fernando/luos
1
0
Fork 0
Code Releases Activity

Merged in paulis/processmaker/PM-VERACODE-24 (pull request #2082)

Browse Source 
VERACODE: I solved some issues [May 01]
This commit is contained in:
Julio Cesar Laura Avendaño
2015-05-05 13:47:09 -04:00
parent 8a576e4e28 c331bfa98f
commit 78f9aa7833
4 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
workflow/engine/controllers/pmTablesProxy.php
View File

@@ -671,11 +671,11 @@ class pmTablesProxy extends HttpProxyController
$filter = new InputFilter();
$countRow = 250;
$tmpfilename = $_FILES['form']['tmp_name']['CSV_FILE'];
$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path');
//$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path');
if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $tmpfilename ) ) === 0) {
$filename = $_FILES['form']['name']['CSV_FILE'];
$filename = $filter->xssFilterHard($filename, 'path');
if ($oFile = fopen( $tmpfilename, 'r' )) {
//$filename = $filter->xssFilterHard($filename, 'path');
if ($oFile = fopen( $filter->xssFilterHard($tmpfilename, 'path'), 'r' )) {
require_once 'classes/model/AdditionalTables.php';
$oAdditionalTables = new AdditionalTables();
$aAdditionalTables = $oAdditionalTables->load( $_POST['form']['ADD_TAB_UID'], true );
@@ -771,11 +771,11 @@ class pmTablesProxy extends HttpProxyController
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$tmpfilename = $_FILES['form']['tmp_name']['CSV_FILE'];
$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path');
//$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path');
if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $tmpfilename ) ) === 0) {
$filename = $_FILES['form']['name']['CSV_FILE'];
$filename = $filter->xssFilterHard($filename, 'path');
if ($oFile = fopen( $tmpfilename, 'r' )) {
if ($oFile = fopen( $filter->xssFilterHard($tmpfilename, 'path'), 'r' )) {
require_once 'classes/model/AdditionalTables.php';
$oAdditionalTables = new AdditionalTables();
$aAdditionalTables = $oAdditionalTables->load( $_POST['form']['ADD_TAB_UID'], true );

2
workflow/engine/methods/users/usersAjax.php
View File

@@ -200,7 +200,7 @@ switch ($_POST['action']) {
}
$aData['USR_STATUS'] = $statusWF;
$aData['USR_UID'] = $sUserUID;
$aData['USR_PASSWORD'] = md5($sUserUID); //fake :p
$aData['USR_PASSWORD'] = G::encryptOld($sUserUID); //fake :p
$aData['USR_COUNTRY'] = $form['USR_COUNTRY'];
$aData['USR_CITY'] = $form['USR_CITY'];
$aData['USR_LOCATION'] = $form['USR_LOCATION'];