HOR-1363 "CLONE - Penetration test >> Internal paths exposed in cases" SOLVED

Issue: CLONE - Penetration test >> Internal paths exposed in cases Cause: No se filtran las variables Solution: - Se filtran las variables enviadas - Para evitar mostrar los paths de los files que son mostrados cuando se genera un notice PHP, se debe configurar el php.ini, se sugiere revisar las siguientes URL: http://www.zootemplate.com/news-updates/how-to-disable-notice-and-warning-in-phpini-file
2016-06-27 12:17:06 -04:00
parent c252cad836
commit 57a246b51c
2 changed files with 38 additions and 1 deletions
--- a/gulliver/system/class.inputfilter.php
+++ b/gulliver/system/class.inputfilter.php
@@ -661,4 +661,35 @@ class InputFilter
        $sanitizefilteredPath = mb_ereg_replace("(^~)", '', $sanitizefilteredPath);
        return $sanitizefilteredPath;
    }
+
+    /**
+     * Filter only characters valids by regular expression
+     *
+     * @param mixed $data  Data
+     * @param mixed $regex Regular expression
+     *
+     * @return mixed Returns data with the characters valids by regular expression
+     */
+    function xssRegexFilter($data, $regex)
+    {
+        try {
+            switch (gettype($data)) {
+                case 'array':
+                    foreach ($data as $key => $value) {
+                        $data[$key] = $this->xssRegexFilter($value, (is_array($regex))? ((isset($regex[$key]))? $regex[$key] : '') : $regex);
+                    }
+                    break;
+                default:
+                    if ($regex != '') {
+                        $data = (preg_match_all($regex, $data, $arrayMatch))? implode('', $arrayMatch[0]) : '';
+                    }
+                    break;
+            }
+
+            //Return
+            return $data;
+        } catch (Exception $e) {
+            throw $e;
+        }
+    }
 }
--- a/workflow/engine/methods/cases/cases_Step.php
+++ b/workflow/engine/methods/cases/cases_Step.php
@@ -1,4 +1,10 @@
 <?php
+$filter = new InputFilter();
+
+list($_GET['UID'], $_GET['TYPE'], $_GET['POSITION'], $_GET['ACTION']) = $filter->xssRegexFilter(
+    [$_GET['UID'], $_GET['TYPE'], $_GET['POSITION'], $_GET['ACTION']], '/[\-\w]/'
+);
+
 if (!isset($_SESSION['USER_LOGGED'])) {
 	G::SendTemporalMessage( 'ID_LOGIN_AGAIN', 'warning', 'labels' );
 	die( '<script type="text/javascript">