fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-1363 "CLONE - Penetration test >> Internal paths exposed in cases" SOLVED

Browse Source 
Issue:
    CLONE - Penetration test >> Internal paths exposed in cases
Cause:
    No se filtran las variables
Solution:
    - Se filtran las variables enviadas
    - Para evitar mostrar los paths de los files que son mostrados cuando se genera un notice PHP, se debe configurar
      el php.ini, se sugiere revisar las siguientes URL: http://www.zootemplate.com/news-updates/how-to-disable-notice-and-warning-in-phpini-file
This commit is contained in:
Victor Saisa Lopez
2016-06-27 12:17:06 -04:00
parent c252cad836
commit 57a246b51c
2 changed files with 38 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
gulliver/system/class.inputfilter.php
View File

@@ -661,4 +661,35 @@ class InputFilter
$sanitizefilteredPath = mb_ereg_replace("(^~)", '', $sanitizefilteredPath); $sanitizefilteredPath = mb_ereg_replace("(^~)", '', $sanitizefilteredPath);
return $sanitizefilteredPath; return $sanitizefilteredPath;
} }
/**
* Filter only characters valids by regular expression
*
* @param mixed $data Data
* @param mixed $regex Regular expression
*
* @return mixed Returns data with the characters valids by regular expression
*/
function xssRegexFilter($data, $regex)
{
try {
switch (gettype($data)) {
case 'array':
foreach ($data as $key => $value) {
$data[$key] = $this->xssRegexFilter($value, (is_array($regex))? ((isset($regex[$key]))? $regex[$key] : '') : $regex);
}
break;
default:
if ($regex != '') {
$data = (preg_match_all($regex, $data, $arrayMatch))? implode('', $arrayMatch[0]) : '';
}
break;
}
//Return
return $data;
} catch (Exception $e) {
throw $e;
}
}
} }

8
workflow/engine/methods/cases/cases_Step.php
View File

@@ -1,4 +1,10 @@
<?php <?php
$filter = new InputFilter();
list($_GET['UID'], $_GET['TYPE'], $_GET['POSITION'], $_GET['ACTION']) = $filter->xssRegexFilter(
[$_GET['UID'], $_GET['TYPE'], $_GET['POSITION'], $_GET['ACTION']], '/[\-\w]/'
);
if (!isset($_SESSION['USER_LOGGED'])) { if (!isset($_SESSION['USER_LOGGED'])) {
G::SendTemporalMessage( 'ID_LOGIN_AGAIN', 'warning', 'labels' ); G::SendTemporalMessage( 'ID_LOGIN_AGAIN', 'warning', 'labels' );
die( '<script type="text/javascript"> die( '<script type="text/javascript">
@@ -780,7 +786,7 @@ try {
$aFields['TASK'] = $oDerivation->prepareInformation( array ('USER_UID' => $_SESSION['USER_LOGGED'],'APP_UID' => $_SESSION['APPLICATION'],'DEL_INDEX' => $_SESSION['INDEX'] $aFields['TASK'] = $oDerivation->prepareInformation( array ('USER_UID' => $_SESSION['USER_LOGGED'],'APP_UID' => $_SESSION['APPLICATION'],'DEL_INDEX' => $_SESSION['INDEX']
) ); ) );
if (empty( $aFields['TASK'] )) { if (empty( $aFields['TASK'] )) {
throw (new Exception( G::LoadTranslation( 'ID_NO_DERIVATION_RULE' ) )); throw (new Exception( G::LoadTranslation( 'ID_NO_DERIVATION_RULE' ) ));
} }