From 548e953072966adcfaee9d6be53204b047bba448 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julio=20Cesar=20Laura=20Avenda=C3=B1o?=
 <contact@julio-laura.com>
Date: Fri, 20 Jul 2018 00:28:45 +0000
Subject: [PATCH] HOR-4751

---
 gulliver/system/class.inputfilter.php    | 14 ++++++++++++++
 workflow/engine/classes/Applications.php | 17 +++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/gulliver/system/class.inputfilter.php b/gulliver/system/class.inputfilter.php
index 1a27eadba..8dcc433c1 100644
--- a/gulliver/system/class.inputfilter.php
+++ b/gulliver/system/class.inputfilter.php
@@ -356,12 +356,26 @@ class InputFilter
      * @param String $source
      * @param Resource $connection - An open MySQL connection
      * @return String $source
+     * @todo We need to review this method, because the sended string is unescaped
      */
     public function escapeString($string, &$connection)
     {
         return mysqli_real_escape_string($connection, $string);
     }
 
+    /**
+     * Escapes a string using a Propel connection
+     *
+     * @param string $string The string to escapes
+     * @param object $connection The connection object
+     *
+     * @return string
+     */
+    public function escapeUsingConnection($string, $connection)
+    {
+        return mysqli_real_escape_string($connection->getResource(), $string);
+    }
+
     /**
      * Internal method removes tags/special characters
      * @author Marcelo Cuiza
diff --git a/workflow/engine/classes/Applications.php b/workflow/engine/classes/Applications.php
index 7dc9fe006..a65e53fc4 100644
--- a/workflow/engine/classes/Applications.php
+++ b/workflow/engine/classes/Applications.php
@@ -43,6 +43,23 @@ class Applications
 
         //Start the connection to database
         $con = Propel::getConnection(AppDelegationPeer::DATABASE_NAME);
+
+        //Sanitize input variables
+        $inputFilter = new InputFilter();
+        $userUid = $inputFilter->validateInput($userUid, 'int');
+        $start = $inputFilter->validateInput($start, 'int');
+        $limit = $inputFilter->validateInput($limit, 'int');
+        $search = $inputFilter->escapeUsingConnection($search, $con);
+        $process = $inputFilter->validateInput($process, 'int');
+        //$status doesn't require sanitization
+        $dir = in_array($dir, ['ASC', 'DESC']) ? $dir :'DESC';
+        $sort = $inputFilter->escapeUsingConnection($sort, $con);
+        $category = $inputFilter->escapeUsingConnection($category, $con);
+        $dateFrom = $inputFilter->escapeUsingConnection($dateFrom, $con);
+        $dateTo = $inputFilter->escapeUsingConnection($dateTo, $con);
+        $columnSearch = $inputFilter->escapeUsingConnection($columnSearch, $con);
+
+        //Start the transaction
         $con->begin();
         $stmt = $con->createStatement();