HOR-1092 Medium: Cross-Site Scripting

workflow/engine/methods/cases/proxyDataCombobox.php

@@ -16,6 +16,7 @@ $G_FORM->parseFile($filename, SYS_LANG, true);
 
 G::LoadClass("case");
 G::LoadClass("pmFunctions");
+G::LoadSystem('inputfilter');
 
 //Load the variables
 $oCase = new Cases();
@@ -70,5 +71,5 @@ foreach ($aResult as $field) {
 }
 
 $response["records"] = $array;
-
-echo G::json_encode($response);
+$filter = new InputFilter();
+echo G::json_encode($filter->xssFilterHard($response));

workflow/engine/methods/dbConnections/dbConnectionsAjax.php

@@ -344,12 +344,14 @@ switch ($action) {
         break;
     case 'showEncodes':
         //G::LoadThirdParty( 'pear/json', 'class.json' );
-        //$oJSON = new Services_JSON();
+        //$oJSON =
+        G::LoadSystem('inputfilter');
+        $filter = new InputFilter();
         $engine = $_POST['engine'];
 
         if ($engine != "0") {
             $dbs = new dbConnections();
-            echo Bootstrap::json_encode( $dbs->getEncondeList( $engine ) );
+            echo Bootstrap::json_encode($dbs->getEncondeList($filter->xssFilterHard($engine)));
 
         } else {
             echo '[["0","..."]]';

workflow/engine/methods/setup/upgrade_SystemAjax.php

@@ -34,6 +34,7 @@ if (isset( $_POST['id'] ))
 
 G::LoadClass( 'languages' );
 G::LoadSystem( 'database_mysql' );
+G::LoadSystem('inputfilter');
 
 $aUpgradeData = unserialize( file_get_contents( PATH_DATA . 'log' . PATH_SEP . "upgrade.data.bin" ) );
 $aWorkspaces = $aUpgradeData['workspaces'];
@@ -60,7 +61,7 @@ if (is_array( $aWorkspaces ) && count( $aWorkspaces ) > 0) {
     print "<table cellpadding=0><tr><td><img src='/images/ajax-loader.gif' border=0/></td><td>";
     print "<div style='border-style:solid;border-width:1px; border-color: #A1C868; width:300px; height:19px;' >";
     print "<div style='color:#FFF; height:16px; text-align:center; padding-top:3px; background-image: url(/skins/green/images/bm.jpg); background-repeat: repeat-x; width: {$gauge}px' ></div> </div>";
-    print "</td><td width='40%'><font color=black> Upgrading the workspace </font><b><font color=green>$workspace</font></b></td><td width=250 align=right>| $id Remaining</td></tr></table>";
+    print "</td><td width='40%'><font color=black> Upgrading the workspace </font><b><font color=green>".$filter->xssFilterHard($workspace)."</font></b></td><td width=250 align=right>| ".$filter->xssFilterHard($id)." Remaining</td></tr></table>";
     file_put_contents( PATH_DATA . 'log' . PATH_SEP . "upgrade.data.bin", serialize( $aUpgradeData ) );
 } else {
     print "<table cellpadding=0><tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>";

workflow/engine/methods/users/users_Ajax.php

@@ -91,11 +91,11 @@ try {
             $oTasks = new Tasks();
             switch ((int) $_POST['TU_RELATION']) {
                 case 1:
-                    echo $oTasks->assignUser($_POST['TAS_UID'], $_POST['USR_UID'], $_POST['TU_TYPE']);
+                    echo htmlentities($oTasks->assignUser($_POST['TAS_UID'], $_POST['USR_UID'], $_POST['TU_TYPE']), ENT_QUOTES | ENT_HTML5, 'UTF-8');
                     G::auditlog("AssignUserTask","Assign a User to a Task -> ".$_POST['TAS_UID'].' User UID -> '.$_POST['USR_UID']);
                     break;
                 case 2:
-                    echo $oTasks->assignGroup($_POST['TAS_UID'], $_POST['USR_UID'], $_POST['TU_TYPE']);
+                    echo htmlentities($oTasks->assignGroup($_POST['TAS_UID'], $_POST['USR_UID'], $_POST['TU_TYPE']), ENT_QUOTES | ENT_HTML5, 'UTF-8');
                     G::auditlog("AssignGroupTask","Assign a Group to a Task -> ".$_POST['TAS_UID'].' User UID -> '.$_POST['USR_UID']);
                     break;
             }