fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-1092 Medium: Cross-Site Scripting

Browse Source
This commit is contained in:
Ronald Q
2016-06-02 14:47:36 -04:00
parent 005ee3ef2b
commit 7acaee7fb7
7 changed files with 15 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
workflow/engine/methods/cases/proxyDataCombobox.php
View File

@@ -16,6 +16,7 @@ $G_FORM->parseFile($filename, SYS_LANG, true);
G::LoadClass("case"); G::LoadClass("case");
G::LoadClass("pmFunctions"); G::LoadClass("pmFunctions");
G::LoadSystem('inputfilter');
//Load the variables //Load the variables
$oCase = new Cases(); $oCase = new Cases();
@@ -70,5 +71,5 @@ foreach ($aResult as $field) {
} }
$response["records"] = $array; $response["records"] = $array;
$filter = new InputFilter();
echo G::json_encode($response); echo G::json_encode($filter->xssFilterHard($response));

6
workflow/engine/methods/dbConnections/dbConnectionsAjax.php
View File

@@ -344,12 +344,14 @@ switch ($action) {
break; break;
case 'showEncodes': case 'showEncodes':
//G::LoadThirdParty( 'pear/json', 'class.json' ); //G::LoadThirdParty( 'pear/json', 'class.json' );
//$oJSON = new Services_JSON(); //$oJSON =
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$engine = $_POST['engine']; $engine = $_POST['engine'];
if ($engine != "0") { if ($engine != "0") {
$dbs = new dbConnections(); $dbs = new dbConnections();
echo Bootstrap::json_encode( $dbs->getEncondeList( $engine ) ); echo Bootstrap::json_encode($dbs->getEncondeList($filter->xssFilterHard($engine)));
} else { } else {
echo '[["0","..."]]'; echo '[["0","..."]]';

3
workflow/engine/methods/setup/upgrade_SystemAjax.php
View File

@@ -34,6 +34,7 @@ if (isset( $_POST['id'] ))
G::LoadClass( 'languages' ); G::LoadClass( 'languages' );
G::LoadSystem( 'database_mysql' ); G::LoadSystem( 'database_mysql' );
G::LoadSystem('inputfilter');
$aUpgradeData = unserialize( file_get_contents( PATH_DATA . 'log' . PATH_SEP . "upgrade.data.bin" ) ); $aUpgradeData = unserialize( file_get_contents( PATH_DATA . 'log' . PATH_SEP . "upgrade.data.bin" ) );
$aWorkspaces = $aUpgradeData['workspaces']; $aWorkspaces = $aUpgradeData['workspaces'];
@@ -60,7 +61,7 @@ if (is_array( $aWorkspaces ) && count( $aWorkspaces ) > 0) {
print "<table cellpadding=0><tr><td><img src='/images/ajax-loader.gif' border=0/></td><td>"; print "<table cellpadding=0><tr><td><img src='/images/ajax-loader.gif' border=0/></td><td>";
print "<div style='border-style:solid;border-width:1px; border-color: #A1C868; width:300px; height:19px;' >"; print "<div style='border-style:solid;border-width:1px; border-color: #A1C868; width:300px; height:19px;' >";
print "<div style='color:#FFF; height:16px; text-align:center; padding-top:3px; background-image: url(/skins/green/images/bm.jpg); background-repeat: repeat-x; width: {$gauge}px' ></div> </div>"; print "<div style='color:#FFF; height:16px; text-align:center; padding-top:3px; background-image: url(/skins/green/images/bm.jpg); background-repeat: repeat-x; width: {$gauge}px' ></div> </div>";
print "</td><td width='40%'><font color=black> Upgrading the workspace </font><b><font color=green>$workspace</font></b></td><td width=250 align=right>| $id Remaining</td></tr></table>"; print "</td><td width='40%'><font color=black> Upgrading the workspace </font><b><font color=green>".$filter->xssFilterHard($workspace)."</font></b></td><td width=250 align=right>| ".$filter->xssFilterHard($id)." Remaining</td></tr></table>";
file_put_contents( PATH_DATA . 'log' . PATH_SEP . "upgrade.data.bin", serialize( $aUpgradeData ) ); file_put_contents( PATH_DATA . 'log' . PATH_SEP . "upgrade.data.bin", serialize( $aUpgradeData ) );
} else { } else {
print "<table cellpadding=0><tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>"; print "<table cellpadding=0><tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>";

4
workflow/engine/methods/users/users_Ajax.php
View File

@@ -91,11 +91,11 @@ try {
$oTasks = new Tasks(); $oTasks = new Tasks();
switch ((int) $_POST['TU_RELATION']) { switch ((int) $_POST['TU_RELATION']) {
case 1: case 1:
echo $oTasks->assignUser($_POST['TAS_UID'], $_POST['USR_UID'], $_POST['TU_TYPE']); echo htmlentities($oTasks->assignUser($_POST['TAS_UID'], $_POST['USR_UID'], $_POST['TU_TYPE']), ENT_QUOTES | ENT_HTML5, 'UTF-8');
G::auditlog("AssignUserTask","Assign a User to a Task -> ".$_POST['TAS_UID'].' User UID -> '.$_POST['USR_UID']); G::auditlog("AssignUserTask","Assign a User to a Task -> ".$_POST['TAS_UID'].' User UID -> '.$_POST['USR_UID']);
break; break;
case 2: case 2:
echo $oTasks->assignGroup($_POST['TAS_UID'], $_POST['USR_UID'], $_POST['TU_TYPE']); echo htmlentities($oTasks->assignGroup($_POST['TAS_UID'], $_POST['USR_UID'], $_POST['TU_TYPE']), ENT_QUOTES | ENT_HTML5, 'UTF-8');
G::auditlog("AssignGroupTask","Assign a Group to a Task -> ".$_POST['TAS_UID'].' User UID -> '.$_POST['USR_UID']); G::auditlog("AssignGroupTask","Assign a Group to a Task -> ".$_POST['TAS_UID'].' User UID -> '.$_POST['USR_UID']);
break; break;
} }

7
workflow/engine/templates/cases/cases_Load.php
View File

@@ -1,7 +1,6 @@
<?php <?php
G::LoadSystem('inputfilter'); G::LoadSystem('inputfilter');
$filter = new InputFilter(); $filter = new InputFilter();
$_POST['qs'] = $filter->xssFilterHard($_POST['qs']);
?> ?>
<html> <html>
<style type="text/css"> <style type="text/css">
@@ -13,9 +12,9 @@ $_POST['qs'] = $filter->xssFilterHard($_POST['qs']);
} }
</style> </style>
<body onresize="autoResizeScreen()" onload="autoResizeScreen()"> <body onresize="autoResizeScreen()" onload="autoResizeScreen()">
<iframe name="casesFrame" id="casesFrame" src ="../cases/main_init<?php echo $_POST['qs'];?>" width="99%" height="768" frameborder="0"> <iframe name="casesFrame" id="casesFrame" src ="../cases/main_init<?php echo $filter->xssFilterHard($_POST['qs']);?>" width="99%" height="768" frameborder="0">
<p>Your browser does not support iframes.</p> <p>Your browser does not support iframes.</p>
</iframe> </iframe>
</body> </body>
<script> <script>
if ( document.getElementById('pm_submenu') ) if ( document.getElementById('pm_submenu') )

2
workflow/engine/templates/reportTables/mainLoad.php
View File

@@ -20,7 +20,7 @@ if(isset($_GET['gui'])) {
} }
</style> </style>
<body onresize="autoResizeScreen()" onload="autoResizeScreen()"> <body onresize="autoResizeScreen()" onload="autoResizeScreen()">
<iframe name="frameMain" id="frameMain" src ="../reportTables/mainInit?PRO_UID=<?php echo $filter->xssFilterHard($gui)?>" width="99%" height="200" frameborder="0"> <iframe name="frameMain" id="frameMain" src ="../reportTables/mainInit?PRO_UID=<?php echo $filter->xssFilterHard($gui);?>" width="99%" height="200" frameborder="0">
<p>Your browser does not support iframes.</p> <p>Your browser does not support iframes.</p>
</iframe> </iframe>
</body> </body>

128
workflow/public_html/skins/ajax.js
View File

@@ -1,128 +0,0 @@
// Popup code
var gPopupMask = null;
var gPopupContainer = null;
var gPopFrame = null;
var gReturnFunc;
var gPopupIsShown = false;
var gHideSelects = false;
var gTabIndexes = new Array();
// Pre-defined list of tags we want to disable/enable tabbing into
var gTabbableTags = new Array("A","BUTTON","TEXTAREA","INPUT","IFRAME");
// If using Mozilla or Firefox, use Tab-key trap.
if (!document.all) {
document.onkeypress = keyDownHandler;
}
function myEmptyCallback() {
}
function get_xmlhttp() {
try {
xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
} catch (E) {
xmlhttp = false;
}
}
if (!xmlhttp && typeof XMLHttpRequest!='undefined') {
xmlhttp = new XMLHttpRequest();
}
return xmlhttp;
}
function isdefined( variable) {
return (typeof(window[variable]) == "undefined")? false: true;
}
//DAN Nov 24, 2006
//parameter asyncronuos was added to work in syncronous mode
// usage: ajax_init(_,_,_,_,false);
function ajax_init( ajax_server,div_container, values, callback,asyncronuos)
{ // DAN Nov 24, 2006. variable asyncronuos was added
asyncronuos = (asyncronuos!=false)?true:false;
var objetus;
objetus = get_xmlhttp();
try{ // DAN Nov 24, 2006. variable asyncronuos instead of true
objetus.open("GET", ajax_server + "?" + values, asyncronuos);
}catch(ss)
{
alert("error"+ss.message);
}
objetus.onreadystatechange=function() {
if ( objetus.readyState == 1 )
{
document.getElementById(div_container).style.display = "";
document.getElementById(div_container).innerHTML = "...";
}
else if ( objetus.readyState==4)
{
if( objetus.status==200)
{
document.getElementById(div_container).innerHTML = objetus.responseText;
if ( callback != '' )
callback();
}
else
{
window.alert('error-['+ objetus.status +']-' + objetus.responseText );
}
}
}
objetus.send(null);
}
function ajax_init_2( ajax_server, div, values, callback )
{
var objetus;
objetus = get_xmlhttp();
objetus.open ("GET", ajax_server + "?" + values, true);
objetus.onreadystatechange=function() {
if ( objetus.readyState == 1 )
{
//document.getElementById(div_container).style.display = "";
//document.getElementById(div_container).innerHTML = "...";
div.style.display = "";
div.innerHTML = "...";
}
else if ( objetus.readyState==4)
{
if( objetus.status==200)
{
//document.getElementById(div_container).innerHTML = objetus.responseText;
div.innerHTML = objetus.responseText;
if ( callback != '' )
callback();
}
else
{
window.alert('error-['+ objetus.status +']-' + objetus.responseText );
}
}
}
objetus.send(null);
}
function iframe_get_xmlhttp() {
try {
xmlhttp = new ActiveXObject('Msxml2.XMLHTTP');
} catch (e) {
try {
xmlhttp = new ActiveXObject('Microsoft.XMLHTTP');
} catch (E) {
xmlhttp = false;
}
}
if (!xmlhttp && typeof XMLHttpRequest != 'undefined') {
xmlhttp = new XMLHttpRequest();
}
return xmlhttp;
}