validaciones veracode del reporte del 11-05-15

2015-05-11 16:36:07 -04:00
parent 94b98fe61f
commit 3a06caf555
4 changed files with 44 additions and 9 deletions
--- a/gulliver/system/class.g.php
+++ b/gulliver/system/class.g.php
@@ -463,10 +463,17 @@ class G
     * @return void
     */
    public static function LoadSystem ($strClass)
-    {   require_once (PATH_GULLIVER . 'class.inputfilter.php');
-        $filter = new InputFilter();
+    {   
        $path  = PATH_GULLIVER . 'class.' . $strClass . '.php';
+        if(file_exists(PATH_GULLIVER . 'class.inputfilter.php')) {  
+            require_once (PATH_GULLIVER . 'class.inputfilter.php');
+            $filter = new InputFilter();
            $path  = $filter->validateInput($path, 'path');
+        } else {
+            if(!file_exists($path)) {
+                $path = '';
+            }
+        }
        require_once ($path);
    }

@@ -2656,6 +2663,7 @@ class G
            $path = $filter->validateInput($path, "path");

            move_uploaded_file( $file, $path . "/" . $nameToSave );
+            $nameToSave = $filter->validateInput($nameToSave, "path");
            @chmod( $path . "/" . $nameToSave, $permission );
            umask( $oldumask );

--- a/gulliver/thirdparty/pear/HTTP/WebDAV/Server/Filesystem.php
+++ b/gulliver/thirdparty/pear/HTTP/WebDAV/Server/Filesystem.php
@@ -634,15 +634,29 @@
            $dir = dirname($path)."/";
            $base = basename($path);
            
+            if (!class_exists('G')) {
+                $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
+                $docuroot = explode( '/', $realdocuroot );
+                array_pop( $docuroot );
+                $pathhome = implode( '/', $docuroot ) . '/';  
+                array_pop( $docuroot );
+                $pathTrunk = implode( '/', $docuroot ) . '/';  
+                require_once($pathTrunk.'gulliver/system/class.g.php');
+            }
+            G::LoadSystem('inputfilter');
+            $filter = new InputFilter();
+            
            foreach($options["props"] as $key => $prop) {
                if ($prop["ns"] == "DAV:") {
                    $options["props"][$key]['status'] = "403 Forbidden";
                } else {
                    if (isset($prop["val"])) {
-                        $query = "REPLACE INTO properties SET path = '$options[path]', name = '$prop[name]', ns= '$prop[ns]', value = '$prop[val]'";
+                        $query = "REPLACE INTO properties SET path = '%s', name = '%s', ns= '%s', value = '%s'";
+                        $query = $filter->preventSqlInjection($query, Array($options['path'],$prop['name'],$prop['ns'],$prop['val']));
                        error_log($query);
                    } else {
-                        $query = "DELETE FROM properties WHERE path = '$options[path]' AND name = '$prop[name]' AND ns = '$prop[ns]'";
+                        $query = "DELETE FROM properties WHERE path = '%s' AND name = '%s' AND ns = '%s'";
+                        $query = $filter->preventSqlInjection($query, Array($options['path'],$prop['name'],$prop['ns']));
                    }       
                    mysql_query($query);
                }
--- a/workflow/engine/classes/class.webdav.php
+++ b/workflow/engine/classes/class.webdav.php
@@ -903,15 +903,20 @@ class ProcessMakerWebDav extends HTTP_WebDAV_Server
        $dir = dirname($path) . "/";
        $base = basename($path);
        
+        G::LoadSystem('inputfilter');
+        $filter = new InputFilter();
+
        foreach ($options["props"] as $key => $prop) {
            if ($prop["ns"] == "DAV:") {
                $options["props"][$key]['status'] = "403 Forbidden";
            } else {
                if (isset($prop["val"])) {
-                    $query = "REPLACE INTO properties SET path = '$options[path]', name = '$prop[name]', ns= '$prop[ns]', value = '$prop[val]'";
+                    $query = "REPLACE INTO properties SET path = '%s', name = '%s', ns= '%s', value = '%s'";
+                    $query = $filter->preventSqlInjection($query, Array($options['path'],$prop['name'],$prop['ns'],$prop['val']));
                    error_log($query);
                } else {
-                    $query = "DELETE FROM properties WHERE path = '$options[path]' AND name = '$prop[name]' AND ns = '$prop[ns]'";
+                    $query = "DELETE FROM properties WHERE path = '%s' AND name = '%s' AND ns = '%s'";
+                    $query = $filter->preventSqlInjection($query, Array($options['path'],$prop['name'],$prop['ns']));
                }
                mysql_query($query);
            }
--- a/workflow/engine/controllers/installer.php
+++ b/workflow/engine/controllers/installer.php
@@ -316,13 +316,17 @@ class Installer extends Controller
            }
        }
        
+        G::LoadSystem('inputfilter');
+        $filter = new InputFilter();
+        $pathShared = $filter->validateInput($_REQUEST['pathShared'], 'path');
+
        if ($info->pathShared->result) {
            $aux = pathinfo( $_REQUEST['pathLogFile'] );
            G::verifyPath( $aux['dirname'], true );
            if (is_dir( $aux['dirname'] )) {
                if (! file_exists( $_REQUEST['pathLogFile'] )) {
                    @file_put_contents( $_REQUEST['pathLogFile'], '' );
-                    @chmod($_REQUEST['pathShared'], 0770);
+                    @chmod($pathShared , 0770);
                }
            }
        }
@@ -389,6 +393,10 @@ class Installer extends Controller
            }
        }
        
+        G::LoadSystem('inputfilter');
+        $filter = new InputFilter();
+        $logFile = $filter->validateInput($logFile, 'path');
+        
        $fpt = fopen( $logFile, 'a' );
        fwrite( $fpt, sprintf( "%s %s\n", date( 'Y:m:d H:i:s' ), trim( $text ) ) );
        fclose( $fpt );