fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I reviewed the XSS - MEDIUM in 7 files

Browse Source
This commit is contained in:
Paula V. Quispe
2015-03-16 15:24:35 -04:00
parent 73995ac40b
commit 4bc49c7568
7 changed files with 48 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
gulliver/bin/tasks/pakeGulliver.php
View File

@@ -920,6 +920,8 @@ function run_create_poedit_file($task, $args) {
G::LoadSystem('xmlform');
G::LoadSystem('xmlformExtension');
G::LoadSystem('form');
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$langIdOut = $langId; //the output language, later we'll include the country too.
$exceptionFields = array (
@@ -993,18 +995,25 @@ function run_create_poedit_file($task, $args) {
}
else {
$xmlfile = $filter->xssFilterHard($xmlfile);
$exceptionFields = $filter->xssFilterHard($exceptionFields);
if( is_object($node) && ! in_array($node->type, $exceptionFields) ) {
if( isset($node->value) && strpos($node->value, 'G::LoadTranslation') !== false ) {
$exceptIndex ++;
//print ($node->value);
} else {
$node->name = $filter->xssFilterHard($node->name);
$node->type = $filter->xssFilterHard($node->type);
printf("Error: xmlform %s has no english definition for %s [%s]\n", pakeColor::colorize($xmlfile, 'ERROR'), pakeColor::colorize($node->name, 'INFO'), pakeColor::colorize($node->type, 'INFO'));
$xmlError ++;
}
} else {
$exceptIndex ++;
if( $verboseFlag )
if( $verboseFlag ){
$node->name = $filter->xssFilterHard($node->name);
$node->type = $filter->xssFilterHard($node->type);
printf("%s %s in %s\n", $node->type, pakeColor::colorize($node->name, 'INFO'), pakeColor::colorize($xmlfile, 'INFO'));
}
}
}
}