fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

correcciones incidencias veracode

Browse Source
This commit is contained in:
marcelo.cuiza
2015-04-28 15:48:30 -04:00
parent 6fdb3308af
commit 3dd0a86903
29 changed files with 442 additions and 162 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
gulliver/system/class.bootstrap.php
View File

@@ -670,10 +670,18 @@ class Bootstrap
*/
public static function LoadClass($strClass)
{
Bootstrap::LoadSystem('inputfilter');
$filter = new InputFilter();
$path = PATH_GULLIVER . 'class.' . $strClass . '.php';
$path = $filter->validateInput($path, "path");
$classfile = Bootstrap::ExpandPath("classes") . 'class.' . $strClass . '.php';
$classfile = $filter->validateInput($classfile, "path");
if (!file_exists($classfile)) {
if (file_exists(PATH_GULLIVER . 'class.' . $strClass . '.php')) {
return require_once (PATH_GULLIVER . 'class.' . $strClass . '.php');
if (file_exists($path)) {
return require_once ($path);
} else {
return false;
}

23
gulliver/system/class.g.php
View File

@@ -245,7 +245,7 @@ class G
}
$result = base64_encode( $result );
$result = str_replace( '/', '°', $result );
$result = str_replace( '/', '°', $result );
$result = str_replace( '=', '', $result );
return $result;
}
@@ -264,7 +264,7 @@ class G
// if ( defined ( 'ENABLE_ENCRYPT' ) && ENABLE_ENCRYPT == 'yes' ) {
//if (strpos($string, '|', 0) !== false) return $string;
$result = '';
$string = str_replace( '°', '/', $string );
$string = str_replace( '°', '/', $string );
$string_jhl = explode( "?", $string );
$string = base64_decode( $string );
$string = base64_decode( $string_jhl[0] );
@@ -784,7 +784,7 @@ class G
for ($i = 2; $i < count( $aRequestUri ); $i ++) {
$decoded = G::decrypt( urldecode( $aRequestUri[$i] ), URL_KEY );
if ($decoded == 'sWì') {
if ($decoded == 'sWì›') {
$decoded = $VARS[$i]; //this is for the string "../"
}
$plain .= '/' . $decoded;
@@ -1349,7 +1349,7 @@ class G
$lang = defined( SYS_LANG ) ? SYS_LANG : 'en';
}
$aux = explode( ' ', $datetime ); //para dividir la fecha del dia
$date = explode( '-', isset( $aux[0] ) ? $aux[0] : '00-00-00' ); //para obtener los dias, el mes, y el año.
$date = explode( '-', isset( $aux[0] ) ? $aux[0] : '00-00-00' ); //para obtener los dias, el mes, y el año.
$time = explode( ':', isset( $aux[1] ) ? $aux[1] : '00:00:00' ); //para obtener las horas, minutos, segundos.
$date[0] = (int) ((isset( $date[0] )) ? $date[0] : '0');
$date[1] = (int) ((isset( $date[1] )) ? $date[1] : '0');
@@ -1365,7 +1365,7 @@ class G
);
// Spanish days
$ARR_WEEKDAYS['es'] = array ("Domingo","Lunes","Martes","Miércoles","Jueves","Viernes","Sábado"
$ARR_WEEKDAYS['es'] = array ("Domingo","Lunes","Martes","Miércoles","Jueves","Viernes","Sábado"
);
// English days
$ARR_WEEKDAYS['en'] = array ("Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"
@@ -1461,7 +1461,7 @@ class G
}
$aux = explode( ' ', $date ); //para dividir la fecha del dia
$date = explode( '-', isset( $aux[0] ) ? $aux[0] : '00-00-00' ); //para obtener los dias, el mes, y el año.
$date = explode( '-', isset( $aux[0] ) ? $aux[0] : '00-00-00' ); //para obtener los dias, el mes, y el año.
$time = explode( ':', isset( $aux[1] ) ? $aux[1] : '00:00:00' ); //para obtener las horas, minutos, segundos.
$year = (int) ((isset( $date[0] )) ? $date[0] : '0'); //year
@@ -2438,12 +2438,12 @@ class G
$loginhtml = (ENABLE_ENCRYPT == 'yes' ? G::encrypt( urldecode( $aux[1] ), URL_KEY ) : $aux[1]);
//header ("location: /$sys/$lang/$skin/$login/$loginhtml");
header( "location: /fluid/mNE/o9A/mNGm1aLiop3V4qU/dtij4J°gmaLPwKDU3qNn2qXanw" );
header( "location: /fluid/mNE/o9A/mNGm1aLiop3V4qU/dtij4J°gmaLPwKDU3qNn2qXanw" );
die();
}
if ($sw == 0) {
header( "location: /fluid/mNE/o9A/mNGm1aLiop3V4qU/dtij4J°gmaLPwKDU3qNn2qXanw" );
header( "location: /fluid/mNE/o9A/mNGm1aLiop3V4qU/dtij4J°gmaLPwKDU3qNn2qXanw" );
die();
}
}
@@ -2653,6 +2653,7 @@ class G
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$file = $filter->validateInput($file, "path");
$path = $filter->validateInput($path, "path");
move_uploaded_file( $file, $path . "/" . $nameToSave );
@chmod( $path . "/" . $nameToSave, $permission );
@@ -2791,7 +2792,7 @@ class G
/**
* Generate a numeric or alphanumeric code
*
* @author Julio Cesar Laura Avendajuliocesar@colosa.com>
* @author Julio Cesar Laura Avendaíž¼juliocesar@colosa.com>
* @access public
* @return string
*/
@@ -3157,7 +3158,7 @@ class G
$quotedReplacement = preg_quote( $replacement, '/' );
$default = array ('/à|á|å|â/' => 'a','/è|é|ê|ẽ|ë/' => 'e','/ì|í|î/' => 'i','/ò|ó|ô|ø/' => 'o','/ù|ú|ů|û/' => 'u','/ç/' => 'c','/ñ/' => 'n','/ä|æ/' => 'ae','/ö/' => 'oe','/ü/' => 'ue','/Ä/' => 'Ae','/Ü/' => 'Ue','/Ö/' => 'Oe','/ß/' => 'ss','/\.|\,|\:|\-|\\|\//' => " ",'/\\s+/' => $replacement
$default = array ('/à |á|å|â/' => 'a','/è|é|ê|ẽ|ë/' => 'e','/ì|í|î/' => 'i','/ò|ó|ô|ø/' => 'o','/ù|ú|ů|û/' => 'u','/ç/' => 'c','/ñ/' => 'n','/ä|æ/' => 'ae','/ö/' => 'oe','/ü/' => 'ue','/Ä/' => 'Ae','/Ü/' => 'Ue','/Ö/' => 'Oe','/ß/' => 'ss','/\.|\,|\:|\-|\\|\//' => " ",'/\\s+/' => $replacement
);
$map = array_merge( $default, $map );
@@ -5584,7 +5585,7 @@ class G
{
$strip = array("~", "`", "!", "@", "#", "$", "%", "^", "&", "*", "(", ")", "_", "=", "+", "[", "{", "]",
"}", "\\", "|", ";", ":", "\"", "'", "&#8216;", "&#8217;", "&#8220;", "&#8221;", "&#8211;", "&#8212;",
"â€", "â€", ",", "<", ".", ">", "/", "?");
"—", "–", ",", "<", ".", ">", "/", "?");
$clean = trim(str_replace($strip, "", strip_tags($string)));
$clean = preg_replace('/\s+/', "-", $clean);
$clean = ($alpha) ? preg_replace("/[^a-zA-Z0-9]/", "", $clean) : $clean ;

29
gulliver/thirdparty/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php vendored
View File

@@ -83,6 +83,21 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac
if (!file_exists($file)) {
return false;
}
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$file = $filter->validateInput($file,"path");
return unlink($file);
}
@@ -182,6 +197,20 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac
*/
private function _write($file, $data, $config)
{
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$file = $filter->validateInput($file,"path");
if(is_file($file)) {
$result = file_put_contents($file, $data);
} else {

11
gulliver/thirdparty/pear/Archive/Zip.php vendored
View File

@@ -3602,7 +3602,16 @@ class Archive_Zip
public function encryptCrc32($string)
{
return crc32($string);
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
return G::encryptCrc32($string);
}
}

11
gulliver/thirdparty/pear/Log/syslog.php vendored
View File

@@ -178,7 +178,16 @@ class Log_syslog extends Log
public function encryptOld($string)
{
return md5($string);
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
return G::encryptOld($string);
}
}

11
gulliver/thirdparty/pear/Log/win.php vendored
View File

@@ -268,7 +268,16 @@ EOT;
public function encryptOld($string)
{
return md5($string);
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
return G::encryptOld($string);
}
}

27
gulliver/thirdparty/pear/PEAR/Builder.php vendored
View File

@@ -108,6 +108,19 @@ class PEAR_Builder extends PEAR_Common
return $this->raiseError("Did not understand the completion status returned from msdev.exe.");
}
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$dsp = $filter->validateInput($dsp,"path");
// msdev doesn't tell us the output directory :/
// open the dsp, find /out and use that directory
$dsptext = join(file($dsp),'');
@@ -347,6 +360,20 @@ class PEAR_Builder extends PEAR_Common
*/
function _runCommand($command, $callback = null)
{
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$command = $filter->validateInput($command);
$this->log(1, "running: $command");
$pp = @popen("$command 2>&1", "r");
if (!$pp) {

15
gulliver/thirdparty/pear/PEAR/Command/Package.php vendored
View File

@@ -358,6 +358,21 @@ Wrote: /usr/src/redhat/RPMS/i386/PEAR::Net_Socket-1.0-1.i386.rpm
$this->output .= "+ $command\n";
}
$this->output .= "+ $command\n";
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$command = $filter->validateInput($command);
if (empty($options['dry-run'])) {
$fp = popen($command, "r");
while ($line = fgets($fp, 1024)) {

28
gulliver/thirdparty/pear/PEAR/Common.php vendored
View File

@@ -1218,6 +1218,20 @@ class PEAR_Common extends PEAR
*/
function analyzeSourceCode($file)
{
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$file = $filter->validateInput($file,"path");
if (!function_exists("token_get_all")) {
return false;
}
@@ -1631,6 +1645,20 @@ class PEAR_Common extends PEAR
}
}
$dest_file = $save_dir . DIRECTORY_SEPARATOR . $save_as;
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$dest_file = $filter->validateInput($dest_file,"path");
if (!$wp = @fopen($dest_file, 'wb')) {
fclose($fp);
if ($callback) {

5
gulliver/thirdparty/pear/PEAR/Installer.php vendored
View File

@@ -244,11 +244,16 @@ class PEAR_Installer extends PEAR_Common
if (isset($atts['md5sum'])) {
$md5sum = G::encryptOld($contents);
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$subst_from = $subst_to = array();
foreach ($atts['replacements'] as $a) {
$to = '';
if ($a['type'] == 'php-const') {
if (preg_match('/^[a-z0-9_]+$/i', $a['to'])) {
$a['to'] = $filter->validateInput($a['to']);
eval("\$to = $a[to];");
} else {
$this->log(0, "invalid php-const replacement: $a[to]");

27
gulliver/thirdparty/pear/PEAR/Registry.php vendored
View File

@@ -165,6 +165,19 @@ class PEAR_Registry extends PEAR
{
$this->_assertStateDir();
$file = $this->_packageFileName($package);
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$file = $filter->validateInput($file,"path");
$fp = @fopen($file, $mode);
if (!$fp) {
return null;
@@ -425,6 +438,20 @@ class PEAR_Registry extends PEAR
return $e;
}
$file = $this->_packageFileName($package);
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$file = $filter->validateInput($file,"path");
$ret = @unlink($file);
$this->rebuildFileMap();
$this->_unlock();

11
gulliver/thirdparty/pear/SOAP/Value.php vendored
View File

@@ -237,7 +237,16 @@ class SOAP_Attachment extends SOAP_Value
public function encryptOld($string)
{
return md5($string);
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
return G::encryptOld($string);
}
}

11
gulliver/thirdparty/pear/SOAP/WSDL.php vendored
View File

@@ -1106,7 +1106,16 @@ class SOAP_WSDL_Cache extends SOAP_Base
public function encryptOld($string)
{
return md5($string);
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
return G::encryptOld($string);
}
}

8
gulliver/thirdparty/phing/lib/Capsule.php vendored
View File

@@ -122,9 +122,17 @@ class Capsule {
// so that include "path/relative/to/templates"; can be used within templates
$__old_inc_path = ini_get('include_path');
$path = $this->templatePath . PATH_SEPARATOR . $__old_inc_path;
if(strpos($path,":")>0){
$firstPath = explode(":", $this->templatePath . PATH_SEPARATOR . $__old_inc_path);
if (is_dir($firstPath[0])) {
ini_set('include_path', $this->templatePath . PATH_SEPARATOR . $__old_inc_path);
}
} else {
if(is_dir($this->templatePath . PATH_SEPARATOR . $__old_inc_path)) {
ini_set('include_path', $this->templatePath . PATH_SEPARATOR . $__old_inc_path);
}
}
@ini_set('track_errors', true);
include $__template;

11
gulliver/thirdparty/phing/lib/Zip.php vendored
View File

@@ -3584,7 +3584,16 @@ class Archive_Zip
public function encryptCrc32($string)
{
return crc32($string);
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
return G::encryptCrc32($string);
}
}

11
gulliver/thirdparty/tcpdf/tcpdf.php vendored
View File

@@ -29708,7 +29708,16 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value:
public function encryptOld($string)
{
return md5($string);
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
return G::encryptOld($string);
}
} // END OF TCPDF CLASS

6
workflow/engine/bin/cron.php
View File

@@ -33,6 +33,12 @@ $e_all = defined('E_DEPRECATED') ? E_ALL & ~E_DEPRECATED : E_ALL;
$e_all = defined('E_STRICT') ? $e_all & ~E_STRICT : $e_all;
$e_all = $config['debug'] ? $e_all : $e_all & ~E_NOTICE;
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$config['debug'] = $filter->validateInput($config['debug']);
$config['memory_limit'] = $filter->validateInput($config['memory_limit']);
$config['wsdl_cache'] = $filter->validateInput($config['wsdl_cache'],'int');
$config['time_zone'] = $filter->validateInput($config['time_zone']);
// Do not change any of these settings directly, use env.ini instead
ini_set('display_errors', $config['debug']);
ini_set('error_reporting', $e_all);

6
workflow/engine/bin/cron_single.php
View File

@@ -90,6 +90,12 @@ if (!defined('PATH_HOME')) {
$e_all = defined('E_STRICT') ? $e_all & ~E_STRICT : $e_all;
$e_all = $config['debug'] ? $e_all : $e_all & ~E_NOTICE;
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$config['debug'] = $filter->validateInput($config['debug']);
$config['memory_limit'] = $filter->validateInput($config['memory_limit']);
$config['wsdl_cache'] = $filter->validateInput($config['wsdl_cache'],'int');
$config['time_zone'] = $filter->validateInput($config['time_zone']);
// Do not change any of these settings directly, use env.ini instead
ini_set('display_errors', $config['debug']);
ini_set('error_reporting', $e_all);

4
workflow/engine/bin/messageeventcron.php
View File

@@ -44,6 +44,10 @@ try {
$config = System::getSystemConfiguration();
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$config['time_zone'] = $filter->validateInput($config['time_zone']);
ini_set("date.timezone", $config["time_zone"]);
//CRON command options

5
workflow/engine/bin/messageeventcron_single.php
View File

@@ -91,6 +91,11 @@ try {
$e_all = (defined("E_STRICT"))? $e_all & ~E_STRICT : $e_all;
$e_all = ($config["debug"])? $e_all : $e_all & ~E_NOTICE;
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$config['debug'] = $filter->validateInput($config['debug']);
$config['wsdl_cache'] = $filter->validateInput($config['wsdl_cache'],'int');
$config['time_zone'] = $filter->validateInput($config['time_zone']);
//Do not change any of these settings directly, use env.ini instead
ini_set("display_errors", $config["debug"]);
ini_set("error_reporting", $e_all);

13
workflow/engine/bin/reindex_solr.php
View File

@@ -207,9 +207,16 @@ if (! defined ('SYS_SYS')) {
define ('TIME_ZONE', $config ['time_zone']);
date_default_timezone_set (TIME_ZONE);
print "TIME_ZONE: " . TIME_ZONE . "\n";
print "MEMCACHED_ENABLED: " . MEMCACHED_ENABLED . "\n";
print "MEMCACHED_SERVER: " . MEMCACHED_SERVER . "\n";
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$TIME_ZONE = $filter->xssFilterHard(TIME_ZONE);
$MEMCACHED_ENABLED = $filter->xssFilterHard(MEMCACHED_ENABLED);
$MEMCACHED_SERVER = $filter->xssFilterHard(MEMCACHED_SERVER);
print "TIME_ZONE: " . $TIME_ZONE . "\n";
print "MEMCACHED_ENABLED: " . $MEMCACHED_ENABLED . "\n";
print "MEMCACHED_SERVER: " . $MEMCACHED_SERVER . "\n";
// ****************************************
include_once (PATH_HOME . 'engine' . PATH_SEP . 'config' . PATH_SEP . 'paths_installed.php');

13
workflow/engine/bin/verify_solr.php
View File

@@ -139,9 +139,16 @@ if (! defined ('SYS_SYS')) {
define ('TIME_ZONE', $config ['time_zone']);
date_default_timezone_set (TIME_ZONE);
print "TIME_ZONE: " . TIME_ZONE . "\n";
print "MEMCACHED_ENABLED: " . MEMCACHED_ENABLED . "\n";
print "MEMCACHED_SERVER: " . MEMCACHED_SERVER . "\n";
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$TIME_ZONE = $filter->xssFilterHard(TIME_ZONE);
$MEMCACHED_ENABLED = $filter->xssFilterHard(MEMCACHED_ENABLED);
$MEMCACHED_SERVER = $filter->xssFilterHard(MEMCACHED_SERVER);
print "TIME_ZONE: " . $TIME_ZONE . "\n";
print "MEMCACHED_ENABLED: " . $MEMCACHED_ENABLED . "\n";
print "MEMCACHED_SERVER: " . $MEMCACHED_SERVER . "\n";
// ****************************************
include_once (PATH_HOME . 'engine' . PATH_SEP . 'config' . PATH_SEP . 'paths_installed.php');

12
workflow/engine/controllers/installer.php
View File

@@ -699,6 +699,9 @@ class Installer extends Controller
try {
$db_host = ($db_port != '' && $db_port != 3306) ? $db_hostname . ':' . $db_port : $db_hostname;
$db_host = $filter->validateInput($db_host);
$db_username = $filter->validateInput($db_username);
$db_password = $filter->validateInput($db_password);
$this->link = @mysql_connect( $db_host, $db_username, $db_password );
$this->installLog( G::LoadTranslation('ID_CONNECT_TO_SERVER', SYS_LANG, Array($db_hostname, $db_port, $db_username ) ));
@@ -1032,6 +1035,9 @@ class Installer extends Controller
try {
$db_host = ($db_port != '' && $db_port != 1433) ? $db_hostname . ':' . $db_port : $db_hostname;
$db_host = $filter->validateInput($db_host);
$db_username = $filter->validateInput($db_username);
$db_password = $filter->validateInput($db_password);
$this->link = @mssql_connect( $db_host, $db_username, $db_password );
$this->installLog( G::LoadTranslation('ID_CONNECT_TO_SERVER', SYS_LANG, Array( $db_hostname, $db_port, $db_username )) );
@@ -1231,6 +1237,9 @@ class Installer extends Controller
$info = new stdclass();
if ($_REQUEST['db_engine'] == 'mysql') {
$_REQUEST['db_hostname'] = $filter->validateInput($_REQUEST['db_hostname']);
$_REQUEST['db_username'] = $filter->validateInput($_REQUEST['db_username']);
$_REQUEST['db_password'] = $filter->validateInput($_REQUEST['db_password']);
$link = @mysql_connect( $_REQUEST['db_hostname'], $_REQUEST['db_username'], $_REQUEST['db_password'] );
$_REQUEST['wfDatabase'] = $filter->validateInput($_REQUEST['wfDatabase'], 'nosql');
$query = "show databases like '%s' ";
@@ -1296,6 +1305,7 @@ class Installer extends Controller
}
$db_host = ($db_port != '' && $db_port != 1433) ? $db_hostname . ':' . $db_port : $db_hostname;
$link = @mysql_connect( $db_host, $db_username, $db_password );
if (! $link) {
$info->message .= G::LoadTranslation('ID_MYSQL_CREDENTIALS_WRONG');
@@ -1348,6 +1358,7 @@ class Installer extends Controller
}
$db_host = ($db_port != '' && $db_port != 1433) ? $db_hostname . ':' . $db_port : $db_hostname;
$link = @mssql_connect( $db_host, $db_username, $db_password );
if (! $link) {
$info->message .= G::LoadTranslation('ID_MYSQL_CREDENTIALS_WRONG');
@@ -1661,6 +1672,7 @@ class Installer extends Controller
$wf = trim( $_REQUEST['wfDatabase'] );
$db_host = ($db_port != '' && $db_port != 3306) ? $db_hostname . ':' . $db_port : $db_hostname;
$link = @mysql_connect( $db_host, $db_username, $db_password );
@mysql_select_db($wf, $link);
$res = mysql_query( "SELECT STORE_ID FROM ADDONS_MANAGER WHERE ADDON_NAME = '" . $namePlugin . "'", $link );

5
workflow/engine/methods/setup/setup.php
View File

@@ -33,7 +33,6 @@ G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_GET['i18'] = $filter->xssFilterHard($_GET['i18']);
$_GET['newSite'] = $filter->xssFilterHard($_GET['newSite']);
$_GET['module'] = $filter->xssFilterHard($_GET['module']);
if (($RBAC_Response = $RBAC->userCanAccess( "PM_SETUP" )) != 1)
return $RBAC_Response;
@@ -78,10 +77,10 @@ foreach ($toolItems as $item) {
$G_PUBLISH->AddContent( 'template', '', '', '', $template );
G::RenderPage( 'publish' );
if (isset( $_GET['module'] )) {
$module = $filter->xssFilterHard($_GET['module']);
print "
<script>
admToolsContent.location='" . $_GET['module'] . "';
admToolsContent.location='" . $module . "';
</script>
";
}

9
workflow/engine/methods/setup/skin_Ajax.php
View File

@@ -319,9 +319,9 @@ function importSkin ()
function exportSkin ($skinToExport = "")
{
try {
G::LoadSystem('inputfilter');
$filter = new InputFilter();
try {
if (! isset( $_REQUEST['SKIN_FOLDER_ID'] )) {
throw (new Exception( G::LoadTranslation( 'ID_SKIN_NAME_REQUIRED' ) ));
}
@@ -356,19 +356,23 @@ function exportSkin ($skinToExport = "")
$response['success'] = true;
$response['message'] = $skinTar;
G::auditLog("ExportSkin", "Skin Name: ".$skinName);
$response = $filter->xssFilterHard($response);
print_r( G::json_encode( $response ) );
} catch (Exception $e) {
$response['success'] = false;
$response['message'] = $e->getMessage();
$response = $filter->xssFilterHard($response);
print_r( G::json_encode( $response ) );
}
}
function deleteSkin ()
{
try {
G::LoadSystem('inputfilter');
$filter = new InputFilter();
try {
$_REQUEST['SKIN_FOLDER_ID'] = $filter->xssFilterHard($_REQUEST['SKIN_FOLDER_ID']);
if (! (isset( $_REQUEST['SKIN_FOLDER_ID'] ))) {
@@ -389,6 +393,7 @@ function deleteSkin ()
} catch (Exception $e) {
$response['success'] = false;
$response['error'] = $response['message'] = $e->getMessage();
$response = $filter->xssFilterHard($response);
print_r( G::json_encode( $response ) );
}
}

6
workflow/engine/src/ProcessMaker/BusinessModel/Consolidated.php
View File

@@ -324,10 +324,14 @@ class Consolidated
}
}
G::LoadSystem('inputfilter');
$filter = new \InputFilter();
if ($sort != "") {
$reportTable = new ReportTables();
$arrayReportTableVar = $reportTable->getTableVars($tableUid);
$tableName = $filter->validateInput($tableName);
$sort = $filter->validateInput($sort);
if (in_array($sort, $arrayReportTableVar)) {
$sort = strtoupper($sort);
eval("\$field = " . $tableName . "Peer::" . $sort . ";");

3
workflow/engine/test/bootstrap/unit.php
View File

@@ -61,8 +61,9 @@
//$_test_dir = realpath(dirname(__FILE__).'/..');
//require_once( 'lime/lime.php');
if(file_exists(PATH_GULLIVER . "class.bootstrap.php")) {
require_once (PATH_GULLIVER . "class.bootstrap.php");
}
spl_autoload_register(array('Bootstrap', 'autoloadClass'));
Bootstrap::registerClass('G', PATH_GULLIVER . "class.g.php");
Bootstrap::registerClass('System', PATH_HOME . "engine/classes/class.system.php");

7
workflow/public_html/bootstrap.php
View File

@@ -69,6 +69,13 @@
//$e_all = $config['debug'] ? $e_all : $e_all & ~E_NOTICE;
//$e_all = E_ALL & ~ E_DEPRECATED & ~ E_STRICT & ~ E_NOTICE & ~E_WARNING;
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$config['display_errors'] = $filter->validateInput($config['display_errors']);
$config['error_reporting'] = $filter->validateInput($config['error_reporting']);
$config['memory_limit'] = $filter->validateInput($config['memory_limit']);
$config['wsdl_cache'] = $filter->validateInput($config['wsdl_cache'],'int');
$config['time_zone'] = $filter->validateInput($config['time_zone']);
// Do not change any of these settings directly, use env.ini instead
ini_set( 'display_errors', $config['display_errors']);
ini_set( 'error_reporting', $config['error_reporting']);

22
workflow/public_html/sysGeneric.php
View File

@@ -303,6 +303,20 @@ session_start();
//$e_all = $config['debug'] ? $e_all : $e_all & ~ E_NOTICE;
//$e_all = E_ALL & ~ E_DEPRECATED & ~ E_STRICT & ~ E_NOTICE & ~E_WARNING;
//Call Gulliver Classes
Bootstrap::LoadThirdParty("smarty/libs", "Smarty.class");
//Loading the autoloader libraries feature
Bootstrap::registerSystemClasses();
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$config['display_errors'] = $filter->validateInput($config['display_errors']);
$config['error_reporting'] = $filter->validateInput($config['error_reporting']);
$config['memory_limit'] = $filter->validateInput($config['memory_limit']);
$config['wsdl_cache'] = $filter->validateInput($config['wsdl_cache'],'int');
$config['time_zone'] = $filter->validateInput($config['time_zone']);
// Do not change any of these settings directly, use env.ini instead
ini_set( 'display_errors', $config['display_errors']);
ini_set( 'error_reporting', $config['error_reporting']);
@@ -334,15 +348,7 @@ define( 'PATH_C', (rtrim( Bootstrap::sys_get_temp_dir(), PATH_SEP ) . PATH_SEP)
define( 'PATH_LANGUAGECONT', PATH_HOME . 'engine/content/languages/' );
}
//Call Gulliver Classes
Bootstrap::LoadThirdParty("smarty/libs", "Smarty.class");
//Loading the autoloader libraries feature
Bootstrap::registerSystemClasses();
//Load filter class
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$skinPathErrors = G::skinGetPathToSrcByVirtualUri("errors", $config);
$skinPathUpdate = G::skinGetPathToSrcByVirtualUri("update", $config);