fernando/luos
1
0
Fork 0
Code Releases Activity

I solved Code Injection

Browse Source
This commit is contained in:
Paula V. Quispe
2015-04-10 14:34:40 -04:00
parent 14d32cc29e
commit 4f9926d35f
1 changed files with 28 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
workflow/public_html/sysGeneric.php
View File

@@ -340,6 +340,9 @@ Bootstrap::LoadThirdParty("smarty/libs", "Smarty.class");
//Loading the autoloader libraries feature //Loading the autoloader libraries feature
Bootstrap::registerSystemClasses(); Bootstrap::registerSystemClasses();
//Load filter class
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$skinPathErrors = G::skinGetPathToSrcByVirtualUri("errors", $config); $skinPathErrors = G::skinGetPathToSrcByVirtualUri("errors", $config);
$skinPathUpdate = G::skinGetPathToSrcByVirtualUri("update", $config); $skinPathUpdate = G::skinGetPathToSrcByVirtualUri("update", $config);
@@ -373,10 +376,6 @@ $virtualURITable['/skins/(*)'] = PATH_HTML . 'skins/'; //ugly
$virtualURITable['/images/(*)'] = PATH_HTML . 'images/'; //ugly $virtualURITable['/images/(*)'] = PATH_HTML . 'images/'; //ugly
$virtualURITable['/[a-zA-Z][a-zA-Z0-9]{0,}/'] = 'errorFile'; $virtualURITable['/[a-zA-Z][a-zA-Z0-9]{0,}/'] = 'errorFile';
//Load filter class
G::LoadSystem('inputfilter');
$filter = new InputFilter();
// Verify if we need to redirect or stream the file, if G:VirtualURI returns true means we are going to redirect the page // Verify if we need to redirect or stream the file, if G:VirtualURI returns true means we are going to redirect the page
if (Bootstrap::virtualURI( $_SERVER['REQUEST_URI'], $virtualURITable, $realPath )) { if (Bootstrap::virtualURI( $_SERVER['REQUEST_URI'], $virtualURITable, $realPath )) {
// review if the file requested belongs to public_html plugin // review if the file requested belongs to public_html plugin
@@ -489,8 +488,9 @@ if (defined( 'PATH_DATA' ) && file_exists( PATH_DATA )) {
Bootstrap::LoadClass( 'serverConfiguration' ); Bootstrap::LoadClass( 'serverConfiguration' );
$oServerConf = & serverConf::getSingleton(); $oServerConf = & serverConf::getSingleton();
} }
$pathFile = PATH_THIRDPARTY . '/pear/PEAR.php';
require_once PATH_THIRDPARTY . '/pear/PEAR.php'; //$pathFile = $filter->validateInput($pathFile,'path');
require_once $pathFile;
//Bootstrap::LoadSystem( 'pmException' ); //Bootstrap::LoadSystem( 'pmException' );
@@ -504,7 +504,9 @@ if (! defined( 'PATH_DATA' ) || ! file_exists( PATH_DATA )) {
define( 'PATH_DATA', PATH_C ); define( 'PATH_DATA', PATH_C );
//NewRelic Snippet - By JHL //NewRelic Snippet - By JHL
transactionLog(PATH_CONTROLLERS.'installer.php'); transactionLog(PATH_CONTROLLERS.'installer.php');
require_once (PATH_CONTROLLERS . 'installer.php'); $pathFile = PATH_CONTROLLERS . 'installer.php';
$pathFile = $filter->validateInput($pathFile,'path');
require_once ($pathFile);
$controller = 'Installer'; $controller = 'Installer';
// if the method name is empty set default to index method // if the method name is empty set default to index method
@@ -548,8 +550,10 @@ if ($oServerConf->isWSDisabled( SYS_TEMP )) {
// if SYS_TEMP exists, the URL has a workspace, now we need to verify if exists their db.php file // if SYS_TEMP exists, the URL has a workspace, now we need to verify if exists their db.php file
if (defined( 'SYS_TEMP' ) && SYS_TEMP != '') { if (defined( 'SYS_TEMP' ) && SYS_TEMP != '') {
//this is the default, the workspace db.php file is in /shared/workflow/sites/SYS_SYS //this is the default, the workspace db.php file is in /shared/workflow/sites/SYS_SYS
if (file_exists( PATH_DB . SYS_TEMP . '/db.php' )) { $pathFile = PATH_DB . SYS_TEMP . '/db.php';
require_once (PATH_DB . SYS_TEMP . '/db.php'); $pathFile = $filter->validateInput($pathFile,'path');
if (file_exists( $pathFile )) {
require_once ($pathFile);
define( 'SYS_SYS', SYS_TEMP ); define( 'SYS_SYS', SYS_TEMP );
// defining constant for workspace shared directory // defining constant for workspace shared directory
@@ -575,11 +579,14 @@ if (defined( 'SYS_TEMP' ) && SYS_TEMP != '') {
die(); die();
} else { } else {
if (SYS_TARGET == "dbInfo") { //Show dbInfo when no SYS_SYS if (SYS_TARGET == "dbInfo") { //Show dbInfo when no SYS_SYS
require_once (PATH_METHODS . "login/dbInfo.php"); $pathFile = PATH_METHODS . "login/dbInfo.php";
$pathFile = $filter->validateInput($pathFile,'path');
require_once ($pathFile);
} else { } else {
if (substr( SYS_SKIN, 0, 2 ) === 'ux' && SYS_TARGET != 'sysLoginVerify') { // new ux sysLogin - extjs based form if (substr( SYS_SKIN, 0, 2 ) === 'ux' && SYS_TARGET != 'sysLoginVerify') { // new ux sysLogin - extjs based form
require_once PATH_CONTROLLERS . 'main.php'; $pathFile = $filter->validateInput(PATH_CONTROLLERS . 'main.php','path');
require_once $pathFile;
$controllerClass = 'Main'; $controllerClass = 'Main';
$controllerAction = SYS_TARGET == 'sysLoginVerify' ? SYS_TARGET : 'sysLogin'; $controllerAction = SYS_TARGET == 'sysLoginVerify' ? SYS_TARGET : 'sysLogin';
//if the method exists //if the method exists
@@ -590,7 +597,8 @@ if (defined( 'SYS_TEMP' ) && SYS_TEMP != '') {
$controller->call( $controllerAction ); $controller->call( $controllerAction );
} }
} else { // classic sysLogin interface } else { // classic sysLogin interface
require_once (PATH_METHODS . "login/sysLogin.php"); $pathFile = $filter->validateInput(PATH_METHODS . "login/sysLogin.php",'path');
require_once ($pathFile);
die(); die();
} }
} }
@@ -684,13 +692,15 @@ ob_start();
// Rebuild the base Workflow translations if not exists // Rebuild the base Workflow translations if not exists
if (! is_file( PATH_LANGUAGECONT . 'translation.en' )) { if (! is_file( PATH_LANGUAGECONT . 'translation.en' )) {
require_once ("classes/model/Translation.php"); $pathFile = $filter->validateInput("classes/model/Translation.php",'path');
require_once ($pathFile);
$fields = Translation::generateFileTranslation( 'en' ); $fields = Translation::generateFileTranslation( 'en' );
} }
// TODO: Verify if the language set into url is defined in translations env. // TODO: Verify if the language set into url is defined in translations env.
if (SYS_LANG != 'en' && ! is_file( PATH_LANGUAGECONT . 'translation.' . SYS_LANG )) { if (SYS_LANG != 'en' && ! is_file( PATH_LANGUAGECONT . 'translation.' . SYS_LANG )) {
require_once ("classes/model/Translation.php"); $pathFile = $filter->validateInput("classes/model/Translation.php",'path');
require_once ($pathFile);
$fields = Translation::generateFileTranslation( SYS_LANG ); $fields = Translation::generateFileTranslation( SYS_LANG );
} }
@@ -760,7 +770,8 @@ if (substr( SYS_COLLECTION, 0, 8 ) === 'gulliver') {
//erik: verify if it is a Controller Class or httpProxyController Class //erik: verify if it is a Controller Class or httpProxyController Class
if (is_file( PATH_CONTROLLERS . SYS_COLLECTION . '.php' )) { if (is_file( PATH_CONTROLLERS . SYS_COLLECTION . '.php' )) {
Bootstrap::LoadSystem( 'controller' ); Bootstrap::LoadSystem( 'controller' );
require_once PATH_CONTROLLERS . SYS_COLLECTION . '.php'; $pathFile = $filter->validateInput(PATH_CONTROLLERS . SYS_COLLECTION . '.php','path');
require_once $pathFile;
$controllerClass = SYS_COLLECTION; $controllerClass = SYS_COLLECTION;
//if the method name is empty set default to index method //if the method name is empty set default to index method
$controllerAction = SYS_TARGET != '' ? SYS_TARGET : 'index'; $controllerAction = SYS_TARGET != '' ? SYS_TARGET : 'index';
@@ -913,7 +924,8 @@ if (! defined( 'EXECUTE_BY_CRON' )) {
Bootstrap::LoadClass( 'sessions' ); Bootstrap::LoadClass( 'sessions' );
$oSessions = new Sessions(); $oSessions = new Sessions();
if ($aSession = $oSessions->verifySession( $_GET['sid'] )) { if ($aSession = $oSessions->verifySession( $_GET['sid'] )) {
require_once 'classes/model/Users.php'; $pathFile = $filter->validateInput('classes/model/Users.php','path');
require_once $pathFile;
$oUser = new Users(); $oUser = new Users();
$aUser = $oUser->load( $aSession['USR_UID'] ); $aUser = $oUser->load( $aSession['USR_UID'] );
$_SESSION['USER_LOGGED'] = $aUser['USR_UID']; $_SESSION['USER_LOGGED'] = $aUser['USR_UID'];