fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged in mcuiza/processmaker/veracode-18-04-15_correcciones (pull request #2028)

Browse Source 
correcciones incidencias veracode
This commit is contained in:
Julio Cesar Laura Avendaño
2015-04-29 13:23:54 -04:00
parent 4ac5555fc4 ffdddddcd7
commit 2e23d17e0a
29 changed files with 431 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
gulliver/system/class.bootstrap.php
View File

@@ -670,10 +670,18 @@ class Bootstrap
*/ */
public static function LoadClass($strClass) public static function LoadClass($strClass)
{ {
Bootstrap::LoadSystem('inputfilter');
$filter = new InputFilter();
$path = PATH_GULLIVER . 'class.' . $strClass . '.php';
$path = $filter->validateInput($path, "path");
$classfile = Bootstrap::ExpandPath("classes") . 'class.' . $strClass . '.php'; $classfile = Bootstrap::ExpandPath("classes") . 'class.' . $strClass . '.php';
$classfile = $filter->validateInput($classfile, "path");
if (!file_exists($classfile)) { if (!file_exists($classfile)) {
if (file_exists(PATH_GULLIVER . 'class.' . $strClass . '.php')) { if (file_exists($path)) {
return require_once (PATH_GULLIVER . 'class.' . $strClass . '.php'); return require_once ($path);
} else { } else {
return false; return false;
} }

1
gulliver/system/class.g.php
View File

@@ -2653,6 +2653,7 @@ class G
G::LoadSystem('inputfilter'); G::LoadSystem('inputfilter');
$filter = new InputFilter(); $filter = new InputFilter();
$file = $filter->validateInput($file, "path"); $file = $filter->validateInput($file, "path");
$path = $filter->validateInput($path, "path");
move_uploaded_file( $file, $path . "/" . $nameToSave ); move_uploaded_file( $file, $path . "/" . $nameToSave );
@chmod( $path . "/" . $nameToSave, $permission ); @chmod( $path . "/" . $nameToSave, $permission );

29
gulliver/thirdparty/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php vendored
View File

@@ -83,6 +83,21 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac
if (!file_exists($file)) { if (!file_exists($file)) {
return false; return false;
} }
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$file = $filter->validateInput($file,"path");
return unlink($file); return unlink($file);
} }
@@ -182,6 +197,20 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac
*/ */
private function _write($file, $data, $config) private function _write($file, $data, $config)
{ {
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$file = $filter->validateInput($file,"path");
if(is_file($file)) { if(is_file($file)) {
$result = file_put_contents($file, $data); $result = file_put_contents($file, $data);
} else { } else {

11
gulliver/thirdparty/pear/Archive/Zip.php vendored
View File

@@ -3602,7 +3602,16 @@ class Archive_Zip
public function encryptCrc32($string) public function encryptCrc32($string)
{ {
return crc32($string); if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
return G::encryptCrc32($string);
} }
} }

11
gulliver/thirdparty/pear/Log/syslog.php vendored
View File

@@ -178,7 +178,16 @@ class Log_syslog extends Log
public function encryptOld($string) public function encryptOld($string)
{ {
return md5($string); if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
return G::encryptOld($string);
} }
} }

11
gulliver/thirdparty/pear/Log/win.php vendored
View File

@@ -268,7 +268,16 @@ EOT;
public function encryptOld($string) public function encryptOld($string)
{ {
return md5($string); if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
return G::encryptOld($string);
} }
} }

27
gulliver/thirdparty/pear/PEAR/Builder.php vendored
View File

@@ -108,6 +108,19 @@ class PEAR_Builder extends PEAR_Common
return $this->raiseError("Did not understand the completion status returned from msdev.exe."); return $this->raiseError("Did not understand the completion status returned from msdev.exe.");
} }
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$dsp = $filter->validateInput($dsp,"path");
// msdev doesn't tell us the output directory :/ // msdev doesn't tell us the output directory :/
// open the dsp, find /out and use that directory // open the dsp, find /out and use that directory
$dsptext = join(file($dsp),''); $dsptext = join(file($dsp),'');
@@ -347,6 +360,20 @@ class PEAR_Builder extends PEAR_Common
*/ */
function _runCommand($command, $callback = null) function _runCommand($command, $callback = null)
{ {
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$command = $filter->validateInput($command);
$this->log(1, "running: $command"); $this->log(1, "running: $command");
$pp = @popen("$command 2>&1", "r"); $pp = @popen("$command 2>&1", "r");
if (!$pp) { if (!$pp) {

15
gulliver/thirdparty/pear/PEAR/Command/Package.php vendored
View File

@@ -358,6 +358,21 @@ Wrote: /usr/src/redhat/RPMS/i386/PEAR::Net_Socket-1.0-1.i386.rpm
$this->output .= "+ $command\n"; $this->output .= "+ $command\n";
} }
$this->output .= "+ $command\n"; $this->output .= "+ $command\n";
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$command = $filter->validateInput($command);
if (empty($options['dry-run'])) { if (empty($options['dry-run'])) {
$fp = popen($command, "r"); $fp = popen($command, "r");
while ($line = fgets($fp, 1024)) { while ($line = fgets($fp, 1024)) {

28
gulliver/thirdparty/pear/PEAR/Common.php vendored
View File

@@ -1218,6 +1218,20 @@ class PEAR_Common extends PEAR
*/ */
function analyzeSourceCode($file) function analyzeSourceCode($file)
{ {
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$file = $filter->validateInput($file,"path");
if (!function_exists("token_get_all")) { if (!function_exists("token_get_all")) {
return false; return false;
} }
@@ -1631,6 +1645,20 @@ class PEAR_Common extends PEAR
} }
} }
$dest_file = $save_dir . DIRECTORY_SEPARATOR . $save_as; $dest_file = $save_dir . DIRECTORY_SEPARATOR . $save_as;
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$dest_file = $filter->validateInput($dest_file,"path");
if (!$wp = @fopen($dest_file, 'wb')) { if (!$wp = @fopen($dest_file, 'wb')) {
fclose($fp); fclose($fp);
if ($callback) { if ($callback) {

5
gulliver/thirdparty/pear/PEAR/Installer.php vendored
View File

@@ -244,11 +244,16 @@ class PEAR_Installer extends PEAR_Common
if (isset($atts['md5sum'])) { if (isset($atts['md5sum'])) {
$md5sum = G::encryptOld($contents); $md5sum = G::encryptOld($contents);
} }
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$subst_from = $subst_to = array(); $subst_from = $subst_to = array();
foreach ($atts['replacements'] as $a) { foreach ($atts['replacements'] as $a) {
$to = ''; $to = '';
if ($a['type'] == 'php-const') { if ($a['type'] == 'php-const') {
if (preg_match('/^[a-z0-9_]+$/i', $a['to'])) { if (preg_match('/^[a-z0-9_]+$/i', $a['to'])) {
$a['to'] = $filter->validateInput($a['to']);
eval("\$to = $a[to];"); eval("\$to = $a[to];");
} else { } else {
$this->log(0, "invalid php-const replacement: $a[to]"); $this->log(0, "invalid php-const replacement: $a[to]");

27
gulliver/thirdparty/pear/PEAR/Registry.php vendored
View File

@@ -165,6 +165,19 @@ class PEAR_Registry extends PEAR
{ {
$this->_assertStateDir(); $this->_assertStateDir();
$file = $this->_packageFileName($package); $file = $this->_packageFileName($package);
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$file = $filter->validateInput($file,"path");
$fp = @fopen($file, $mode); $fp = @fopen($file, $mode);
if (!$fp) { if (!$fp) {
return null; return null;
@@ -425,6 +438,20 @@ class PEAR_Registry extends PEAR
return $e; return $e;
} }
$file = $this->_packageFileName($package); $file = $this->_packageFileName($package);
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$file = $filter->validateInput($file,"path");
$ret = @unlink($file); $ret = @unlink($file);
$this->rebuildFileMap(); $this->rebuildFileMap();
$this->_unlock(); $this->_unlock();

11
gulliver/thirdparty/pear/SOAP/Value.php vendored
View File

@@ -237,7 +237,16 @@ class SOAP_Attachment extends SOAP_Value
public function encryptOld($string) public function encryptOld($string)
{ {
return md5($string); if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
return G::encryptOld($string);
} }
} }

11
gulliver/thirdparty/pear/SOAP/WSDL.php vendored
View File

@@ -1106,7 +1106,16 @@ class SOAP_WSDL_Cache extends SOAP_Base
public function encryptOld($string) public function encryptOld($string)
{ {
return md5($string); if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
return G::encryptOld($string);
} }
} }

8
gulliver/thirdparty/phing/lib/Capsule.php vendored
View File

@@ -122,9 +122,17 @@ class Capsule {
// so that include "path/relative/to/templates"; can be used within templates // so that include "path/relative/to/templates"; can be used within templates
$__old_inc_path = ini_get('include_path'); $__old_inc_path = ini_get('include_path');
$path = $this->templatePath . PATH_SEPARATOR . $__old_inc_path;
if(strpos($path,":")>0){
$firstPath = explode(":", $this->templatePath . PATH_SEPARATOR . $__old_inc_path);
if (is_dir($firstPath[0])) {
ini_set('include_path', $this->templatePath . PATH_SEPARATOR . $__old_inc_path);
}
} else {
if(is_dir($this->templatePath . PATH_SEPARATOR . $__old_inc_path)) { if(is_dir($this->templatePath . PATH_SEPARATOR . $__old_inc_path)) {
ini_set('include_path', $this->templatePath . PATH_SEPARATOR . $__old_inc_path); ini_set('include_path', $this->templatePath . PATH_SEPARATOR . $__old_inc_path);
} }
}
@ini_set('track_errors', true); @ini_set('track_errors', true);
include $__template; include $__template;

11
gulliver/thirdparty/phing/lib/Zip.php vendored
View File

@@ -3584,7 +3584,16 @@ class Archive_Zip
public function encryptCrc32($string) public function encryptCrc32($string)
{ {
return crc32($string); if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
return G::encryptCrc32($string);
} }
} }

11
gulliver/thirdparty/tcpdf/tcpdf.php vendored
View File

@@ -29708,7 +29708,16 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value:
public function encryptOld($string) public function encryptOld($string)
{ {
return md5($string); if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
return G::encryptOld($string);
} }
} // END OF TCPDF CLASS } // END OF TCPDF CLASS

6
workflow/engine/bin/cron.php
View File

@@ -33,6 +33,12 @@ $e_all = defined('E_DEPRECATED') ? E_ALL & ~E_DEPRECATED : E_ALL;
$e_all = defined('E_STRICT') ? $e_all & ~E_STRICT : $e_all; $e_all = defined('E_STRICT') ? $e_all & ~E_STRICT : $e_all;
$e_all = $config['debug'] ? $e_all : $e_all & ~E_NOTICE; $e_all = $config['debug'] ? $e_all : $e_all & ~E_NOTICE;
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$config['debug'] = $filter->validateInput($config['debug']);
$config['memory_limit'] = $filter->validateInput($config['memory_limit']);
$config['wsdl_cache'] = $filter->validateInput($config['wsdl_cache'],'int');
$config['time_zone'] = $filter->validateInput($config['time_zone']);
// Do not change any of these settings directly, use env.ini instead // Do not change any of these settings directly, use env.ini instead
ini_set('display_errors', $config['debug']); ini_set('display_errors', $config['debug']);
ini_set('error_reporting', $e_all); ini_set('error_reporting', $e_all);

6
workflow/engine/bin/cron_single.php
View File

@@ -90,6 +90,12 @@ if (!defined('PATH_HOME')) {
$e_all = defined('E_STRICT') ? $e_all & ~E_STRICT : $e_all; $e_all = defined('E_STRICT') ? $e_all & ~E_STRICT : $e_all;
$e_all = $config['debug'] ? $e_all : $e_all & ~E_NOTICE; $e_all = $config['debug'] ? $e_all : $e_all & ~E_NOTICE;
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$config['debug'] = $filter->validateInput($config['debug']);
$config['memory_limit'] = $filter->validateInput($config['memory_limit']);
$config['wsdl_cache'] = $filter->validateInput($config['wsdl_cache'],'int');
$config['time_zone'] = $filter->validateInput($config['time_zone']);
// Do not change any of these settings directly, use env.ini instead // Do not change any of these settings directly, use env.ini instead
ini_set('display_errors', $config['debug']); ini_set('display_errors', $config['debug']);
ini_set('error_reporting', $e_all); ini_set('error_reporting', $e_all);

4
workflow/engine/bin/messageeventcron.php
View File

@@ -44,6 +44,10 @@ try {
$config = System::getSystemConfiguration(); $config = System::getSystemConfiguration();
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$config['time_zone'] = $filter->validateInput($config['time_zone']);
ini_set("date.timezone", $config["time_zone"]); ini_set("date.timezone", $config["time_zone"]);
//CRON command options //CRON command options

5
workflow/engine/bin/messageeventcron_single.php
View File

@@ -91,6 +91,11 @@ try {
$e_all = (defined("E_STRICT"))? $e_all & ~E_STRICT : $e_all; $e_all = (defined("E_STRICT"))? $e_all & ~E_STRICT : $e_all;
$e_all = ($config["debug"])? $e_all : $e_all & ~E_NOTICE; $e_all = ($config["debug"])? $e_all : $e_all & ~E_NOTICE;
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$config['debug'] = $filter->validateInput($config['debug']);
$config['wsdl_cache'] = $filter->validateInput($config['wsdl_cache'],'int');
$config['time_zone'] = $filter->validateInput($config['time_zone']);
//Do not change any of these settings directly, use env.ini instead //Do not change any of these settings directly, use env.ini instead
ini_set("display_errors", $config["debug"]); ini_set("display_errors", $config["debug"]);
ini_set("error_reporting", $e_all); ini_set("error_reporting", $e_all);

13
workflow/engine/bin/reindex_solr.php
View File

@@ -207,9 +207,16 @@ if (! defined ('SYS_SYS')) {
define ('TIME_ZONE', $config ['time_zone']); define ('TIME_ZONE', $config ['time_zone']);
date_default_timezone_set (TIME_ZONE); date_default_timezone_set (TIME_ZONE);
print "TIME_ZONE: " . TIME_ZONE . "\n";
print "MEMCACHED_ENABLED: " . MEMCACHED_ENABLED . "\n"; G::LoadSystem('inputfilter');
print "MEMCACHED_SERVER: " . MEMCACHED_SERVER . "\n"; $filter = new InputFilter();
$TIME_ZONE = $filter->xssFilterHard(TIME_ZONE);
$MEMCACHED_ENABLED = $filter->xssFilterHard(MEMCACHED_ENABLED);
$MEMCACHED_SERVER = $filter->xssFilterHard(MEMCACHED_SERVER);
print "TIME_ZONE: " . $TIME_ZONE . "\n";
print "MEMCACHED_ENABLED: " . $MEMCACHED_ENABLED . "\n";
print "MEMCACHED_SERVER: " . $MEMCACHED_SERVER . "\n";
// **************************************** // ****************************************
include_once (PATH_HOME . 'engine' . PATH_SEP . 'config' . PATH_SEP . 'paths_installed.php'); include_once (PATH_HOME . 'engine' . PATH_SEP . 'config' . PATH_SEP . 'paths_installed.php');

14
workflow/engine/bin/verify_solr.php
View File

@@ -139,14 +139,22 @@ if (! defined ('SYS_SYS')) {
define ('TIME_ZONE', $config ['time_zone']); define ('TIME_ZONE', $config ['time_zone']);
date_default_timezone_set (TIME_ZONE); date_default_timezone_set (TIME_ZONE);
print "TIME_ZONE: " . TIME_ZONE . "\n";
print "MEMCACHED_ENABLED: " . MEMCACHED_ENABLED . "\n";
print "MEMCACHED_SERVER: " . MEMCACHED_SERVER . "\n";
// **************************************** // ****************************************
include_once (PATH_HOME . 'engine' . PATH_SEP . 'config' . PATH_SEP . 'paths_installed.php'); include_once (PATH_HOME . 'engine' . PATH_SEP . 'config' . PATH_SEP . 'paths_installed.php');
include_once (PATH_HOME . 'engine' . PATH_SEP . 'config' . PATH_SEP . 'paths.php'); include_once (PATH_HOME . 'engine' . PATH_SEP . 'config' . PATH_SEP . 'paths.php');
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$TIME_ZONE = $filter->xssFilterHard(TIME_ZONE);
$MEMCACHED_ENABLED = $filter->xssFilterHard(MEMCACHED_ENABLED);
$MEMCACHED_SERVER = $filter->xssFilterHard(MEMCACHED_SERVER);
print "TIME_ZONE: " . $TIME_ZONE . "\n";
print "MEMCACHED_ENABLED: " . $MEMCACHED_ENABLED . "\n";
print "MEMCACHED_SERVER: " . $MEMCACHED_SERVER . "\n";
// ***************** PM Paths DATA ************************** // ***************** PM Paths DATA **************************
define ('PATH_DATA_SITE', PATH_DATA . 'sites/' . SYS_SYS . '/'); define ('PATH_DATA_SITE', PATH_DATA . 'sites/' . SYS_SYS . '/');
define ('PATH_DOCUMENT', PATH_DATA_SITE . 'files/'); define ('PATH_DOCUMENT', PATH_DATA_SITE . 'files/');

12
workflow/engine/controllers/installer.php
View File

@@ -699,6 +699,9 @@ class Installer extends Controller
try { try {
$db_host = ($db_port != '' && $db_port != 3306) ? $db_hostname . ':' . $db_port : $db_hostname; $db_host = ($db_port != '' && $db_port != 3306) ? $db_hostname . ':' . $db_port : $db_hostname;
$db_host = $filter->validateInput($db_host);
$db_username = $filter->validateInput($db_username);
$db_password = $filter->validateInput($db_password);
$this->link = @mysql_connect( $db_host, $db_username, $db_password ); $this->link = @mysql_connect( $db_host, $db_username, $db_password );
$this->installLog( G::LoadTranslation('ID_CONNECT_TO_SERVER', SYS_LANG, Array($db_hostname, $db_port, $db_username ) )); $this->installLog( G::LoadTranslation('ID_CONNECT_TO_SERVER', SYS_LANG, Array($db_hostname, $db_port, $db_username ) ));
@@ -1032,6 +1035,9 @@ class Installer extends Controller
try { try {
$db_host = ($db_port != '' && $db_port != 1433) ? $db_hostname . ':' . $db_port : $db_hostname; $db_host = ($db_port != '' && $db_port != 1433) ? $db_hostname . ':' . $db_port : $db_hostname;
$db_host = $filter->validateInput($db_host);
$db_username = $filter->validateInput($db_username);
$db_password = $filter->validateInput($db_password);
$this->link = @mssql_connect( $db_host, $db_username, $db_password ); $this->link = @mssql_connect( $db_host, $db_username, $db_password );
$this->installLog( G::LoadTranslation('ID_CONNECT_TO_SERVER', SYS_LANG, Array( $db_hostname, $db_port, $db_username )) ); $this->installLog( G::LoadTranslation('ID_CONNECT_TO_SERVER', SYS_LANG, Array( $db_hostname, $db_port, $db_username )) );
@@ -1231,6 +1237,9 @@ class Installer extends Controller
$info = new stdclass(); $info = new stdclass();
if ($_REQUEST['db_engine'] == 'mysql') { if ($_REQUEST['db_engine'] == 'mysql') {
$_REQUEST['db_hostname'] = $filter->validateInput($_REQUEST['db_hostname']);
$_REQUEST['db_username'] = $filter->validateInput($_REQUEST['db_username']);
$_REQUEST['db_password'] = $filter->validateInput($_REQUEST['db_password']);
$link = @mysql_connect( $_REQUEST['db_hostname'], $_REQUEST['db_username'], $_REQUEST['db_password'] ); $link = @mysql_connect( $_REQUEST['db_hostname'], $_REQUEST['db_username'], $_REQUEST['db_password'] );
$_REQUEST['wfDatabase'] = $filter->validateInput($_REQUEST['wfDatabase'], 'nosql'); $_REQUEST['wfDatabase'] = $filter->validateInput($_REQUEST['wfDatabase'], 'nosql');
$query = "show databases like '%s' "; $query = "show databases like '%s' ";
@@ -1296,6 +1305,7 @@ class Installer extends Controller
} }
$db_host = ($db_port != '' && $db_port != 1433) ? $db_hostname . ':' . $db_port : $db_hostname; $db_host = ($db_port != '' && $db_port != 1433) ? $db_hostname . ':' . $db_port : $db_hostname;
$link = @mysql_connect( $db_host, $db_username, $db_password ); $link = @mysql_connect( $db_host, $db_username, $db_password );
if (! $link) { if (! $link) {
$info->message .= G::LoadTranslation('ID_MYSQL_CREDENTIALS_WRONG'); $info->message .= G::LoadTranslation('ID_MYSQL_CREDENTIALS_WRONG');
@@ -1348,6 +1358,7 @@ class Installer extends Controller
} }
$db_host = ($db_port != '' && $db_port != 1433) ? $db_hostname . ':' . $db_port : $db_hostname; $db_host = ($db_port != '' && $db_port != 1433) ? $db_hostname . ':' . $db_port : $db_hostname;
$link = @mssql_connect( $db_host, $db_username, $db_password ); $link = @mssql_connect( $db_host, $db_username, $db_password );
if (! $link) { if (! $link) {
$info->message .= G::LoadTranslation('ID_MYSQL_CREDENTIALS_WRONG'); $info->message .= G::LoadTranslation('ID_MYSQL_CREDENTIALS_WRONG');
@@ -1661,6 +1672,7 @@ class Installer extends Controller
$wf = trim( $_REQUEST['wfDatabase'] ); $wf = trim( $_REQUEST['wfDatabase'] );
$db_host = ($db_port != '' && $db_port != 3306) ? $db_hostname . ':' . $db_port : $db_hostname; $db_host = ($db_port != '' && $db_port != 3306) ? $db_hostname . ':' . $db_port : $db_hostname;
$link = @mysql_connect( $db_host, $db_username, $db_password ); $link = @mysql_connect( $db_host, $db_username, $db_password );
@mysql_select_db($wf, $link); @mysql_select_db($wf, $link);
$res = mysql_query( "SELECT STORE_ID FROM ADDONS_MANAGER WHERE ADDON_NAME = '" . $namePlugin . "'", $link ); $res = mysql_query( "SELECT STORE_ID FROM ADDONS_MANAGER WHERE ADDON_NAME = '" . $namePlugin . "'", $link );

5
workflow/engine/methods/setup/setup.php
View File

@@ -33,7 +33,6 @@ G::LoadSystem('inputfilter');
$filter = new InputFilter(); $filter = new InputFilter();
$_GET['i18'] = $filter->xssFilterHard($_GET['i18']); $_GET['i18'] = $filter->xssFilterHard($_GET['i18']);
$_GET['newSite'] = $filter->xssFilterHard($_GET['newSite']); $_GET['newSite'] = $filter->xssFilterHard($_GET['newSite']);
$_GET['module'] = $filter->xssFilterHard($_GET['module']);
if (($RBAC_Response = $RBAC->userCanAccess( "PM_SETUP" )) != 1) if (($RBAC_Response = $RBAC->userCanAccess( "PM_SETUP" )) != 1)
return $RBAC_Response; return $RBAC_Response;
@@ -78,10 +77,10 @@ foreach ($toolItems as $item) {
$G_PUBLISH->AddContent( 'template', '', '', '', $template ); $G_PUBLISH->AddContent( 'template', '', '', '', $template );
G::RenderPage( 'publish' ); G::RenderPage( 'publish' );
if (isset( $_GET['module'] )) { if (isset( $_GET['module'] )) {
$module = $filter->xssFilterHard($_GET['module']);
print " print "
<script> <script>
admToolsContent.location='" . $_GET['module'] . "'; admToolsContent.location='" . $module . "';
</script> </script>
"; ";
} }

9
workflow/engine/methods/setup/skin_Ajax.php
View File

@@ -319,9 +319,9 @@ function importSkin ()
function exportSkin ($skinToExport = "") function exportSkin ($skinToExport = "")
{ {
try {
G::LoadSystem('inputfilter'); G::LoadSystem('inputfilter');
$filter = new InputFilter(); $filter = new InputFilter();
try {
if (! isset( $_REQUEST['SKIN_FOLDER_ID'] )) { if (! isset( $_REQUEST['SKIN_FOLDER_ID'] )) {
throw (new Exception( G::LoadTranslation( 'ID_SKIN_NAME_REQUIRED' ) )); throw (new Exception( G::LoadTranslation( 'ID_SKIN_NAME_REQUIRED' ) ));
} }
@@ -356,19 +356,23 @@ function exportSkin ($skinToExport = "")
$response['success'] = true; $response['success'] = true;
$response['message'] = $skinTar; $response['message'] = $skinTar;
G::auditLog("ExportSkin", "Skin Name: ".$skinName); G::auditLog("ExportSkin", "Skin Name: ".$skinName);
$response = $filter->xssFilterHard($response);
print_r( G::json_encode( $response ) ); print_r( G::json_encode( $response ) );
} catch (Exception $e) { } catch (Exception $e) {
$response['success'] = false; $response['success'] = false;
$response['message'] = $e->getMessage(); $response['message'] = $e->getMessage();
$response = $filter->xssFilterHard($response);
print_r( G::json_encode( $response ) ); print_r( G::json_encode( $response ) );
} }
} }
function deleteSkin () function deleteSkin ()
{ {
try {
G::LoadSystem('inputfilter'); G::LoadSystem('inputfilter');
$filter = new InputFilter(); $filter = new InputFilter();
try {
$_REQUEST['SKIN_FOLDER_ID'] = $filter->xssFilterHard($_REQUEST['SKIN_FOLDER_ID']); $_REQUEST['SKIN_FOLDER_ID'] = $filter->xssFilterHard($_REQUEST['SKIN_FOLDER_ID']);
if (! (isset( $_REQUEST['SKIN_FOLDER_ID'] ))) { if (! (isset( $_REQUEST['SKIN_FOLDER_ID'] ))) {
@@ -389,6 +393,7 @@ function deleteSkin ()
} catch (Exception $e) { } catch (Exception $e) {
$response['success'] = false; $response['success'] = false;
$response['error'] = $response['message'] = $e->getMessage(); $response['error'] = $response['message'] = $e->getMessage();
$response = $filter->xssFilterHard($response);
print_r( G::json_encode( $response ) ); print_r( G::json_encode( $response ) );
} }
} }

6
workflow/engine/src/ProcessMaker/BusinessModel/Consolidated.php
View File

@@ -324,10 +324,14 @@ class Consolidated
} }
} }
G::LoadSystem('inputfilter');
$filter = new \InputFilter();
if ($sort != "") { if ($sort != "") {
$reportTable = new ReportTables(); $reportTable = new ReportTables();
$arrayReportTableVar = $reportTable->getTableVars($tableUid); $arrayReportTableVar = $reportTable->getTableVars($tableUid);
$tableName = $filter->validateInput($tableName);
$sort = $filter->validateInput($sort);
if (in_array($sort, $arrayReportTableVar)) { if (in_array($sort, $arrayReportTableVar)) {
$sort = strtoupper($sort); $sort = strtoupper($sort);
eval("\$field = " . $tableName . "Peer::" . $sort . ";"); eval("\$field = " . $tableName . "Peer::" . $sort . ";");

3
workflow/engine/test/bootstrap/unit.php
View File

@@ -61,8 +61,9 @@
//$_test_dir = realpath(dirname(__FILE__).'/..'); //$_test_dir = realpath(dirname(__FILE__).'/..');
//require_once( 'lime/lime.php'); //require_once( 'lime/lime.php');
if(file_exists(PATH_GULLIVER . "class.bootstrap.php")) {
require_once (PATH_GULLIVER . "class.bootstrap.php"); require_once (PATH_GULLIVER . "class.bootstrap.php");
}
spl_autoload_register(array('Bootstrap', 'autoloadClass')); spl_autoload_register(array('Bootstrap', 'autoloadClass'));
Bootstrap::registerClass('G', PATH_GULLIVER . "class.g.php"); Bootstrap::registerClass('G', PATH_GULLIVER . "class.g.php");
Bootstrap::registerClass('System', PATH_HOME . "engine/classes/class.system.php"); Bootstrap::registerClass('System', PATH_HOME . "engine/classes/class.system.php");

7
workflow/public_html/bootstrap.php
View File

@@ -69,6 +69,13 @@
//$e_all = $config['debug'] ? $e_all : $e_all & ~E_NOTICE; //$e_all = $config['debug'] ? $e_all : $e_all & ~E_NOTICE;
//$e_all = E_ALL & ~ E_DEPRECATED & ~ E_STRICT & ~ E_NOTICE & ~E_WARNING; //$e_all = E_ALL & ~ E_DEPRECATED & ~ E_STRICT & ~ E_NOTICE & ~E_WARNING;
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$config['display_errors'] = $filter->validateInput($config['display_errors']);
$config['error_reporting'] = $filter->validateInput($config['error_reporting']);
$config['memory_limit'] = $filter->validateInput($config['memory_limit']);
$config['wsdl_cache'] = $filter->validateInput($config['wsdl_cache'],'int');
$config['time_zone'] = $filter->validateInput($config['time_zone']);
// Do not change any of these settings directly, use env.ini instead // Do not change any of these settings directly, use env.ini instead
ini_set( 'display_errors', $config['display_errors']); ini_set( 'display_errors', $config['display_errors']);
ini_set( 'error_reporting', $config['error_reporting']); ini_set( 'error_reporting', $config['error_reporting']);

22
workflow/public_html/sysGeneric.php
View File

@@ -303,6 +303,20 @@ session_start();
//$e_all = $config['debug'] ? $e_all : $e_all & ~ E_NOTICE; //$e_all = $config['debug'] ? $e_all : $e_all & ~ E_NOTICE;
//$e_all = E_ALL & ~ E_DEPRECATED & ~ E_STRICT & ~ E_NOTICE & ~E_WARNING; //$e_all = E_ALL & ~ E_DEPRECATED & ~ E_STRICT & ~ E_NOTICE & ~E_WARNING;
//Call Gulliver Classes
Bootstrap::LoadThirdParty("smarty/libs", "Smarty.class");
//Loading the autoloader libraries feature
Bootstrap::registerSystemClasses();
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$config['display_errors'] = $filter->validateInput($config['display_errors']);
$config['error_reporting'] = $filter->validateInput($config['error_reporting']);
$config['memory_limit'] = $filter->validateInput($config['memory_limit']);
$config['wsdl_cache'] = $filter->validateInput($config['wsdl_cache'],'int');
$config['time_zone'] = $filter->validateInput($config['time_zone']);
// Do not change any of these settings directly, use env.ini instead // Do not change any of these settings directly, use env.ini instead
ini_set( 'display_errors', $config['display_errors']); ini_set( 'display_errors', $config['display_errors']);
ini_set( 'error_reporting', $config['error_reporting']); ini_set( 'error_reporting', $config['error_reporting']);
@@ -334,15 +348,7 @@ define( 'PATH_C', (rtrim( Bootstrap::sys_get_temp_dir(), PATH_SEP ) . PATH_SEP)
define( 'PATH_LANGUAGECONT', PATH_HOME . 'engine/content/languages/' ); define( 'PATH_LANGUAGECONT', PATH_HOME . 'engine/content/languages/' );
} }
//Call Gulliver Classes
Bootstrap::LoadThirdParty("smarty/libs", "Smarty.class");
//Loading the autoloader libraries feature
Bootstrap::registerSystemClasses();
//Load filter class //Load filter class
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$skinPathErrors = G::skinGetPathToSrcByVirtualUri("errors", $config); $skinPathErrors = G::skinGetPathToSrcByVirtualUri("errors", $config);
$skinPathUpdate = G::skinGetPathToSrcByVirtualUri("update", $config); $skinPathUpdate = G::skinGetPathToSrcByVirtualUri("update", $config);