I corrected problems
This commit is contained in:
Paula V. Quispe
@@ -381,7 +381,7 @@ class InputFilter
|
|||||||
$input[$i] = $this->xssFilter($val);
|
$input[$i] = $this->xssFilter($val);
|
||||||
} else {
|
} else {
|
||||||
if(!empty($val)) {
|
if(!empty($val)) {
|
||||||
if($type != "url") {
|
if($type != "url" && !strpos(basename($val), "=")) {
|
||||||
$inputFiltered = addslashes(htmlspecialchars(filter_var($val, FILTER_SANITIZE_STRING), ENT_COMPAT, 'UTF-8'));
|
$inputFiltered = addslashes(htmlspecialchars(filter_var($val, FILTER_SANITIZE_STRING), ENT_COMPAT, 'UTF-8'));
|
||||||
} else {
|
} else {
|
||||||
$inputFiltered = filter_var($val, FILTER_SANITIZE_STRING);
|
$inputFiltered = filter_var($val, FILTER_SANITIZE_STRING);
|
||||||
@@ -423,12 +423,15 @@ class InputFilter
|
|||||||
if(sizeof($input)) {
|
if(sizeof($input)) {
|
||||||
foreach($input as $i => $val) {
|
foreach($input as $i => $val) {
|
||||||
if(is_array($val) && sizeof($val)) {
|
if(is_array($val) && sizeof($val)) {
|
||||||
$input[$i] = $this->xssFilterHard($val);
|
$input[$i] = $this->xssFilterHard($val,$type);
|
||||||
} else {
|
} else {
|
||||||
if(!empty($val)) {
|
if(!empty($val)) {
|
||||||
$inputFiltered = $purifier->purify($val);
|
$inputFiltered = $purifier->purify($val);
|
||||||
if($type != "url") {
|
$pos = strpos($inputFiltered, "=");
|
||||||
|
if($type != "url" && $pos === false) {
|
||||||
$inputFiltered = addslashes(htmlspecialchars($inputFiltered, ENT_COMPAT, 'UTF-8'));
|
$inputFiltered = addslashes(htmlspecialchars($inputFiltered, ENT_COMPAT, 'UTF-8'));
|
||||||
|
} else {
|
||||||
|
$inputFiltered = str_replace('&','&',$inputFiltered);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$inputFiltered = "";
|
$inputFiltered = "";
|
||||||
@@ -443,8 +446,11 @@ class InputFilter
|
|||||||
return '';
|
return '';
|
||||||
} else {
|
} else {
|
||||||
$input = $purifier->purify($input);
|
$input = $purifier->purify($input);
|
||||||
if($type != "url") {
|
$pos = strpos(basename($input), "=");
|
||||||
|
if($type != "url" && $pos === false) {
|
||||||
$input = addslashes(htmlspecialchars($input, ENT_COMPAT, 'UTF-8'));
|
$input = addslashes(htmlspecialchars($input, ENT_COMPAT, 'UTF-8'));
|
||||||
|
} else {
|
||||||
|
$input = str_replace('&','&',$input);
|
||||||
}
|
}
|
||||||
return $input;
|
return $input;
|
||||||
}
|
}
|
||||||
@@ -522,7 +528,6 @@ class InputFilter
|
|||||||
default:
|
default:
|
||||||
$value = (string)filter_var($value, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
|
$value = (string)filter_var($value, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
|
||||||
}
|
}
|
||||||
|
|
||||||
return $value;
|
return $value;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -66,7 +66,14 @@ class WebResource
|
|||||||
$paramsRef[] = '$parameters[' . $key . ']';
|
$paramsRef[] = '$parameters[' . $key . ']';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$res = eval( 'return ($this->' . $post['function'] . '(' . implode( ',', $paramsRef ) . '));' );
|
|
||||||
|
$paramsRef = implode( ',', $paramsRef );
|
||||||
|
G::LoadSystem('inputfilter');
|
||||||
|
$filter = new InputFilter();
|
||||||
|
$post['function'] = $filter->validateInput($post['function']);
|
||||||
|
$paramsRef = $filter->validateInput($paramsRef);
|
||||||
|
|
||||||
|
$res = eval( 'return ($this->' . $post['function'] . '(' . $paramsRef . '));' );
|
||||||
$res = G::json_encode( $res );
|
$res = G::json_encode( $res );
|
||||||
print ($res) ;
|
print ($res) ;
|
||||||
} else {
|
} else {
|
||||||
@@ -82,13 +89,18 @@ class WebResource
|
|||||||
*/
|
*/
|
||||||
function _encode ()
|
function _encode ()
|
||||||
{
|
{
|
||||||
|
G::LoadSystem('inputfilter');
|
||||||
|
$filter = new InputFilter();
|
||||||
header( 'Content-Type: text/json' );
|
header( 'Content-Type: text/json' );
|
||||||
$methods = get_class_methods( get_class( $this ) );
|
$methods = get_class_methods( get_class( $this ) );
|
||||||
|
$methods = $filter->xssFilterHard($methods);
|
||||||
|
$this->_uri = $filter->xssFilterHard($this->_uri);
|
||||||
print ('{') ;
|
print ('{') ;
|
||||||
$first = true;
|
$first = true;
|
||||||
foreach ($methods as $method) {
|
foreach ($methods as $method) {
|
||||||
//To avoid PHP version incompatibilities, put the $method name in lowercase
|
//To avoid PHP version incompatibilities, put the $method name in lowercase
|
||||||
$method = strtolower( $method );
|
$method = strtolower( $method );
|
||||||
|
$method = $filter->xssFilterHard($method);
|
||||||
if ((substr( $method, 0, 1 ) === '_') || (strcasecmp( $method, 'WebResource' ) == 0) || (strcasecmp( $method, get_class( $this ) ) == 0)) {
|
if ((substr( $method, 0, 1 ) === '_') || (strcasecmp( $method, 'WebResource' ) == 0) || (strcasecmp( $method, get_class( $this ) ) == 0)) {
|
||||||
} elseif (strcasecmp( substr( $method, 0, 3 ), 'js_' ) == 0) {
|
} elseif (strcasecmp( substr( $method, 0, 3 ), 'js_' ) == 0) {
|
||||||
if (! $first) {
|
if (! $first) {
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* AdditionalTables.php
|
* AdditionalTables.php
|
||||||
@@ -445,19 +445,23 @@ class AdditionalTables extends BaseAdditionalTables
|
|||||||
$oCriteriaCount = clone $oCriteria;
|
$oCriteriaCount = clone $oCriteria;
|
||||||
eval('$count = ' . $sClassPeerName . '::doCount($oCriteria);');
|
eval('$count = ' . $sClassPeerName . '::doCount($oCriteria);');
|
||||||
}
|
}
|
||||||
|
G::LoadSystem('inputfilter');
|
||||||
|
$filter = new InputFilter();
|
||||||
|
$sort = $filter->validateInput($_POST['sort']);
|
||||||
|
$sClassPeerName = $filter->validateInput($sClassPeerName);
|
||||||
|
|
||||||
if (isset($_POST['sort'])) {
|
if (isset($_POST['sort'])) {
|
||||||
if ($_POST['dir'] == 'ASC') {
|
if ($_POST['dir'] == 'ASC') {
|
||||||
if ($keyOrderUppercase) {
|
if ($keyOrderUppercase) {
|
||||||
eval('$oCriteria->addAscendingOrderByColumn("' . $_POST['sort'] . '");');
|
eval('$oCriteria->addAscendingOrderByColumn("' . $sort . '");');
|
||||||
} else {
|
} else {
|
||||||
eval('$oCriteria->addAscendingOrderByColumn(' . $sClassPeerName . '::' . $_POST['sort'] . ');');
|
eval('$oCriteria->addAscendingOrderByColumn(' . $sClassPeerName . '::' . $sort . ');');
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if ($keyOrderUppercase) {
|
if ($keyOrderUppercase) {
|
||||||
eval('$oCriteria->addDescendingOrderByColumn("' . $_POST['sort'] . '");');
|
eval('$oCriteria->addDescendingOrderByColumn("' . $sort . '");');
|
||||||
} else {
|
} else {
|
||||||
eval('$oCriteria->addDescendingOrderByColumn(' . $sClassPeerName . '::' . $_POST['sort'] . ');');
|
eval('$oCriteria->addDescendingOrderByColumn(' . $sClassPeerName . '::' . $sort . ');');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user