fernando/luos
1
0
Fork 0
Code Releases Activity

Merged in mcuiza/processmaker/DT-issues-1 (pull request #1796)

Browse Source 
veracode issues
This commit is contained in:
Julio Cesar Laura Avendaño
2015-03-30 13:34:44 -04:00
parent 2d82b97f55 416094fa2a
commit a2a1ba562d
3 changed files with 25 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
gulliver/system/class.g.php
View File

@@ -2635,9 +2635,15 @@ class G
if (! is_dir( $path )) { if (! is_dir( $path )) {
G::verifyPath( $path, true ); G::verifyPath( $path, true );
} }
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$file = $filter->validateInput($file, "path");
move_uploaded_file( $file, $path . "/" . $nameToSave ); move_uploaded_file( $file, $path . "/" . $nameToSave );
@chmod( $path . "/" . $nameToSave, $permission ); @chmod( $path . "/" . $nameToSave, $permission );
umask( $oldumask ); umask( $oldumask );
} catch (Exception $oException) { } catch (Exception $oException) {
throw $oException; throw $oException;
} }

2
workflow/engine/classes/model/AddonsManager.php
View File

@@ -215,7 +215,7 @@ class AddonsManager extends BaseAddonsManager
$var = explode("&", $aux[1]); $var = explode("&", $aux[1]);
/////// ///////
$boundary = "---------------------" . substr(md5(rand(0, 32000)), 0, 10); $boundary = "---------------------" . substr(G::encryptOld(rand(0, 32000)), 0, 10);
$data = null; $data = null;
for ($i = 0; $i <= count($var) - 1; $i++) { for ($i = 0; $i <= count($var) - 1; $i++) {

19
workflow/engine/methods/cases/cases_Step.php
View File

@@ -519,15 +519,21 @@ try {
$util->setInputPath( $javaInput ); $util->setInputPath( $javaInput );
$util->setOutputPath( $javaOutput ); $util->setOutputPath( $javaOutput );
G::LoadSystem('inputfilter');
$filter = new InputFilter();
//$content = file_get_contents ( PATH_DYNAFORM . $aOD['PRO_UID'] . PATH_SEP . $aOD['OUT_DOC_UID'] . '.jrxml' ); //$content = file_get_contents ( PATH_DYNAFORM . $aOD['PRO_UID'] . PATH_SEP . $aOD['OUT_DOC_UID'] . '.jrxml' );
//$iSize = file_put_contents ( $javaInput . $aOD['OUT_DOC_UID'] . '.jrxml', $content ); //$iSize = file_put_contents ( $javaInput . $aOD['OUT_DOC_UID'] . '.jrxml', $content );
copy( PATH_DYNAFORM . $aOD['PRO_UID'] . PATH_SEP . $aOD['OUT_DOC_UID'] . '.jrxml', $javaInput . $aOD['OUT_DOC_UID'] . '.jrxml' ); $locationFrom = PATH_DYNAFORM . $aOD['PRO_UID'] . PATH_SEP . $aOD['OUT_DOC_UID'] . '.jrxml';
$locationFrom = $filter->validateInput($locationFrom, "path");
copy( $locationFrom, $javaInput . $aOD['OUT_DOC_UID'] . '.jrxml' );
$outputFile = $javaOutput . $sFilename . '.pdf'; $outputFile = $javaOutput . $sFilename . '.pdf';
print $util->jrxml2pdf( $aOD['OUT_DOC_UID'] . '.jrxml', basename( $outputFile ) ); print $util->jrxml2pdf( $aOD['OUT_DOC_UID'] . '.jrxml', basename( $outputFile ) );
//$content = file_get_contents ( $outputFile ); //$content = file_get_contents ( $outputFile );
//$iSize = file_put_contents ( $pathOutput . $sFilename . '.pdf' , $content ); //$iSize = file_put_contents ( $pathOutput . $sFilename . '.pdf' , $content );
$outputFile = $filter->validateInput($outputFile, "path");
copy( $outputFile, $pathOutput . $sFilename . '.pdf' ); copy( $outputFile, $pathOutput . $sFilename . '.pdf' );
//die; //die;
break; break;
@@ -548,12 +554,19 @@ try {
$util->setInputPath( $javaInput ); $util->setInputPath( $javaInput );
$util->setOutputPath( $javaOutput ); $util->setOutputPath( $javaOutput );
copy( PATH_DYNAFORM . $aOD['PRO_UID'] . PATH_SEP . $aOD['OUT_DOC_UID'] . '.pdf', $javaInput . $aOD['OUT_DOC_UID'] . '.pdf' ); G::LoadSystem('inputfilter');
$filter = new InputFilter();
$locationFrom = PATH_DYNAFORM . $aOD['PRO_UID'] . PATH_SEP . $aOD['OUT_DOC_UID'] . '.pdf';
$locationFrom = $filter->validateInput($locationFrom, "path");
copy( $locationFrom, $javaInput . $aOD['OUT_DOC_UID'] . '.pdf' );
$outputFile = $javaOutput . $sFilename . '.pdf'; $outputFile = $javaOutput . $sFilename . '.pdf';
print $util->writeVarsToAcroFields( $aOD['OUT_DOC_UID'] . '.pdf', $xmlData ); print $util->writeVarsToAcroFields( $aOD['OUT_DOC_UID'] . '.pdf', $xmlData );
copy( $javaOutput . $aOD['OUT_DOC_UID'] . '.pdf', $pathOutput . $sFilename . '.pdf' ); $locationFrom = $javaOutput . $aOD['OUT_DOC_UID'] . '.pdf';
$locationFrom = $filter->validateInput($locationFrom, "path");
copy( $locationFrom, $pathOutput . $sFilename . '.pdf' );
break; break;
default: default: