I reviewed the XSS - MEDIUM in 7 files

2015-03-16 15:24:35 -04:00
parent 73995ac40b
commit 4bc49c7568
7 changed files with 48 additions and 9 deletions
--- a/gulliver/bin/tasks/pakeGulliver.php
+++ b/gulliver/bin/tasks/pakeGulliver.php
@@ -920,6 +920,8 @@ function run_create_poedit_file($task, $args) {
  G::LoadSystem('xmlform');
  G::LoadSystem('xmlformExtension');
  G::LoadSystem('form');
+  G::LoadSystem('inputfilter');
+  $filter = new InputFilter();

  $langIdOut = $langId; //the output language, later we'll include the country too.
  $exceptionFields = array (
@@ -993,18 +995,25 @@ function run_create_poedit_file($task, $args) {
      }

      else {
+        $xmlfile = $filter->xssFilterHard($xmlfile);
+        $exceptionFields = $filter->xssFilterHard($exceptionFields);
        if( is_object($node) && ! in_array($node->type, $exceptionFields) ) {
          if( isset($node->value) && strpos($node->value, 'G::LoadTranslation') !== false ) {
            $exceptIndex ++;
            //print ($node->value);
          } else {
+            $node->name = $filter->xssFilterHard($node->name);
+            $node->type = $filter->xssFilterHard($node->type);
            printf("Error: xmlform %s has no english definition for %s [%s]\n", pakeColor::colorize($xmlfile, 'ERROR'), pakeColor::colorize($node->name, 'INFO'), pakeColor::colorize($node->type, 'INFO'));
            $xmlError ++;
          }
        } else {
          $exceptIndex ++;
-          if( $verboseFlag )
+          if( $verboseFlag ){
+            $node->name = $filter->xssFilterHard($node->name);
+            $node->type = $filter->xssFilterHard($node->type);
            printf("%s %s in %s\n", $node->type, pakeColor::colorize($node->name, 'INFO'), pakeColor::colorize($xmlfile, 'INFO'));
+          }
        }
      }
    }
--- a/gulliver/system/class.dbconnection.php
+++ b/gulliver/system/class.dbconnection.php
@@ -186,6 +186,10 @@ class DBConnection
    {
        global $_SESSION;
        global $_SERVER;
+        G::LoadSystem('inputfilter');
+        $filter = new InputFilter();
+        $_SERVER = $filter->xssFilterHard($_SERVER);
+        $_SESSION = $filter->xssFilterHard($_SESSION);
        if (is_null( $errorLevel ))
        if (isset( $this->errorLevel )) {
            $errorLevel = $this->errorLevel;
@@ -207,7 +211,7 @@ class DBConnection
            print "</textarea></td></tr></table>";
        }
        //G::setErrorHandler ( );
-        G::customErrorLog( 'DB_Error', $obj->code . ' ' . $obj->message . '-' . $obj->userinfo, '', '' );
+        //G::customErrorLog( 'DB_Error', $obj->code . ' ' . $obj->message . '-' . $obj->userinfo, '', '' );
        if ($errorLevel == DB_ERROR_SHOW_AND_STOP || $errorLevel == DB_ERROR_SHOWALL_AND_STOP) {
            die(); //stop
        }
--- a/gulliver/system/class.g.php
+++ b/gulliver/system/class.g.php
@@ -1073,7 +1073,13 @@ class G
     */
    public static function streamFile ($file, $download = false, $downloadFileName = '')
    {
-        require_once (PATH_THIRDPARTY . 'jsmin/jsmin.php');
+        G::LoadSystem('inputfilter');
+		$filter = new InputFilter();
+		$file = $filter->xssFilterHard($file);
+		if(isset($_SERVER['REQUEST_URI'])) {
+            $_SERVER['REQUEST_URI'] = $filter->xssFilterHard($_SERVER['REQUEST_URI'],"url");
+        }
+		require_once (PATH_THIRDPARTY . 'jsmin/jsmin.php');
        $folderarray = explode( '/', $file );
        $typearray = explode( '.', basename( $file ) );
        $typefile = $typearray[count( $typearray ) - 1];
@@ -1081,8 +1087,11 @@ class G

        //trick to generate the translation.language.js file , merging two files
        if (strtolower( $typefile ) == 'js' && $typearray[0] == 'translation') {
-            G::sendHeaders( $filename, 'text/javascript', $download, $downloadFileName );
+            $download = $filter->xssFilterHard($download);
+			$downloadFileName = $filter->xssFilterHard($downloadFileName);
+			G::sendHeaders( $filename, 'text/javascript', $download, $downloadFileName );
            $output = G::streamJSTranslationFile( $filename, $typearray[1] );
+			$output = $filter->xssFilterHard($output);
            print $output;
            return;
        }
@@ -1091,6 +1100,7 @@ class G
        if (strtolower( $typefile ) == 'css' && $folderarray[count( $folderarray ) - 2] == 'css') {
            G::sendHeaders( $filename, 'text/css', $download, $downloadFileName );
            $output = G::streamCSSBigFile( $typearray[0] );
+			$output = $filter->xssFilterHard($output);
            print $output;
            return;
        }
@@ -3140,7 +3150,10 @@ class G
     */
    public function pr ($var)
    {
-        print ("<pre>") ;
+        G::LoadSystem('inputfilter');
+		$filter = new InputFilter();
+		$var = $filter->xssFilterHard($var);
+		print ("<pre>") ;
        print_r( $var );
        print ("</pre>") ;
    }
--- a/workflow/engine/methods/appFolder/appFolderAjax.php
+++ b/workflow/engine/methods/appFolder/appFolderAjax.php
@@ -1,4 +1,9 @@
 <?php
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$_POST = $filter->xssFilterHard($_POST);
+$_GET = $filter->xssFilterHard($_GET);
+$_REQUEST = $filter->xssFilterHard($_REQUEST);
 if (! isset ($_SESSION ['USER_LOGGED'])) {
    $res ['success'] = false;
    $res ['error'] = G::LoadTranslation('ID_LOGIN_AGAIN');
--- a/workflow/engine/methods/setup/appCacheViewAjax.php
+++ b/workflow/engine/methods/setup/appCacheViewAjax.php
@@ -1,6 +1,9 @@
 <?php
 require_once ('classes/model/AppCacheView.php');
-
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$_POST = $filter->xssFilterHard($_POST);
+$_GET = $filter->xssFilterHard($_GET);
 $request = isset( $_POST['request'] ) ? $_POST['request'] : (isset( $_GET['request'] ) ? $_GET['request'] : null);

 function testConnection($type, $server, $user, $passwd, $port = 'none', $dbName = "")
--- a/workflow/engine/templates/appFolder/appFolderTree.php
+++ b/workflow/engine/templates/appFolder/appFolderTree.php
@@ -56,7 +56,9 @@ $html = '
     }
 return 'Unknown';
 }
-
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$_SERVER['HTTP_USER_AGENT'] = $filter->xssFilterHard($_SERVER['HTTP_USER_AGENT']);
 if((looking_for_browser($_SERVER['HTTP_USER_AGENT'])=='Internet Explorer 8')||(looking_for_browser($_SERVER['HTTP_USER_AGENT'])=='Internet Explorer 7')||(looking_for_browser($_SERVER['HTTP_USER_AGENT'])=='Internet Explorer 6')){
    $html.="
        <div class='content' style='width:360px;height: expression( this.scrollHeight > 319 ? \'320px\' : \'auto\' ); /* sets max-height for IE */  max-height: 320px; /* sets max-height value for all standards-compliant browsers */  overflow:hidden;'>
--- a/workflow/engine/templates/oauth2/authorize.php
+++ b/workflow/engine/templates/oauth2/authorize.php
@@ -1,6 +1,9 @@
 <?php
 require_once PATH_CORE . 'src/ProcessMaker/Services/OAuth2/PmPdo.php';
-
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$_GET = $filter->xssFilterHard($_GET,"url");
+$_SERVER["QUERY_STRING"] = $filter->xssFilterHard($_SERVER["QUERY_STRING"],"url");

 list($host, $port) = strpos(DB_HOST, ':') !== false ? explode(':', DB_HOST) : array(DB_HOST, '');
 $port = empty($port) ? '' : ";port=$port";
@@ -34,7 +37,7 @@ $response = array(
    'supportedScope' => $this->scope,
    'requestedScope' => $requestedScope
 );
-
+$response = $filter->xssFilterHard($response,"url");
 ?>

 <table width="100%" cellspacing="0" cellpadding="0" border="0">