From 5f059f2fcea80e3101c1d776a3623a1138f0b584 Mon Sep 17 00:00:00 2001
From: "marcelo.cuiza" <marcelo.cuiza@colosa.com>
Date: Wed, 18 Mar 2015 17:12:38 -0400
Subject: [PATCH] xss 2

---
 workflow/engine/methods/controls/varsAjax.php | 32 ++++++++++++-------
 .../methods/dynaforms/dynaforms_Editor.php    | 10 ++++++
 .../methods/outputdocs/outputdocs_Ajax.php    | 14 ++++++--
 .../methods/processes/processes_Ajax.php      | 15 ++++++++-
 workflow/engine/methods/setup/emails_Ajax.php |  7 ++++
 .../engine/methods/setup/language_Ajax.php    | 25 +++++++++------
 .../engine/methods/setup/webServicesAjax.php  |  8 ++++-
 7 files changed, 85 insertions(+), 26 deletions(-)

diff --git a/workflow/engine/methods/controls/varsAjax.php b/workflow/engine/methods/controls/varsAjax.php
index 82bb48166..a00050846 100755
--- a/workflow/engine/methods/controls/varsAjax.php
+++ b/workflow/engine/methods/controls/varsAjax.php
@@ -22,11 +22,19 @@
  * Coral Gables, FL, 33134, USA, or email info@colosa.com.
  *
  */
+ 
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$_POST = $filter->xssFilterHard($_POST);
+$_REQUEST = $filter->xssFilterHard($_REQUEST);
+ 
 $_SERVER["QUERY_STRING"] = isset($_SERVER["QUERY_STRING"])?$_SERVER["QUERY_STRING"]:'';
 $_REQUEST["sProcess"] = isset($_REQUEST["sProcess"])?$_REQUEST["sProcess"]:'';
 $_REQUEST["sFieldName"] = isset($_REQUEST["sFieldName"])?$_REQUEST["sFieldName"]:'';
 $_REQUEST['sSymbol']= isset($_REQUEST["sSymbol"])?$_REQUEST["sSymbol"]:'';
 
+$_SERVER["QUERY_STRING"] = $filter->xssFilterHard($_SERVER["QUERY_STRING"]);
+
 $html = '<form action="uploader.php?'.$_SERVER["QUERY_STRING"].'&q=upload" onLoad="onLoad()" method="post" enctype="multipart/form-data" onsubmit="">';
 $html .= '<div id="d_variables">';
 $html .= '<table width="90%" align="center">';
@@ -40,24 +48,24 @@ $html .= '</tr>';
 
 $html .= '<tr>';
 $html .= '<td width="50%">';
-$html .= '<label for="type_label">'.G::LoadTranslation('ID_TINY_TYPE_VARIABLE').'</label>';
+$html .= '<label for="type_label">'.$filter->xssFilterHard(G::LoadTranslation('ID_TINY_TYPE_VARIABLE')).'</label>';
 $html .= '</td>';
 
 $html .= '<td width="25%">';
-$html .= '<label for="prefix_label">'.G::LoadTranslation('ID_PREFIX').'</label>';
+$html .= '<label for="prefix_label">'.$filter->xssFilterHard(G::LoadTranslation('ID_PREFIX')).'</label>';
 $html .= '</td>';
 
 $html .= '<td width="25%">';
-$html .= '<label for="variables_label">'.G::LoadTranslation( 'ID_SEARCH').'</label>';
+$html .= '<label for="variables_label">'.$filter->xssFilterHard(G::LoadTranslation( 'ID_SEARCH')).'</label>';
 $html .= '</td>';
 $html .= '</tr>';
 
 $html .= '<tr>';
 $html .= '<td width="25%">';
 $html .= '<select name="type_variables" id="type_variables">';
-$html .= '<option value="all">'.G::LoadTranslation( 'ID_TINY_ALL_VARIABLES' ).'</option>';
-$html .= '<option value="system">'.G::LoadTranslation( 'ID_TINY_SYSTEM_VARIABLES' ).'</option>';
-$html .= '<option value="process">'.G::LoadTranslation( 'ID_TINY_PROCESS_VARIABLES' ).'</option>';
+$html .= '<option value="all">'.$filter->xssFilterHard(G::LoadTranslation( 'ID_TINY_ALL_VARIABLES' )).'</option>';
+$html .= '<option value="system">'.$filter->xssFilterHard(G::LoadTranslation( 'ID_TINY_SYSTEM_VARIABLES' )).'</option>';
+$html .= '<option value="process">'.$filter->xssFilterHard(G::LoadTranslation( 'ID_TINY_PROCESS_VARIABLES' )).'</option>';
 $html .= '</select> &nbsp;&nbsp;&nbsp;&nbsp;';
 $html .= '</td>';
 
@@ -79,7 +87,7 @@ $html .= '<input type="text" id="search" size="15">';
 $html .= '</td>';
 $html .= '</tr>';
 $html .= '<tr>';
-$html .= '<tr><td><label for="prefix_label">'.G::LoadTranslation( 'ID_VARIABLES' ).'</label></td></tr>';
+$html .= '<tr><td><label for="prefix_label">'.$filter->xssFilterHard(G::LoadTranslation( 'ID_VARIABLES' )).'</label></td></tr>';
 $html .= '<tr>';
 
 $html .= '<td colspan="3">';
@@ -114,19 +122,19 @@ $html .= '</div>';
 $html .= '<br>';
 $html .= '<table border="1" width="90%" align="center">';
 $html .= '<tr width="40%">';
-$html .= '<td>'.G::LoadTranslation('ID_RESULT').'</td>';
+$html .= '<td>'.$filter->xssFilterHard(G::LoadTranslation('ID_RESULT')).'</td>';
 $html .= '<td><span id="selectedVariableLabel">@@SYS_LANG</span></td>';
 $html .= '</tr>';
 $html .= '<tr width="60%">';
-$html .= '<td>'.G::LoadTranslation('ID_DESCRIPTION').'</td>';
-$html .= '<td><span id="desc_variables">'.G::LoadTranslation('ID_SYSTEM').'</span></td>';
+$html .= '<td>'.$filter->xssFilterHard(G::LoadTranslation('ID_DESCRIPTION')).'</td>';
+$html .= '<td><span id="desc_variables">'.$filter->xssFilterHard(G::LoadTranslation('ID_SYSTEM')).'</span></td>';
 $html .= '</tr>';
 $html .= '</table>';
 $html .= '</div>';
 $html .= '<br>';
 $html .= '<table width="90%" align="center">';
 $html .= '<tr><td>';
-$html .= '<label for="desc_prefix">*<span id="desc_prefix">' . G::LoadTranslation( 'ID_TO_STRING' ) . '</span></label>';
+$html .= '<label for="desc_prefix">*<span id="desc_prefix">'.$filter->xssFilterHard(G::LoadTranslation( 'ID_TO_STRING' )).'</span></label>';
 $html .= '</td></tr>';
 $html .= '</div>';
 
@@ -147,4 +155,4 @@ if (isset($_REQUEST['displayOption'])) {
 
 echo $html;
 
-G::RenderPage( 'publish', $display );
+G::RenderPage( 'publish', $display );
\ No newline at end of file
diff --git a/workflow/engine/methods/dynaforms/dynaforms_Editor.php b/workflow/engine/methods/dynaforms/dynaforms_Editor.php
index eb7933dc4..916f46862 100755
--- a/workflow/engine/methods/dynaforms/dynaforms_Editor.php
+++ b/workflow/engine/methods/dynaforms/dynaforms_Editor.php
@@ -21,6 +21,12 @@
  * For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
  * Coral Gables, FL, 33134, USA, or email info@colosa.com.
  */
+ 
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$_POST = $filter->xssFilterHard($_POST);
+$_GET = $filter->xssFilterHard($_GET);
+ 
 if (($RBAC_Response = $RBAC->userCanAccess( "PM_FACTORY" )) != 1) {
     return $RBAC_Response;
 }
@@ -38,6 +44,9 @@ $G_SUB_MENU = 'processes';
 $G_ID_MENU_SELECTED = 'PROCESSES';
 $G_ID_SUB_MENU_SELECTED = 'FIELDS';
 
+$_GET['PRO_UID'] = $filter->xssFilterHard($_GET['PRO_UID']);
+$_GET['DYN_UID'] = $filter->xssFilterHard($_GET['DYN_UID']);
+
 $PRO_UID = isset( $_GET['PRO_UID'] ) ? $_GET['PRO_UID'] : '0';
 $DYN_UID = (isset( $_GET['DYN_UID'] )) ? urldecode( $_GET['DYN_UID'] ) : '0';
 $_SESSION['PROCESS'] = $_GET['PRO_UID'];
@@ -50,6 +59,7 @@ if ($process->exists( $PRO_UID )) {
     $process->load( $PRO_UID );
 } else {
     //TODO
+    $PRO_UID = $filter->xssFilterHard($PRO_UID);
     print ("$PRO_UID doesn't exist, continue? yes") ;
 }
 
diff --git a/workflow/engine/methods/outputdocs/outputdocs_Ajax.php b/workflow/engine/methods/outputdocs/outputdocs_Ajax.php
index a075149dc..c187ae60f 100755
--- a/workflow/engine/methods/outputdocs/outputdocs_Ajax.php
+++ b/workflow/engine/methods/outputdocs/outputdocs_Ajax.php
@@ -1,4 +1,7 @@
 <?php
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$_REQUEST = $filter->xssFilterHard($_REQUEST);
 
 $action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] :'';
 
@@ -9,6 +12,7 @@ if ($action == '') {
 
 switch ($action) {
     case 'setTemplateFile':
+        $_FILES = $filter->xssFilterHard($_FILES);
         //print_r($_FILES);
         $_SESSION['outpudocs_tmpFile'] = PATH_DATA . $_FILES['templateFile']['name'];
         //    file_put_contents($_FILES['templateFile']['name'], file_get_contents($_FILES['templateFile']['tmp_name']));
@@ -21,6 +25,7 @@ switch ($action) {
         break;
 
     case 'getTemplateFile':
+        $_SESSION['outpudocs_tmpFile'] = $filter->xssFilterHard($_SESSION['outpudocs_tmpFile']);
         $aExtensions = array ("exe","com","dll","ocx","fon","ttf","doc","xls","mdb","rtf","bin","jpeg","jpg","jif","jfif","gif","tif","tiff","png","bmp","pdf","aac","mp3","mp3pro","vorbis","realaudio","vqf","wma","aiff","flac","wav","midi","mka","ogg","jpeg","ilbm","tar","zip","rar","arj","gzip","bzip2","afio","kgb","gz","asf","avi","mov","iff","ogg","ogm","mkv","3gp"
         );
         $sFileName = strtolower( $_SESSION['outpudocs_tmpFile'] );
@@ -28,11 +33,15 @@ switch ($action) {
         $searchPos = strpos( $strRev, '.' );
         $pos = (strlen( $sFileName ) - 1) - $searchPos;
         $sExtension = substr( $sFileName, $pos + 1, strlen( $sFileName ) );
-        if (! in_array( $sExtension, $aExtensions ))
-            echo $content = file_get_contents( $_SESSION['outpudocs_tmpFile'] );
+        if (! in_array( $sExtension, $aExtensions )) {
+            $content = file_get_contents( $_SESSION['outpudocs_tmpFile'] );
+            $content = $filter->xssFilterHard($content);
+            echo $content;
+        }
         break;
 
     case 'loadTemplateContent':
+        $_POST = $filter->xssFilterHard($_POST);
         require_once 'classes/model/OutputDocument.php';
         $ooutputDocument = new OutputDocument();
         if (isset( $_POST['OUT_DOC_UID'] )) {
@@ -43,6 +52,7 @@ switch ($action) {
         break;
 
     case 'lookForNameOutput':
+        $_POST = $filter->xssFilterHard($_POST);
         require_once ('classes/model/Content.php');
         require_once ("classes/model/OutputDocument.php");
 
diff --git a/workflow/engine/methods/processes/processes_Ajax.php b/workflow/engine/methods/processes/processes_Ajax.php
index 37f3229dd..9602959af 100755
--- a/workflow/engine/methods/processes/processes_Ajax.php
+++ b/workflow/engine/methods/processes/processes_Ajax.php
@@ -38,6 +38,13 @@ try {
       break;
       } */
     //$oJSON = new Services_JSON();
+    
+    G::LoadSystem('inputfilter');
+    $filter = new InputFilter();
+    $_GET = $filter->xssFilterHard($_GET);
+    $_POST = $filter->xssFilterHard($_POST);
+    $_REQUEST = $filter->xssFilterHard($_REQUEST);
+    //$_SESSION = $filter->xssFilterHard($_SESSION); 
 
     if (isset($_REQUEST['data'])) {
         if($_REQUEST['action']=="addText"||$_REQUEST['action']=="updateText") {
@@ -741,6 +748,8 @@ try {
             // G::RenderPage( 'publish', 'blank' );
             break;
         case 'saveFile':
+            $_REQUEST['pro_uid'] = $filter->xssFilterHard($_REQUEST['pro_uid']);
+            $_REQUEST['filename'] = $filter->xssFilterHard($_REQUEST['filename']);
             global $G_PUBLISH;
             $G_PUBLISH = new Publisher();
             global $RBAC;
@@ -754,6 +763,7 @@ try {
 
                 $sDir = "";
                 if (isset($_REQUEST['MAIN_DIRECTORY'])) {
+                    $_REQUEST['MAIN_DIRECTORY'] = $filter->xssFilterHard($_REQUEST['MAIN_DIRECTORY']);
                     $sDir = $_REQUEST['MAIN_DIRECTORY'];
                 }
                 switch ($sDir) {
@@ -775,6 +785,7 @@ try {
                 $content = base64_decode($content);
                 fwrite($fp, $content);
                 fclose($fp);
+                $sDirectory = $filter->xssFilterHard($sDirectory);
                 echo 'saved: ' . $sDirectory;
             }
             break;
@@ -830,8 +841,10 @@ try {
             *
             */
         case 'getVariablePrefix':
+            $_REQUEST['prefix'] = $filter->xssFilterHard($_REQUEST['prefix']);
             $_REQUEST['prefix'] = $_REQUEST['prefix'] != null ? $_REQUEST['prefix'] : 'ID_TO_STRING';
-            echo G::LoadTranslation($_REQUEST['prefix']);
+            $prefix = $filter->xssFilterHard(G::LoadTranslation($_REQUEST['prefix']));
+            echo G::LoadTranslation($prefix);
             break;
             /**
             * return an array with all Variables of Grid type
diff --git a/workflow/engine/methods/setup/emails_Ajax.php b/workflow/engine/methods/setup/emails_Ajax.php
index 6b533be25..c380a18d9 100755
--- a/workflow/engine/methods/setup/emails_Ajax.php
+++ b/workflow/engine/methods/setup/emails_Ajax.php
@@ -21,6 +21,13 @@
  * For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
  * Coral Gables, FL, 33134, USA, or email info@colosa.com.
  */
+ 
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$_POST = $filter->xssFilterHard($_POST);
+if(isset($_SERVER['SERVER_NAME'])) {
+$_SERVER['SERVER_NAME'] = $filter->xssFilterHard($_SERVER['SERVER_NAME']); 
+}
 
 global $RBAC;
 $RBAC->requirePermissions( 'PM_SETUP_ADVANCE' );
diff --git a/workflow/engine/methods/setup/language_Ajax.php b/workflow/engine/methods/setup/language_Ajax.php
index 3bb445ee6..fad0d0b42 100755
--- a/workflow/engine/methods/setup/language_Ajax.php
+++ b/workflow/engine/methods/setup/language_Ajax.php
@@ -23,11 +23,16 @@
  */
 try {
 
+    G::LoadSystem('inputfilter');
+    $filter = new InputFilter();
+    $_POST = $filter->xssFilterHard($_POST);
+    
     G::LoadInclude( 'ajax' );
     if (isset( $_POST['form'] )) {
         $_POST = $_POST['form'];
     }
     $_POST['function'] = get_ajax_value( 'function' );
+    $_POST['function'] = $filter->xssFilterHard($_POST['function']);
     switch ($_POST['function']) {
         case 'savePredetermined':
             require_once "classes/model/Translation.php";
@@ -155,16 +160,16 @@ try {
             if($locale != "en"){ //Default Lengage 'en'
             	if($locale != SYS_LANG){ //Current lenguage
             		//THERE IS NO ANY CASE STARTED FROM THES LANGUAGE
-            		if ($aRow[0] == 0) { //so we can delete this language
-            			try {
-            				Content::removeLanguageContent( $locale );
-            				$trn->removeTranslationEnvironment( $locale );
-            				echo G::LoadTranslation( 'ID_LANGUAGE_DELETED_SUCCESSFULLY' );
-            			} catch (Exception $e) {
-            				echo $e->getMessage();
-            			}
-            		} else {
-            			echo str_replace( '{0}', $aRow[0], G::LoadTranslation( 'ID_LANGUAGE_CANT_DELETE' ) );
+            		if ($aRow[0] == 0) { //so we can delete this language
+            			try {
+            				Content::removeLanguageContent( $locale );
+            				$trn->removeTranslationEnvironment( $locale );
+            				echo G::LoadTranslation( 'ID_LANGUAGE_DELETED_SUCCESSFULLY' );
+            			} catch (Exception $e) {
+            				echo $e->getMessage();
+            			}
+            		} else {
+            			echo str_replace( '{0}', $aRow[0], G::LoadTranslation( 'ID_LANGUAGE_CANT_DELETE' ) );
             		}
             	} else {
             		echo str_replace( '{0}', $aRow[0], G::LoadTranslation( 'ID_LANGUAGE_CANT_DELETE_CURRENTLY' ) );
diff --git a/workflow/engine/methods/setup/webServicesAjax.php b/workflow/engine/methods/setup/webServicesAjax.php
index d6cfd557e..97f141218 100755
--- a/workflow/engine/methods/setup/webServicesAjax.php
+++ b/workflow/engine/methods/setup/webServicesAjax.php
@@ -23,6 +23,10 @@
  */
 ini_set( "soap.wsdl_cache_enabled", "0" ); // enabling WSDL cache
 
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$_GET = $filter->xssFilterHard($_GET);
+//$_SESSION = $filter->xssFilterHard($_SESSION); 
 
 G::LoadClass( 'ArrayPeer' );
 if ($RBAC->userCanAccess( 'PM_SETUP' ) != 1 && $RBAC->userCanAccess( 'PM_FACTORY' ) != 1) {
@@ -38,6 +42,8 @@ if ($_POST['action'] == '') {
     $_POST['action'] = (isset( $_GET['action'] )) ? $_GET['action'] : '';
 }
 
+$_POST = $filter->xssFilterHard($_POST);
+
 switch ($_POST['action']) {
     case 'showForm':
         global $G_PUBLISH;
@@ -1504,7 +1510,7 @@ try {
                 die();
                 break;
             default:
-
+                $_POST = $filter->xssFilterHard($_POST);
                 print_r( $_POST );
         }
     }