ($fieldName == '___pm_boot_strap___') {
|
||||
return 0;
|
||||
}
|
||||
@@ -661,8 +673,8 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax
|
||||
*/
|
||||
|
||||
G::LoadSystem('dynaformhandler');
|
||||
|
||||
$dynaform = new dynaFormHandler(PATH_DYNAFORM . "{$file}.xml");
|
||||
$pathFile = $filter->xssFilterHard(PATH_DYNAFORM . "{$file}.xml", 'path');
|
||||
$dynaform = new dynaFormHandler($pathFile);
|
||||
$dynaform->replace($fieldName, $fieldName, Array('type' => 'javascript', 'meta' => $meta, '#cdata' => $sCode
|
||||
));
|
||||
|
||||
@@ -716,6 +728,8 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax
|
||||
public function set_properties($A, $DYN_UID, $getFields)
|
||||
{
|
||||
try {
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$post = array();
|
||||
parse_str($getFields, $post);
|
||||
$Fields = $post['form'];
|
||||
@@ -729,8 +743,9 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax
|
||||
$tmp['Properties'] = $Fields;
|
||||
self::_setTmpData($tmp);
|
||||
}
|
||||
$dynaform = new dynaFormHandler(PATH_DYNAFORM . "{$file}.xml");
|
||||
$dbc2 = new DBConnection(PATH_DYNAFORM . $file . '.xml', '', '', '', 'myxml');
|
||||
$pathFile = $filter->xssFilterHard(PATH_DYNAFORM . "{$file}.xml", 'path');
|
||||
$dynaform = new dynaFormHandler($pathFile);
|
||||
$dbc2 = new DBConnection($pathFile, '', '', '', 'myxml');
|
||||
$ses2 = new DBSession($dbc2);
|
||||
//if (!isset($Fields['ENABLETEMPLATE'])) $Fields['ENABLETEMPLATE'] ="0";
|
||||
|
||||
@@ -791,13 +806,15 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax
|
||||
*/
|
||||
public function set_enabletemplate($A, $value)
|
||||
{
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$file = G::decrypt($A, URL_KEY);
|
||||
$value = $value == "1" ? "1" : "0";
|
||||
// $dbc2 = new DBConnection( PATH_DYNAFORM . $file . '.xml', '', '', '', 'myxml' );
|
||||
// $ses2 = new DBSession( $dbc2 );
|
||||
// $ses2->execute( "UPDATE . SET ENABLETEMPLATE = '$value'" );
|
||||
|
||||
$dynaform = new dynaFormHandler(PATH_DYNAFORM . "{$file}.xml");
|
||||
$pathFile = $filter->xssFilterHard(PATH_DYNAFORM . "{$file}.xml", 'path');
|
||||
$dynaform = new dynaFormHandler($pathFile);
|
||||
$dynaform->modifyHeaderAttribute('enabletemplate', $value);
|
||||
|
||||
return $value;
|
||||
|
||||
@@ -281,11 +281,14 @@ class System
|
||||
*/
|
||||
public function verifyFileForUpgrade ()
|
||||
{
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$upgradeFilename = isset( $_FILES['form']['name']['UPGRADE_FILENAME'] ) ? $_FILES['form']['name']['UPGRADE_FILENAME'] : '';
|
||||
$tempFilename = isset( $_FILES['form']['tmp_name']['UPGRADE_FILENAME'] ) ? $_FILES['form']['tmp_name']['UPGRADE_FILENAME'] : '';
|
||||
$this->sRevision = str_replace( '.tar.gz', '', str_replace( 'pmos-patch-', '', $upgradeFilename ) );
|
||||
$sTemFilename = $tempFilename;
|
||||
$this->sFilename = PATH_DATA . 'upgrade' . PATH_SEP . $upgradeFilename;
|
||||
$pathFile = $filter->xssFilterHard(PATH_DATA . 'upgrade' . PATH_SEP . $upgradeFilename, 'path');
|
||||
$this->sFilename = $pathFile;
|
||||
$this->sPath = dirname( $this->sFilename ) . PATH_SEP;
|
||||
G::mk_dir( PATH_DATA . 'upgrade' );
|
||||
if (! move_uploaded_file( $sTemFilename, $this->sFilename )) {
|
||||
@@ -615,8 +618,12 @@ class System
|
||||
}
|
||||
}
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
|
||||
//clean up xmlform folders
|
||||
$sDir = PATH_C . 'xmlform';
|
||||
$sDir = $filter->xssFilterHard($sDir, 'path');
|
||||
if (file_exists( $sDir ) && is_dir( $sDir )) {
|
||||
$oDirectory = dir( $sDir );
|
||||
while ($sObjectName = $oDirectory->read()) {
|
||||
@@ -729,8 +736,11 @@ class System
|
||||
*/
|
||||
public static function getPluginSchema ($pluginName)
|
||||
{
|
||||
if (file_exists( PATH_PLUGINS . $pluginName . "/config/schema.xml" )) {
|
||||
return System::getSchema( PATH_PLUGINS . $pluginName . "/config/schema.xml" );
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$pathFile = $filter->xssFilterHard(PATH_PLUGINS . $pluginName . "/config/schema.xml", 'path');
|
||||
if (file_exists( $pathFile )) {
|
||||
return System::getSchema( $pathFile );
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -1387,6 +1387,9 @@ class workspaceTools
|
||||
|
||||
static public function dirPerms($filename, $owner, $group, $perms)
|
||||
{
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$filename = $filter->xssFilterHard($filename, 'path');
|
||||
$chown = @chown($filename, $owner);
|
||||
$chgrp = @chgrp($filename, $group);
|
||||
$chmod = @chmod($filename, $perms);
|
||||
|
||||
@@ -666,9 +666,12 @@ class pmTablesProxy extends HttpProxyController
|
||||
public function importCSV ($httpData)
|
||||
{
|
||||
G::LoadClass('pmFunctions');
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$countRow = 250;
|
||||
if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $_FILES['form']['tmp_name']['CSV_FILE'] ) ) === 0) {
|
||||
$filename = $_FILES['form']['name']['CSV_FILE'];
|
||||
$filename = $filter->xssFilterHard($filename, 'path');
|
||||
if ($oFile = fopen( $_FILES['form']['tmp_name']['CSV_FILE'], 'r' )) {
|
||||
require_once 'classes/model/AdditionalTables.php';
|
||||
$oAdditionalTables = new AdditionalTables();
|
||||
@@ -762,8 +765,11 @@ class pmTablesProxy extends HttpProxyController
|
||||
*/
|
||||
public function importCSVDeprecated ($httpData)
|
||||
{
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $_FILES['form']['tmp_name']['CSV_FILE'] ) ) === 0) {
|
||||
$filename = $_FILES['form']['name']['CSV_FILE'];
|
||||
$filename = $filter->xssFilterHard($filename, 'path');
|
||||
if ($oFile = fopen( $_FILES['form']['tmp_name']['CSV_FILE'], 'r' )) {
|
||||
require_once 'classes/model/AdditionalTables.php';
|
||||
$oAdditionalTables = new AdditionalTables();
|
||||
|
||||
@@ -54,6 +54,9 @@ exit;
|
||||
|
||||
function rangeDownload($location,$mimeType)
|
||||
{
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$location = $filter->xssFilterHard($location, "path");
|
||||
if (!file_exists($location))
|
||||
{
|
||||
header ("HTTP/1.0 404 Not Found");
|
||||
|
||||
@@ -33,6 +33,8 @@ G::LoadClass( 'dynaFormField' );
|
||||
G::LoadClass( 'process' );
|
||||
G::LoadClass( 'dynaform' );
|
||||
//G::LoadClass('configuration');
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
|
||||
|
||||
$G_MAIN_MENU = 'processmaker';
|
||||
@@ -73,9 +75,10 @@ if (! file_exists( PATH_DYNAFORM . $file . '.xml' )) {
|
||||
/* End Comment */
|
||||
|
||||
/* Start Comment: Create and temporal copy. */
|
||||
$copy = implode( '', file( PATH_DYNAFORM . $file . '.xml' ) );
|
||||
$pathFile = $filter->xssFilterHard(PATH_DYNAFORM . $file . '.xml', 'path');
|
||||
$copy = implode( '', file( $pathFile ) );
|
||||
$file .= '_tmp0';
|
||||
$fcopy = fopen( PATH_DYNAFORM . $file . '.xml', "w" );
|
||||
$fcopy = fopen( $pathFile , "w" );
|
||||
fwrite( $fcopy, $copy );
|
||||
fclose( $fcopy );
|
||||
/* End Comment */
|
||||
|
||||
@@ -36,6 +36,8 @@ if (! class_exists( "FieldCondition" )) {
|
||||
|
||||
try {
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$frm = $_POST['form'];
|
||||
$PRO_UID = $frm['PRO_UID'];
|
||||
$DYN_UID = $frm['DYN_UID'];
|
||||
@@ -62,6 +64,7 @@ try {
|
||||
$hd = fopen( PATH_DYNAFORM . $PRO_UID . '/' . $DYN_UID . '.xml', "r" );
|
||||
$hd1 = fopen( PATH_DYNAFORM . $PRO_UID . '/' . $dynUid . '.xml', "w" );
|
||||
$templateFilename = PATH_DYNAFORM . $PRO_UID . '/' . $DYN_UID . '.html';
|
||||
$templateFilename = $filter->xssFilterHard($templateFilename, 'path');
|
||||
|
||||
// also make a copy of the template file in case that the html edition is enabled
|
||||
if (file_exists( $templateFilename )) {
|
||||
|
||||
@@ -56,10 +56,12 @@ try {
|
||||
$sMaxExecutionTime = ini_get( 'max_execution_time' );
|
||||
ini_set( 'max_execution_time', '0' );
|
||||
G::LoadClass( 'configuration' );
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
|
||||
$languageFile = $_FILES['form']['tmp_name']['LANGUAGE_FILENAME'];
|
||||
$languageFilename = $_FILES['form']['name']['LANGUAGE_FILENAME'];
|
||||
|
||||
$languageFilename = $filter->xssFilterHard($languageFilename, 'path');
|
||||
if (substr_compare( $languageFilename, ".gz", - 3, 3, true ) == 0) {
|
||||
$zp = gzopen( $languageFile, "r" );
|
||||
$languageFile = tempnam( __FILE__, '' );
|
||||
|
||||
@@ -320,6 +320,8 @@ function importSkin ()
|
||||
function exportSkin ($skinToExport = "")
|
||||
{
|
||||
try {
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
if (! isset( $_REQUEST['SKIN_FOLDER_ID'] )) {
|
||||
throw (new Exception( G::LoadTranslation( 'ID_SKIN_NAME_REQUIRED' ) ));
|
||||
}
|
||||
@@ -329,6 +331,7 @@ function exportSkin ($skinToExport = "")
|
||||
$skinFolderBase = PATH_CUSTOM_SKINS . $skinName;
|
||||
$skinFolder = $skinFolderBase . PATH_SEP;
|
||||
$skinTar = PATH_CUSTOM_SKINS . $skinName . '.tar';
|
||||
$skinTar = $filter->xssFilterHard($skinTar, 'path');
|
||||
if (! is_dir( $skinFolder )) {
|
||||
throw (new Exception( G::LoadTranslation( 'ID_SKIN_DOESNT_EXIST' ) ));
|
||||
}
|
||||
|
||||
@@ -91,6 +91,9 @@ function DumpHeaders ($filename)
|
||||
}
|
||||
|
||||
//$filename = PATH_UPLOAD . "$filename";
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$filename = $filter->xssFilterHard($filename, 'path');
|
||||
readfile( $filename );
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user