Merged in cmdeguzman/cdgz-processmaker/HOR-282-3018 (pull request #3783)

HOR-282
2016-03-09 17:52:49 -04:00
parent fa1321731d 7a4e2805bf
commit 5b4ed8a3ff
16 changed files with 76 additions and 177 deletions
--- a/workflow/engine/controllers/adminProxy.php
+++ b/workflow/engine/controllers/adminProxy.php
@@ -313,7 +313,7 @@ class adminProxy extends HttpProxyController
    public function testingOption($params)
    {
        $data['success'] = true;
-        $data['optionAuthS'] = $params->optionAuthS;
+        $data['optionAuthS'] = htmlspecialchars($params->optionAuthS);
        return $data;

    }
--- a/workflow/engine/controllers/designer.php
+++ b/workflow/engine/controllers/designer.php
@@ -75,8 +75,8 @@ class Designer extends Controller
        }
        /*----------------------------------********---------------------------------*/

-        $this->setVar('prj_uid', $proUid);
-        $this->setVar('app_uid', $appUid);
+        $this->setVar('prj_uid', htmlspecialchars($proUid));
+        $this->setVar('app_uid', htmlspecialchars($appUid));
        $this->setVar('consolidated', $consolidated);
        $this->setVar('enterprise', $enterprise);
        $this->setVar('prj_readonly', $proReadOnly);
--- a/workflow/engine/controllers/processProxy.php
+++ b/workflow/engine/controllers/processProxy.php
@@ -118,7 +118,7 @@ class ProcessProxy extends HttpProxyController
        $oProcess = new Processes();
        if (count( $ids ) > 0) {
            foreach ($ids as $id) {
-                $oProcess->changeStatus( $id );
+                $oProcess->changeStatus( htmlspecialchars($id) );
            }
        }
    }