From 4bc49c7568c4b72434a4d43d9025a203908a2442 Mon Sep 17 00:00:00 2001 From: "Paula V. Quispe" Date: Mon, 16 Mar 2015 15:24:35 -0400 Subject: [PATCH] I reviewed the XSS - MEDIUM in 7 files --- gulliver/bin/tasks/pakeGulliver.php | 11 ++++++++++- gulliver/system/class.dbconnection.php | 6 +++++- gulliver/system/class.g.php | 19 ++++++++++++++++--- .../methods/appFolder/appFolderAjax.php | 5 +++++ .../engine/methods/setup/appCacheViewAjax.php | 5 ++++- .../templates/appFolder/appFolderTree.php | 4 +++- .../engine/templates/oauth2/authorize.php | 7 +++++-- 7 files changed, 48 insertions(+), 9 deletions(-) diff --git a/gulliver/bin/tasks/pakeGulliver.php b/gulliver/bin/tasks/pakeGulliver.php index 4160cc929..747897e4b 100755 --- a/gulliver/bin/tasks/pakeGulliver.php +++ b/gulliver/bin/tasks/pakeGulliver.php @@ -920,6 +920,8 @@ function run_create_poedit_file($task, $args) { G::LoadSystem('xmlform'); G::LoadSystem('xmlformExtension'); G::LoadSystem('form'); + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); $langIdOut = $langId; //the output language, later we'll include the country too. $exceptionFields = array ( @@ -993,18 +995,25 @@ function run_create_poedit_file($task, $args) { } else { + $xmlfile = $filter->xssFilterHard($xmlfile); + $exceptionFields = $filter->xssFilterHard($exceptionFields); if( is_object($node) && ! in_array($node->type, $exceptionFields) ) { if( isset($node->value) && strpos($node->value, 'G::LoadTranslation') !== false ) { $exceptIndex ++; //print ($node->value); } else { + $node->name = $filter->xssFilterHard($node->name); + $node->type = $filter->xssFilterHard($node->type); printf("Error: xmlform %s has no english definition for %s [%s]\n", pakeColor::colorize($xmlfile, 'ERROR'), pakeColor::colorize($node->name, 'INFO'), pakeColor::colorize($node->type, 'INFO')); $xmlError ++; } } else { $exceptIndex ++; - if( $verboseFlag ) + if( $verboseFlag ){ + $node->name = $filter->xssFilterHard($node->name); + $node->type = $filter->xssFilterHard($node->type); printf("%s %s in %s\n", $node->type, pakeColor::colorize($node->name, 'INFO'), pakeColor::colorize($xmlfile, 'INFO')); + } } } } diff --git a/gulliver/system/class.dbconnection.php b/gulliver/system/class.dbconnection.php index 68fc68894..8204350af 100755 --- a/gulliver/system/class.dbconnection.php +++ b/gulliver/system/class.dbconnection.php @@ -186,6 +186,10 @@ class DBConnection { global $_SESSION; global $_SERVER; + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $_SERVER = $filter->xssFilterHard($_SERVER); + $_SESSION = $filter->xssFilterHard($_SESSION); if (is_null( $errorLevel )) if (isset( $this->errorLevel )) { $errorLevel = $this->errorLevel; @@ -207,7 +211,7 @@ class DBConnection print ""; } //G::setErrorHandler ( ); - G::customErrorLog( 'DB_Error', $obj->code . ' ' . $obj->message . '-' . $obj->userinfo, '', '' ); + //G::customErrorLog( 'DB_Error', $obj->code . ' ' . $obj->message . '-' . $obj->userinfo, '', '' ); if ($errorLevel == DB_ERROR_SHOW_AND_STOP || $errorLevel == DB_ERROR_SHOWALL_AND_STOP) { die(); //stop } diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php index bfe345203..c299e5858 100755 --- a/gulliver/system/class.g.php +++ b/gulliver/system/class.g.php @@ -1073,7 +1073,13 @@ class G */ public static function streamFile ($file, $download = false, $downloadFileName = '') { - require_once (PATH_THIRDPARTY . 'jsmin/jsmin.php'); + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $file = $filter->xssFilterHard($file); + if(isset($_SERVER['REQUEST_URI'])) { + $_SERVER['REQUEST_URI'] = $filter->xssFilterHard($_SERVER['REQUEST_URI'],"url"); + } + require_once (PATH_THIRDPARTY . 'jsmin/jsmin.php'); $folderarray = explode( '/', $file ); $typearray = explode( '.', basename( $file ) ); $typefile = $typearray[count( $typearray ) - 1]; @@ -1081,8 +1087,11 @@ class G //trick to generate the translation.language.js file , merging two files if (strtolower( $typefile ) == 'js' && $typearray[0] == 'translation') { - G::sendHeaders( $filename, 'text/javascript', $download, $downloadFileName ); + $download = $filter->xssFilterHard($download); + $downloadFileName = $filter->xssFilterHard($downloadFileName); + G::sendHeaders( $filename, 'text/javascript', $download, $downloadFileName ); $output = G::streamJSTranslationFile( $filename, $typearray[1] ); + $output = $filter->xssFilterHard($output); print $output; return; } @@ -1091,6 +1100,7 @@ class G if (strtolower( $typefile ) == 'css' && $folderarray[count( $folderarray ) - 2] == 'css') { G::sendHeaders( $filename, 'text/css', $download, $downloadFileName ); $output = G::streamCSSBigFile( $typearray[0] ); + $output = $filter->xssFilterHard($output); print $output; return; } @@ -3140,7 +3150,10 @@ class G */ public function pr ($var) { - print ("
") ;
+        G::LoadSystem('inputfilter');
+		$filter = new InputFilter();
+		$var = $filter->xssFilterHard($var);
+		print ("
") ;
         print_r( $var );
         print ("
") ;
     }
diff --git a/workflow/engine/methods/appFolder/appFolderAjax.php b/workflow/engine/methods/appFolder/appFolderAjax.php
index c6aa461ac..4b7903472 100755
--- a/workflow/engine/methods/appFolder/appFolderAjax.php
+++ b/workflow/engine/methods/appFolder/appFolderAjax.php
@@ -1,4 +1,9 @@
 xssFilterHard($_POST);
+$_GET = $filter->xssFilterHard($_GET);
+$_REQUEST = $filter->xssFilterHard($_REQUEST);
 if (! isset ($_SESSION ['USER_LOGGED'])) {
     $res ['success'] = false;
     $res ['error'] = G::LoadTranslation('ID_LOGIN_AGAIN');
diff --git a/workflow/engine/methods/setup/appCacheViewAjax.php b/workflow/engine/methods/setup/appCacheViewAjax.php
index 20219c812..5b2304b60 100755
--- a/workflow/engine/methods/setup/appCacheViewAjax.php
+++ b/workflow/engine/methods/setup/appCacheViewAjax.php
@@ -1,6 +1,9 @@
 xssFilterHard($_POST);
+$_GET = $filter->xssFilterHard($_GET);
 $request = isset( $_POST['request'] ) ? $_POST['request'] : (isset( $_GET['request'] ) ? $_GET['request'] : null);
 
 function testConnection($type, $server, $user, $passwd, $port = 'none', $dbName = "")
diff --git a/workflow/engine/templates/appFolder/appFolderTree.php b/workflow/engine/templates/appFolder/appFolderTree.php
index eb3b7a498..e16c280bd 100755
--- a/workflow/engine/templates/appFolder/appFolderTree.php
+++ b/workflow/engine/templates/appFolder/appFolderTree.php
@@ -56,7 +56,9 @@ $html = '
      }
  return 'Unknown';
  }
-
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$_SERVER['HTTP_USER_AGENT'] = $filter->xssFilterHard($_SERVER['HTTP_USER_AGENT']);
 if((looking_for_browser($_SERVER['HTTP_USER_AGENT'])=='Internet Explorer 8')||(looking_for_browser($_SERVER['HTTP_USER_AGENT'])=='Internet Explorer 7')||(looking_for_browser($_SERVER['HTTP_USER_AGENT'])=='Internet Explorer 6')){
     $html.="
         

diff --git a/workflow/engine/templates/oauth2/authorize.php b/workflow/engine/templates/oauth2/authorize.php
index 1ef64b46e..a8801b103 100644
--- a/workflow/engine/templates/oauth2/authorize.php
+++ b/workflow/engine/templates/oauth2/authorize.php
@@ -1,6 +1,9 @@
 xssFilterHard($_GET,"url");
+$_SERVER["QUERY_STRING"] = $filter->xssFilterHard($_SERVER["QUERY_STRING"],"url");
 
 list($host, $port) = strpos(DB_HOST, ':') !== false ? explode(':', DB_HOST) : array(DB_HOST, '');
 $port = empty($port) ? '' : ";port=$port";
@@ -34,7 +37,7 @@ $response = array(
     'supportedScope' => $this->scope,
     'requestedScope' => $requestedScope
 );
-
+$response = $filter->xssFilterHard($response,"url");
 ?>