Merged in paulis/processmaker/PM-VERACODE-15 (pull request #1794)

I solved some issues with Directory traversal
2015-03-30 11:56:28 -04:00
parent f2e8028ed2 576c83d738
commit 2bcbbd29e7
11 changed files with 70 additions and 17 deletions
--- a/workflow/engine/controllers/pmTablesProxy.php
+++ b/workflow/engine/controllers/pmTablesProxy.php
@@ -666,9 +666,12 @@ class pmTablesProxy extends HttpProxyController
        public function importCSV ($httpData)
    {
        G::LoadClass('pmFunctions');
+        G::LoadSystem('inputfilter');
+        $filter = new InputFilter();
        $countRow = 250;
        if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $_FILES['form']['tmp_name']['CSV_FILE'] ) ) === 0) {
            $filename = $_FILES['form']['name']['CSV_FILE'];
+            $filename = $filter->xssFilterHard($filename, 'path');
            if ($oFile = fopen( $_FILES['form']['tmp_name']['CSV_FILE'], 'r' )) {
                require_once 'classes/model/AdditionalTables.php';
                $oAdditionalTables = new AdditionalTables();
@@ -762,8 +765,11 @@ class pmTablesProxy extends HttpProxyController
     */
    public function importCSVDeprecated ($httpData)
    {
+        G::LoadSystem('inputfilter');
+        $filter = new InputFilter();
        if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $_FILES['form']['tmp_name']['CSV_FILE'] ) ) === 0) {
            $filename = $_FILES['form']['name']['CSV_FILE'];
+            $filename = $filter->xssFilterHard($filename, 'path');
            if ($oFile = fopen( $_FILES['form']['tmp_name']['CSV_FILE'], 'r' )) {
                require_once 'classes/model/AdditionalTables.php';
                $oAdditionalTables = new AdditionalTables();