fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

VERACODE: I solved the Cross-Site Scripting(18 flaws) [May 01]

Browse Source
This commit is contained in:
Paula V. Quispe
2015-05-04 15:37:35 -04:00
parent 04d40500b1
commit a9359b0956
4 changed files with 55 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
features/bootstrap/RestContext.php
View File

@@ -1515,9 +1515,20 @@ class RestContext extends BehatContext
*/
public function postIWantToUploadTheImageToUser($imageFile, $usrUid, $url)
{
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$imageFile = $this->getParameter('uploadFilesFolder') . $imageFile;
$baseUrl = $this->getParameter('base_url');
$url = $baseUrl.$url.$usrUid."/image-upload";
$url = $baseUrl.$url.$usrUid.'/image-upload';
$accesstoken = $this->getParameter('access_token');
$headr = array();
@@ -1533,10 +1544,11 @@ class RestContext extends BehatContext
if( $postResult === false)
{
//trigger_error(curl_error($ch));
throw new Exception("Image upload failed ($imageFile):\n\n"
throw new Exception('Image upload failed ('.$imageFile.'):\n\n'
. curl_error($ch));
}
curl_close($ch);
$postResult = $filter->xssFilterHard($postResult);
echo $postResult;
}

2
workflow/engine/methods/cases/cases_Ajax.php
View File

@@ -468,7 +468,7 @@ switch (($_POST['action']) ? $_POST['action'] : $_REQUEST['action']) {
$_GET['DEL_INDEX'] = $_POST['DEL_INDEX'];
$G_PUBLISH = new Publisher();
echo "<iframe scrolling='no' style='border:none;height=300px;width:240px;'" . " src='casesToRevisePanelExtJs?APP_UID={$_GET['APP_UID']}&DEL_INDEX={$_GET['DEL_INDEX']}'></iframe>";
echo '<iframe scrolling="no" style="border:none;height=300px;width:240px;"' . ' src=casesToRevisePanelExtJs?APP_UID={'.$_GET['APP_UID'].'}&DEL_INDEX={'.$_GET['DEL_INDEX'].'}></iframe>';
// $G_PUBLISH->AddContent( 'smarty', 'cases/cases_toRevise' );
// $G_PUBLISH->AddContent('smarty', 'cases/cases_toReviseIn', '', '', array());
G::RenderPage( 'publish', 'raw' );

76
workflow/engine/methods/cases/proxyNewCasesList.php
View File

@@ -16,21 +16,21 @@ if (!isset($_SESSION['USER_LOGGED'])) {
try {
$userUid = $_SESSION['USER_LOGGED'];
$filters["paged"] = isset( $_REQUEST["paged"] ) ? $_REQUEST["paged"] : true;
$filters['paged'] = isset( $_REQUEST["paged"] ) ? $_REQUEST["paged"] : true;
$filters['count'] = isset( $_REQUEST['count'] ) ? $_REQUEST['count'] : true;
$filters["category"] = isset( $_REQUEST["category"] ) ? $_REQUEST["category"] : "";
$filters["process"] = isset( $_REQUEST["process"] ) ? $_REQUEST["process"] : "";
$filters["search"] = isset( $_REQUEST["search"] ) ? $_REQUEST["search"] : "";
$filters["filter"] = isset( $_REQUEST["filter"] ) ? $_REQUEST["filter"] : "";
$filters["dateFrom"] = (!empty( $_REQUEST["dateFrom"] )) ? substr( $_REQUEST["dateFrom"], 0, 10 ) : "";
$filters["dateTo"] = (!empty( $_REQUEST["dateTo"] )) ? substr( $_REQUEST["dateTo"], 0, 10 ) : "";
$filters['category'] = isset( $_REQUEST["category"] ) ? $_REQUEST["category"] : "";
$filters['process'] = isset( $_REQUEST["process"] ) ? $_REQUEST["process"] : "";
$filters['search'] = isset( $_REQUEST["search"] ) ? $_REQUEST["search"] : "";
$filters['filter'] = isset( $_REQUEST["filter"] ) ? $_REQUEST["filter"] : "";
$filters['dateFrom'] = (!empty( $_REQUEST["dateFrom"] )) ? substr( $_REQUEST["dateFrom"], 0, 10 ) : "";
$filters['dateTo'] = (!empty( $_REQUEST["dateTo"] )) ? substr( $_REQUEST["dateTo"], 0, 10 ) : "";
$filters["start"] = isset( $_REQUEST["start"] ) ? $_REQUEST["start"] : "0";
$filters["limit"] = isset( $_REQUEST["limit"] ) ? $_REQUEST["limit"] : "25";
$filters["sort"] = isset( $_REQUEST["sort"] ) ? $_REQUEST["sort"] : "";
$filters["dir"] = isset( $_REQUEST["dir"] ) ? $_REQUEST["dir"] : "DESC";
$filters['start'] = isset( $_REQUEST["start"] ) ? $_REQUEST["start"] : "0";
$filters['limit'] = isset( $_REQUEST["limit"] ) ? $_REQUEST["limit"] : "25";
$filters['sort'] = isset( $_REQUEST["sort"] ) ? $_REQUEST["sort"] : "";
$filters['dir'] = isset( $_REQUEST["dir"] ) ? $_REQUEST["dir"] : "DESC";
$filters["action"] = isset( $_REQUEST["action"] ) ? $_REQUEST["action"] : "";
$filters['action'] = isset( $_REQUEST["action"] ) ? $_REQUEST["action"] : "";
$listName = isset( $_REQUEST["list"] ) ? $_REQUEST["list"] : "inbox";
// Select list
@@ -72,36 +72,36 @@ try {
// Validate filters
$filters["start"] = (int)$filters["start"];
$filters["start"] = abs($filters["start"]);
if ($filters["start"] != 0) {
$filters["start"]+1;
$filters['start'] = (int)$filters['start'];
$filters['start'] = abs($filters['start']);
if ($filters['start'] != 0) {
$filters['start']+1;
}
$filters["limit"] = (int)$filters["limit"];
$filters["limit"] = abs($filters["limit"]);
if ($filters["limit"] == 0) {
$filters['limit'] = (int)$filters['limit'];
$filters['limit'] = abs($filters['limit']);
if ($filters['limit'] == 0) {
G::LoadClass("configuration");
$conf = new Configurations();
$generalConfCasesList = $conf->getConfiguration('ENVIRONMENT_SETTINGS', '');
if (isset($generalConfCasesList['casesListRowNumber'])) {
$filters["limit"] = (int)$generalConfCasesList['casesListRowNumber'];
$filters['limit'] = (int)$generalConfCasesList['casesListRowNumber'];
} else {
$filters["limit"] = 25;
$filters['limit'] = 25;
}
} else {
$filters["limit"] = (int)$filters["limit"];
$filters['limit'] = (int)$filters['limit'];
}
$filters["sort"] = G::toUpper($filters["sort"]);
$filters['sort'] = G::toUpper($filters['sort']);
$columnsList = $listpeer::getFieldNames(BasePeer::TYPE_FIELDNAME);
if (!(in_array($filters["sort"], $columnsList))) {
$filters["sort"] = '';
if (!(in_array($filters['sort'], $columnsList))) {
$filters['sort'] = '';
}
$filters["dir"] = G::toUpper($filters["dir"]);
if (!($filters["dir"] == 'DESC' || $filters["dir"] == 'ASC')) {
$filters["dir"] = 'DESC';
$filters['dir'] = G::toUpper($filters['dir']);
if (!($filters['dir'] == 'DESC' || $filters['dir'] == 'ASC')) {
$filters['dir'] = 'DESC';
}
$result = $list->loadList($userUid, $filters);
@@ -134,18 +134,18 @@ try {
}
$filtersData = array();
$filtersData['start'] = $filters["start"];
$filtersData['limit'] = $filters["limit"];
$filtersData['sort'] = G::toLower($filters["sort"]);
$filtersData['dir'] = G::toLower($filters["dir"]);
$filtersData['cat_uid'] = $filters["category"];
$filtersData['pro_uid'] = $filters["process"];
$filtersData['search'] = $filters["search"];
$filtersData['date_from'] = $filters["dateFrom"];
$filtersData['date_to'] = $filters["dateTo"];
$filtersData['start'] = $filters['start'];
$filtersData['limit'] = $filters['limit'];
$filtersData['sort'] = G::toLower($filters['sort']);
$filtersData['dir'] = G::toLower($filters['dir']);
$filtersData['cat_uid'] = $filters['category'];
$filtersData['pro_uid'] = $filters['process'];
$filtersData['search'] = $filters['search'];
$filtersData['date_from'] = $filters['dateFrom'];
$filtersData['date_to'] = $filters['dateTo'];
$response['filters'] = $filtersData;
$response['data'] = $result;
$filtersData['action'] = $filters["action"];
$filtersData['action'] = $filters['action'];
$response['totalCount'] = $list->countTotal($userUid, $filtersData);
$response = $filter->xssFilterHard($response);

4
workflow/engine/methods/setup/pluginsRemove.php
View File

@@ -44,13 +44,13 @@ $filter = new InputFilter();
$pluginName = $_REQUEST['pluginUid'];
$pluginName = $filter->xssFilterHard($pluginName);
if (file_exists( PATH_PLUGINS . $pluginName . ".php" )) {
if (file_exists( PATH_PLUGINS . $pluginName . '.php' )) {
$pluginRegistry = &PMPluginRegistry::getSingleton();
$pluginRegistry->uninstallPlugin( $pluginName );
$path = $filter->validateInput(PATH_DATA_SITE . 'plugin.singleton', 'path');
$pluginRegistry->unSerializeInstance( file_get_contents( $path ) );
}
G::auditLog("RemovePlugin","Plugin Name: ".$pluginName);
G::auditLog('RemovePlugin','Plugin Name: '.$pluginName);
echo $pluginName . ' ' . nl2br( $filter->xssFilterHard(G::LoadTranslation( 'ID_MSG_REMOVE_PLUGIN_SUCCESS' )) );