diff --git a/gulliver/system/class.inputfilter.php b/gulliver/system/class.inputfilter.php index 3330637cc..285c6d080 100644 --- a/gulliver/system/class.inputfilter.php +++ b/gulliver/system/class.inputfilter.php @@ -661,4 +661,35 @@ class InputFilter $sanitizefilteredPath = mb_ereg_replace("(^~)", '', $sanitizefilteredPath); return $sanitizefilteredPath; } + + /** + * Filter only characters valids by regular expression + * + * @param mixed $data Data + * @param mixed $regex Regular expression + * + * @return mixed Returns data with the characters valids by regular expression + */ + function xssRegexFilter($data, $regex) + { + try { + switch (gettype($data)) { + case 'array': + foreach ($data as $key => $value) { + $data[$key] = $this->xssRegexFilter($value, (is_array($regex))? ((isset($regex[$key]))? $regex[$key] : '') : $regex); + } + break; + default: + if ($regex != '') { + $data = (preg_match_all($regex, $data, $arrayMatch))? implode('', $arrayMatch[0]) : ''; + } + break; + } + + //Return + return $data; + } catch (Exception $e) { + throw $e; + } + } } diff --git a/workflow/engine/methods/cases/cases_Step.php b/workflow/engine/methods/cases/cases_Step.php index 1c5693ddb..9002a1390 100755 --- a/workflow/engine/methods/cases/cases_Step.php +++ b/workflow/engine/methods/cases/cases_Step.php @@ -1,4 +1,10 @@ xssRegexFilter( + [$_GET['UID'], $_GET['TYPE'], $_GET['POSITION'], $_GET['ACTION']], '/[\-\w]/' +); + if (!isset($_SESSION['USER_LOGGED'])) { G::SendTemporalMessage( 'ID_LOGIN_AGAIN', 'warning', 'labels' ); die( '