Merged in paulis/processmaker/PM-VERACODE-8 (pull request #1702)
I completed the SQL Injection Hight and I reviewed the XSS - MEDIUM in files
This commit is contained in:
Julio Cesar Laura Avendaño
@@ -1,4 +1,9 @@
|
||||
<?php
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
$_REQUEST = $filter->xssFilterHard($_REQUEST);
|
||||
$_SESSION = $filter->xssFilterHard($_SESSION);
|
||||
if (!isset($_SESSION['USER_LOGGED'])) {
|
||||
$res = new stdclass();
|
||||
$res->message = G::LoadTranslation('ID_LOGIN_AGAIN');
|
||||
@@ -215,6 +220,11 @@ function lookinginforContentProcess ($sproUid)
|
||||
function startCase ()
|
||||
{
|
||||
G::LoadClass( 'case' );
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
$_REQUEST = $filter->xssFilterHard($_REQUEST);
|
||||
$_SESSION = $filter->xssFilterHard($_SESSION);
|
||||
|
||||
/* GET , POST & $_SESSION Vars */
|
||||
/* unset any variable, because we are starting a new case */
|
||||
@@ -241,6 +251,7 @@ function startCase ()
|
||||
lookinginforContentProcess( $_POST['processId'] );
|
||||
|
||||
$aData = $oCase->startCase( $_REQUEST['taskId'], $_SESSION['USER_LOGGED'] );
|
||||
$aData = $filter->xssFilterHard($aData);
|
||||
|
||||
$_SESSION['APPLICATION'] = $aData['APPLICATION'];
|
||||
$_SESSION['INDEX'] = $aData['INDEX'];
|
||||
|
||||
@@ -30,6 +30,11 @@
|
||||
* @Param var action from POST request
|
||||
*/
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
$_SESSION = $filter->xssFilterHard($_SESSION);
|
||||
|
||||
if (isset( $_POST['action'] ) || isset( $_POST['function'] )) {
|
||||
$action = (isset( $_POST['action'] )) ? $_POST['action'] : $_POST['function'];
|
||||
} else {
|
||||
|
||||
@@ -24,6 +24,9 @@
|
||||
|
||||
require_once (PATH_RBAC . "model/RolesPeer.php");
|
||||
G::LoadClass( 'ArrayPeer' );
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
|
||||
isset( $_POST['textFilter'] ) ? $filter = $_POST['textFilter'] : $filter = '';
|
||||
|
||||
|
||||
@@ -22,6 +22,10 @@
|
||||
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
||||
*/
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_GET = $filter->xssFilterHard($_GET);
|
||||
$_REQUEST = $filter->xssFilterHard($_REQUEST);
|
||||
$ROL_UID = $_GET['rUID'];
|
||||
$TYPE_DATA = $_GET["type"];
|
||||
|
||||
|
||||
@@ -122,7 +122,10 @@ abstract class CURLMessage
|
||||
*/
|
||||
public function displayResponse ()
|
||||
{
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$error = curl_error( $this->ch );
|
||||
$error = $filter->xssFilterHard($error);
|
||||
$result = array ('header' => '','body' => '','curl_error' => '','http_code' => '','last_url' => ''
|
||||
);
|
||||
if ($error != "") {
|
||||
@@ -130,12 +133,15 @@ abstract class CURLMessage
|
||||
return $result;
|
||||
}
|
||||
$response = $this->output;
|
||||
$response = $filter->xssFilterHard($response);
|
||||
$header_size = curl_getinfo( $this->ch, CURLINFO_HEADER_SIZE );
|
||||
$result['header'] = substr( $response, 0, $header_size );
|
||||
$result['body'] = substr( $response, $header_size );
|
||||
$result['http_code'] = curl_getinfo( $this->ch, CURLINFO_HTTP_CODE );
|
||||
$result['last_url'] = curl_getinfo( $this->ch, CURLINFO_EFFECTIVE_URL );
|
||||
$result = $filter->xssFilterHard($result);
|
||||
|
||||
$this->type = $filter->xssFilterHard($this->type);
|
||||
echo $this->type . " Response: " . $response . "<BR>";
|
||||
foreach ($result as $index => $data) {
|
||||
if ($data != "") {
|
||||
|
||||
@@ -61,12 +61,17 @@ a.krumo-name {
|
||||
</style>
|
||||
<?php
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
$_SESSION = $filter->xssFilterHard($_SESSION);
|
||||
if (isset( $_POST["epr"] )) {
|
||||
$_SESSION['END_POINT'] = $_POST["epr"];
|
||||
}
|
||||
$endpoint = isset( $_SESSION['END_POINT'] ) ? $_SESSION['END_POINT'] : 'http://sugar.opensource.colosa.net/soap.php';
|
||||
|
||||
$endpoint = $filter->xssFilterHard($endpoint);
|
||||
$sessionId = isset( $_SESSION['SESSION_ID'] ) ? $_SESSION['SESSION_ID'] : '';
|
||||
$sessionId = $filter->xssFilterHard($sessionId);
|
||||
?>
|
||||
<form method="post" action="">
|
||||
|
||||
|
||||
Reference in New Issue
Block a user