I corrected problems

2015-03-11 17:51:50 -04:00
parent 14c2edaaed
commit 5360d31102
3 changed files with 35 additions and 14 deletions
--- a/gulliver/system/class.inputfilter.php
+++ b/gulliver/system/class.inputfilter.php
@@ -381,7 +381,7 @@ class InputFilter
                        $input[$i] = $this->xssFilter($val);
                    } else {
                        if(!empty($val)) {
-                            if($type != "url") {
+                            if($type != "url" && !strpos(basename($val), "=")) {
                                $inputFiltered = addslashes(htmlspecialchars(filter_var($val, FILTER_SANITIZE_STRING), ENT_COMPAT, 'UTF-8'));
                            } else {
                                $inputFiltered = filter_var($val, FILTER_SANITIZE_STRING);
@@ -423,12 +423,15 @@ class InputFilter
            if(sizeof($input)) {
                foreach($input as $i => $val) {
                    if(is_array($val) && sizeof($val)) {
-                        $input[$i] = $this->xssFilterHard($val);
+                        $input[$i] = $this->xssFilterHard($val,$type);
                    } else {
                        if(!empty($val)) {
                            $inputFiltered = $purifier->purify($val);
-                            if($type != "url") {
+                            $pos = strpos($inputFiltered, "=");
+                            if($type != "url" && $pos === false) {                                
                                $inputFiltered = addslashes(htmlspecialchars($inputFiltered, ENT_COMPAT, 'UTF-8'));
+                            } else {
+                              $inputFiltered = str_replace('&amp;','&',$inputFiltered);
                            }
                        } else {
                            $inputFiltered = "";
@@ -443,8 +446,11 @@ class InputFilter
                return '';
            } else {
                $input = $purifier->purify($input);
-                if($type != "url") {
+                $pos = strpos(basename($input), "=");
+                if($type != "url" && $pos === false) {                    
                    $input = addslashes(htmlspecialchars($input, ENT_COMPAT, 'UTF-8'));
+                } else {
+                   $input = str_replace('&amp;','&',$input);
                }
                return $input;
            }
@@ -522,7 +528,6 @@ class InputFilter
            default:
                $value = (string)filter_var($value, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
        }    
-    
        return $value;
    }
 }
--- a/gulliver/system/class.webResource.php
+++ b/gulliver/system/class.webResource.php
@@ -66,7 +66,14 @@ class WebResource
                    $paramsRef[] = '$parameters[' . $key . ']';
                }
            }
-            $res = eval( 'return ($this->' . $post['function'] . '(' . implode( ',', $paramsRef ) . '));' );
+            
+            $paramsRef = implode( ',', $paramsRef );
+            G::LoadSystem('inputfilter');
+            $filter = new InputFilter();
+            $post['function'] = $filter->validateInput($post['function']);
+            $paramsRef = $filter->validateInput($paramsRef);
+            
+            $res = eval( 'return ($this->' . $post['function'] . '(' . $paramsRef . '));' );
            $res = G::json_encode( $res );
            print ($res) ;
        } else {
@@ -82,13 +89,18 @@ class WebResource
     */
    function _encode ()
    {
+        G::LoadSystem('inputfilter');
+        $filter = new InputFilter();
        header( 'Content-Type: text/json' );
        $methods = get_class_methods( get_class( $this ) );
+        $methods = $filter->xssFilterHard($methods);
+        $this->_uri = $filter->xssFilterHard($this->_uri);
        print ('{') ;
        $first = true;
        foreach ($methods as $method) {
            //To avoid PHP version incompatibilities, put the $method name in lowercase
            $method = strtolower( $method );
+            $method = $filter->xssFilterHard($method);
            if ((substr( $method, 0, 1 ) === '_') || (strcasecmp( $method, 'WebResource' ) == 0) || (strcasecmp( $method, get_class( $this ) ) == 0)) {
            } elseif (strcasecmp( substr( $method, 0, 3 ), 'js_' ) == 0) {
                if (! $first) {
--- a/workflow/engine/classes/model/AdditionalTables.php
+++ b/workflow/engine/classes/model/AdditionalTables.php
@@ -1,4 +1,4 @@
-<?php
+<?php

 /**
 * AdditionalTables.php
@@ -445,19 +445,23 @@ class AdditionalTables extends BaseAdditionalTables
            $oCriteriaCount = clone $oCriteria;
            eval('$count = ' . $sClassPeerName . '::doCount($oCriteria);');
        }
+        G::LoadSystem('inputfilter');
+        $filter = new InputFilter();
+        $sort = $filter->validateInput($_POST['sort']);
+        $sClassPeerName = $filter->validateInput($sClassPeerName);

        if (isset($_POST['sort'])) {
            if ($_POST['dir'] == 'ASC') {
                if ($keyOrderUppercase) {
-                    eval('$oCriteria->addAscendingOrderByColumn("' . $_POST['sort'] . '");');
+                    eval('$oCriteria->addAscendingOrderByColumn("' . $sort . '");');
                } else {
-                    eval('$oCriteria->addAscendingOrderByColumn(' . $sClassPeerName . '::' . $_POST['sort'] . ');');
+                    eval('$oCriteria->addAscendingOrderByColumn(' . $sClassPeerName . '::' . $sort . ');');
                }
            } else {
                if ($keyOrderUppercase) {
-                    eval('$oCriteria->addDescendingOrderByColumn("' . $_POST['sort'] . '");');
+                    eval('$oCriteria->addDescendingOrderByColumn("' . $sort . '");');
                } else {
-                    eval('$oCriteria->addDescendingOrderByColumn(' . $sClassPeerName . '::' . $_POST['sort'] . ');');
+                    eval('$oCriteria->addDescendingOrderByColumn(' . $sClassPeerName . '::' . $sort . ');');
                }
            }
        }