Merged in paulis/processmaker/PM-VERACODE-21 (pull request #1980)

I solved some issues related to Veracode [April 18].

workflow/engine/methods/setup/appCacheViewAjax.php

@@ -302,7 +302,7 @@ switch ($request) {
         list($sucess, $msgErr) = testConnection(DB_ADAPTER, $serverName, $user, $passwd, $port);
 
         if ($sucess) {
-            $sh = md5( filemtime( PATH_GULLIVER . "/class.g.php" ) );
+            $sh = G::encryptOld( filemtime( PATH_GULLIVER . "/class.g.php" ) );
             $h = G::encrypt( $_POST['host'] . $sh . $_POST['user'] . $sh . $_POST['password'] . $sh . (1), $sh );
             $insertStatements = "define ( 'HASH_INSTALLATION','{$h}' );  \ndefine ( 'SYSTEM_HASH', '{$sh}' ); \n";
             $lines = array ();

workflow/engine/methods/setup/pluginsRemove.php

@@ -39,7 +39,8 @@ switch ($RBAC->userCanAccess('PM_SETUP_ADVANCE'))
 }*/
 
 G::LoadClass( "plugin" );
-
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
 $pluginName = $_REQUEST["pluginUid"];
 
 if (file_exists( PATH_PLUGINS . $pluginName . ".php" )) {
@@ -50,5 +51,5 @@ if (file_exists( PATH_PLUGINS . $pluginName . ".php" )) {
     $pluginRegistry->unSerializeInstance( file_get_contents( PATH_DATA_SITE . "plugin.singleton" ) );
 }
 G::auditLog("RemovePlugin","Plugin Name: ".$pluginName);
-echo $pluginName . " " . nl2br( G::LoadTranslation( "ID_MSG_REMOVE_PLUGIN_SUCCESS" ) );
+echo $pluginName . " " . nl2br( $filter->xssFilterHard(G::LoadTranslation( "ID_MSG_REMOVE_PLUGIN_SUCCESS" )) );