PMCORE-2324 SQL Injection via 'Category' parameter in proxyNewCasesList endpoint

2020-10-15 19:48:15 -04:00
parent 6942e304da
commit 8a306f38d4
23 changed files with 589 additions and 15 deletions
--- a/workflow/engine/classes/model/ListInbox.php
+++ b/workflow/engine/classes/model/ListInbox.php
@@ -513,7 +513,7 @@ class ListInbox extends BaseListInbox implements ListInterface
            $criteria->addSelectColumn(ProcessPeer::PRO_CATEGORY);
            $aConditions   = array();
            $aConditions[] = array(ListInboxPeer::PRO_UID, ProcessPeer::PRO_UID);
-            $aConditions[] = array(ProcessPeer::PRO_CATEGORY, "'" . $category . "'");
+            $aConditions[] = array(ProcessPeer::PRO_CATEGORY, "'" . G::realEscapeString($category) . "'");
            $criteria->addJoinMC($aConditions, Criteria::INNER_JOIN);
        }
        //Those filters: $newestthan, $oldestthan is used from mobile GET /light/todo