Merged in paulis/processmaker/PM-VERACODE-10 (pull request #1721)
I completed the XSS - MEDIUM in files
This commit is contained in:
Julio Cesar Laura Avendaño
@@ -502,6 +502,8 @@ function fieldReset($translation)
|
||||
|
||||
function fieldComplete($translation)
|
||||
{
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
global $action;
|
||||
|
||||
$arrayField = getDefaultFields($action, $translation);
|
||||
@@ -509,10 +511,15 @@ function fieldComplete($translation)
|
||||
|
||||
//Get values from JSON request
|
||||
$first = G::json_decode((isset($_POST["first"]))? $_POST["first"] : G::json_encode(array()));
|
||||
$first = $filter->xssFilterHard($first);
|
||||
$second = G::json_decode((isset($_POST["second"]))? $_POST["second"] : G::json_encode(array()));
|
||||
$second = $filter->xssFilterHard($second);
|
||||
$pmtable = (isset($_POST["pmtable"]))? $_POST["pmtable"] : "";
|
||||
$pmtable = $filter->xssFilterHard($pmtable);
|
||||
$rowsperpage = (isset($_POST["rowsperpage"]))? $_POST["rowsperpage"] : $arrayConfig["rowsperpage"];
|
||||
$rowsperpage = $filter->xssFilterHard($rowsperpage);
|
||||
$dateformat = (isset($_POST["dateformat"]) && !empty($_POST["dateformat"]))? $_POST["dateformat"] : $arrayConfig["dateformat"];
|
||||
$dateformat = $filter->xssFilterHard($dateformat);
|
||||
|
||||
//Complete fields
|
||||
foreach ($first as $index1 => $value1) {
|
||||
@@ -560,17 +567,24 @@ function fieldComplete($translation)
|
||||
|
||||
function fieldLabelReset($translation)
|
||||
{
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
global $action;
|
||||
|
||||
$arrayField = getDefaultFields($action, $translation);
|
||||
$arrayConfig = getDefaultConfig($action, $translation);
|
||||
|
||||
//Get values from JSON request
|
||||
$first = G::json_decode((isset($_POST["first"]))? $_POST["first"] : G::json_encode(array()));
|
||||
$second = G::json_decode((isset($_POST["second"]))? $_POST["second"] : G::json_encode(array()));
|
||||
$pmtable = (isset($_POST["pmtable"]))? $_POST["pmtable"] : "";
|
||||
$first = G::json_decode((isset($_POST["first"]))? $_POST["first"] : G::json_encode(array()));
|
||||
$first = $filter->xssFilterHard($first);
|
||||
$second = G::json_decode((isset($_POST["second"]))? $_POST["second"] : G::json_encode(array()));
|
||||
$second = $filter->xssFilterHard($second);
|
||||
$pmtable = (isset($_POST["pmtable"]))? $_POST["pmtable"] : "";
|
||||
$pmtable = $filter->xssFilterHard($pmtable);
|
||||
$rowsperpage = (isset($_POST["rowsperpage"]))? $_POST["rowsperpage"] : $arrayConfig["rowsperpage"];
|
||||
$rowsperpage = $filter->xssFilterHard($rowsperpage);
|
||||
$dateformat = (isset($_POST["dateformat"]) && !empty($_POST["dateformat"]))? $_POST["dateformat"] : $arrayConfig["dateformat"];
|
||||
$dateformat = $filter->xssFilterHard($dateformat);
|
||||
|
||||
//Reset label's fields
|
||||
foreach ($second as $index1 => $value1) {
|
||||
@@ -592,6 +606,8 @@ function fieldLabelReset($translation)
|
||||
|
||||
function fieldSave()
|
||||
{
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
global $conf;
|
||||
global $action;
|
||||
|
||||
@@ -599,11 +615,15 @@ function fieldSave()
|
||||
$arrayConfig = getDefaultConfig($action, 0);
|
||||
|
||||
//Get values from JSON request
|
||||
$first = G::json_decode((isset($_POST["first"]))? $_POST["first"] : G::json_encode(array()));
|
||||
$second = G::json_decode((isset($_POST["second"]))? $_POST["second"] : G::json_encode(array()));
|
||||
$pmtable = (isset($_POST["pmtable"]))? $_POST["pmtable"] : "";
|
||||
$first = G::json_decode((isset($_POST["first"]))? $_POST["first"] : G::json_encode(array()));
|
||||
$first = $filter->xssFilterHard($first);
|
||||
$second = G::json_decode((isset($_POST["second"]))? $_POST["second"] : G::json_encode(array()));
|
||||
$pmtable = (isset($_POST["pmtable"]))? $_POST["pmtable"] : "";
|
||||
$pmtable = $filter->xssFilterHard($pmtable);
|
||||
$rowsperpage = (isset($_POST["rowsperpage"]))? $_POST["rowsperpage"] : $arrayConfig["rowsperpage"];
|
||||
$rowsperpage = $filter->xssFilterHard($rowsperpage);
|
||||
$dateformat = (isset($_POST["dateformat"]) && !empty($_POST["dateformat"]))? $_POST["dateformat"] : $arrayConfig["dateformat"];
|
||||
$dateformat = $filter->xssFilterHard($dateformat);
|
||||
|
||||
//Adding the key fields to second array
|
||||
//Required fields for AppCacheView.php - addPMFieldsToCriteria()
|
||||
|
||||
@@ -1,12 +1,22 @@
|
||||
<?php
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_SESSION['USER_LOGGED'] = $filter->xssFilterHard($_SESSION['USER_LOGGED']);
|
||||
|
||||
$callback = isset($_POST['callback']) ? $_POST['callback'] : 'stcCallback1001';
|
||||
$dir = isset($_POST['dir']) ? $_POST['dir'] : 'DESC';
|
||||
$sort = isset($_POST['sort']) ? $_POST['sort'] : '';
|
||||
$query = isset($_POST['query']) ? $_POST['query'] : '';
|
||||
$callback = $filter->xssFilterHard($callback);
|
||||
$dir = isset($_POST['dir']) ? $_POST['dir'] : 'DESC';
|
||||
$dir = $filter->xssFilterHard($dir);
|
||||
$sort = isset($_POST['sort']) ? $_POST['sort'] : '';
|
||||
$sort = $filter->xssFilterHard($sort);
|
||||
$query = isset($_POST['query']) ? $_POST['query'] : '';
|
||||
$query = $filter->xssFilterHard($query);
|
||||
$option = '';
|
||||
|
||||
if ( isset($_GET['t'] ) ) {
|
||||
$option = $_GET['t'];
|
||||
$option = $filter->xssFilterHard($option);
|
||||
}
|
||||
|
||||
try {
|
||||
|
||||
@@ -5,12 +5,21 @@
|
||||
* and open the template in the editor.
|
||||
*/
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
|
||||
$callback = isset($_POST['callback']) ? $_POST['callback'] : 'stcCallback1001';
|
||||
$callback = $filter->xssFilterHard($callback);
|
||||
$dir = isset($_POST['dir']) ? $_POST['dir'] : 'DESC';
|
||||
$dir = $filter->xssFilterHard($dir);
|
||||
$sort = isset($_POST['sort']) ? $_POST['sort'] : '';
|
||||
$sort = $filter->xssFilterHard($sort);
|
||||
$query = isset($_POST['query']) ? $_POST['query'] : '';
|
||||
$query = $filter->xssFilterHard($query);
|
||||
$tabUid = isset($_POST['table']) ? $_POST['table'] : '';
|
||||
$tabUid = $filter->xssFilterHard($tabUid);
|
||||
$action = isset($_POST['action']) ? $_POST['action'] : 'todo';
|
||||
$action = $filter->xssFilterHard($action);
|
||||
|
||||
try {
|
||||
G::LoadClass("BasePeer" );
|
||||
|
||||
@@ -1,4 +1,11 @@
|
||||
<?php
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
$_SESSION['USER_LOGGED'] = $filter->xssFilterHard($_SESSION['USER_LOGGED']);
|
||||
$_GET['t'] = $filter->xssFilterHard($_GET['t']);
|
||||
|
||||
$callback = isset( $_POST['callback'] ) ? $_POST['callback'] : 'stcCallback1001';
|
||||
$dir = isset( $_POST['dir'] ) ? $_POST['dir'] : 'DESC';
|
||||
$sort = isset( $_POST['sort'] ) ? $_POST['sort'] : '';
|
||||
|
||||
@@ -35,6 +35,10 @@
|
||||
*/
|
||||
|
||||
G::LoadClass( 'xmlfield_InputPM' );
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
|
||||
$aFields = getDynaformsVars( $_POST['sProcess'], true, isset( $_POST['bIncMulSelFields'] ) ? $_POST['bIncMulSelFields'] : 0 );
|
||||
$aType = $_POST['type'];
|
||||
|
||||
|
||||
@@ -1,3 +1,19 @@
|
||||
<?php
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
if(isset($_GET['srv'])) {
|
||||
$_GET['srv'] = $filter->xssFilterHard($_GET['srv']);
|
||||
}
|
||||
if(isset($_GET['usr'])) {
|
||||
$_GET['usr'] = $filter->xssFilterHard($_GET['usr']);
|
||||
}
|
||||
if(isset($_GET['pass'])) {
|
||||
$_GET['pass'] = $filter->xssFilterHard($_GET['pass']);
|
||||
}
|
||||
if(isset($_GET['gen'])) {
|
||||
$_GET['gen'] = $filter->xssFilterHard($_GET['gen']);
|
||||
}
|
||||
?>
|
||||
<form action="r">
|
||||
Server: <input type="text" name="srv"
|
||||
value="<?php echo isset($_GET['srv'])?$_GET['srv']:'';?>"> User: <input
|
||||
|
||||
@@ -1,12 +1,17 @@
|
||||
<?php
|
||||
|
||||
ini_set("max_execution_time", 0);
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_FILES = $filter->xssFilterHard($_FILES);
|
||||
$_SESSION['USER_LOGGED'] = $filter->xssFilterHard($_SESSION['USER_LOGGED']);
|
||||
|
||||
if (isset($_FILES["PROCESS_FILENAME"]) &&
|
||||
pathinfo($_FILES["PROCESS_FILENAME"]["name"], PATHINFO_EXTENSION) == "bpmn"
|
||||
) {
|
||||
try {
|
||||
$createMode = $_REQUEST["createMode"];
|
||||
$createMode = $filter->xssFilterHard($createMode);
|
||||
$name = pathinfo($_FILES["PROCESS_FILENAME"]["name"], PATHINFO_FILENAME);
|
||||
$data = array(
|
||||
"type" => "bpmnProject",
|
||||
|
||||
@@ -45,7 +45,10 @@ if ($access != 1) {
|
||||
}
|
||||
}
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$form = $_POST['form'];
|
||||
$form = $filter->xssFilterHard($form);
|
||||
|
||||
//$tasUid = $form['TASKS'];
|
||||
$tasUid = $form['TAS_PARENT'];
|
||||
|
||||
@@ -29,6 +29,12 @@
|
||||
* @date Apr 5th, 2010
|
||||
*/
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_GET['i18'] = $filter->xssFilterHard($_GET['i18']);
|
||||
$_GET['newSite'] = $filter->xssFilterHard($_GET['newSite']);
|
||||
$_GET['module'] = $filter->xssFilterHard($_GET['module']);
|
||||
|
||||
if (($RBAC_Response = $RBAC->userCanAccess( "PM_SETUP" )) != 1)
|
||||
return $RBAC_Response;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user