fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

VERACODE: I solved the Cross-Site Scripting(18 flaws) [May 01]

Browse Source
This commit is contained in:
Paula V. Quispe
2015-05-04 15:37:35 -04:00
parent 04d40500b1
commit a9359b0956
4 changed files with 55 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
features/bootstrap/RestContext.php
View File

@@ -1515,9 +1515,20 @@ class RestContext extends BehatContext
*/ */
public function postIWantToUploadTheImageToUser($imageFile, $usrUid, $url) public function postIWantToUploadTheImageToUser($imageFile, $usrUid, $url)
{ {
if (!class_exists('G')) {
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
}
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$imageFile = $this->getParameter('uploadFilesFolder') . $imageFile; $imageFile = $this->getParameter('uploadFilesFolder') . $imageFile;
$baseUrl = $this->getParameter('base_url'); $baseUrl = $this->getParameter('base_url');
$url = $baseUrl.$url.$usrUid."/image-upload"; $url = $baseUrl.$url.$usrUid.'/image-upload';
$accesstoken = $this->getParameter('access_token'); $accesstoken = $this->getParameter('access_token');
$headr = array(); $headr = array();
@@ -1533,10 +1544,11 @@ class RestContext extends BehatContext
if( $postResult === false) if( $postResult === false)
{ {
//trigger_error(curl_error($ch)); //trigger_error(curl_error($ch));
throw new Exception("Image upload failed ($imageFile):\n\n" throw new Exception('Image upload failed ('.$imageFile.'):\n\n'
. curl_error($ch)); . curl_error($ch));
} }
curl_close($ch); curl_close($ch);
$postResult = $filter->xssFilterHard($postResult);
echo $postResult; echo $postResult;
} }

2
workflow/engine/methods/cases/cases_Ajax.php
View File

@@ -468,7 +468,7 @@ switch (($_POST['action']) ? $_POST['action'] : $_REQUEST['action']) {
$_GET['DEL_INDEX'] = $_POST['DEL_INDEX']; $_GET['DEL_INDEX'] = $_POST['DEL_INDEX'];
$G_PUBLISH = new Publisher(); $G_PUBLISH = new Publisher();
echo "<iframe scrolling='no' style='border:none;height=300px;width:240px;'" . " src='casesToRevisePanelExtJs?APP_UID={$_GET['APP_UID']}&DEL_INDEX={$_GET['DEL_INDEX']}'></iframe>"; echo '<iframe scrolling="no" style="border:none;height=300px;width:240px;"' . ' src=casesToRevisePanelExtJs?APP_UID={'.$_GET['APP_UID'].'}&DEL_INDEX={'.$_GET['DEL_INDEX'].'}></iframe>';
// $G_PUBLISH->AddContent( 'smarty', 'cases/cases_toRevise' ); // $G_PUBLISH->AddContent( 'smarty', 'cases/cases_toRevise' );
// $G_PUBLISH->AddContent('smarty', 'cases/cases_toReviseIn', '', '', array()); // $G_PUBLISH->AddContent('smarty', 'cases/cases_toReviseIn', '', '', array());
G::RenderPage( 'publish', 'raw' ); G::RenderPage( 'publish', 'raw' );

76
workflow/engine/methods/cases/proxyNewCasesList.php
View File

@@ -16,21 +16,21 @@ if (!isset($_SESSION['USER_LOGGED'])) {
try { try {
$userUid = $_SESSION['USER_LOGGED']; $userUid = $_SESSION['USER_LOGGED'];
$filters["paged"] = isset( $_REQUEST["paged"] ) ? $_REQUEST["paged"] : true; $filters['paged'] = isset( $_REQUEST["paged"] ) ? $_REQUEST["paged"] : true;
$filters['count'] = isset( $_REQUEST['count'] ) ? $_REQUEST['count'] : true; $filters['count'] = isset( $_REQUEST['count'] ) ? $_REQUEST['count'] : true;
$filters["category"] = isset( $_REQUEST["category"] ) ? $_REQUEST["category"] : ""; $filters['category'] = isset( $_REQUEST["category"] ) ? $_REQUEST["category"] : "";
$filters["process"] = isset( $_REQUEST["process"] ) ? $_REQUEST["process"] : ""; $filters['process'] = isset( $_REQUEST["process"] ) ? $_REQUEST["process"] : "";
$filters["search"] = isset( $_REQUEST["search"] ) ? $_REQUEST["search"] : ""; $filters['search'] = isset( $_REQUEST["search"] ) ? $_REQUEST["search"] : "";
$filters["filter"] = isset( $_REQUEST["filter"] ) ? $_REQUEST["filter"] : ""; $filters['filter'] = isset( $_REQUEST["filter"] ) ? $_REQUEST["filter"] : "";
$filters["dateFrom"] = (!empty( $_REQUEST["dateFrom"] )) ? substr( $_REQUEST["dateFrom"], 0, 10 ) : ""; $filters['dateFrom'] = (!empty( $_REQUEST["dateFrom"] )) ? substr( $_REQUEST["dateFrom"], 0, 10 ) : "";
$filters["dateTo"] = (!empty( $_REQUEST["dateTo"] )) ? substr( $_REQUEST["dateTo"], 0, 10 ) : ""; $filters['dateTo'] = (!empty( $_REQUEST["dateTo"] )) ? substr( $_REQUEST["dateTo"], 0, 10 ) : "";
$filters["start"] = isset( $_REQUEST["start"] ) ? $_REQUEST["start"] : "0"; $filters['start'] = isset( $_REQUEST["start"] ) ? $_REQUEST["start"] : "0";
$filters["limit"] = isset( $_REQUEST["limit"] ) ? $_REQUEST["limit"] : "25"; $filters['limit'] = isset( $_REQUEST["limit"] ) ? $_REQUEST["limit"] : "25";
$filters["sort"] = isset( $_REQUEST["sort"] ) ? $_REQUEST["sort"] : ""; $filters['sort'] = isset( $_REQUEST["sort"] ) ? $_REQUEST["sort"] : "";
$filters["dir"] = isset( $_REQUEST["dir"] ) ? $_REQUEST["dir"] : "DESC"; $filters['dir'] = isset( $_REQUEST["dir"] ) ? $_REQUEST["dir"] : "DESC";
$filters["action"] = isset( $_REQUEST["action"] ) ? $_REQUEST["action"] : ""; $filters['action'] = isset( $_REQUEST["action"] ) ? $_REQUEST["action"] : "";
$listName = isset( $_REQUEST["list"] ) ? $_REQUEST["list"] : "inbox"; $listName = isset( $_REQUEST["list"] ) ? $_REQUEST["list"] : "inbox";
// Select list // Select list
@@ -72,36 +72,36 @@ try {
// Validate filters // Validate filters
$filters["start"] = (int)$filters["start"]; $filters['start'] = (int)$filters['start'];
$filters["start"] = abs($filters["start"]); $filters['start'] = abs($filters['start']);
if ($filters["start"] != 0) { if ($filters['start'] != 0) {
$filters["start"]+1; $filters['start']+1;
} }
$filters["limit"] = (int)$filters["limit"]; $filters['limit'] = (int)$filters['limit'];
$filters["limit"] = abs($filters["limit"]); $filters['limit'] = abs($filters['limit']);
if ($filters["limit"] == 0) { if ($filters['limit'] == 0) {
G::LoadClass("configuration"); G::LoadClass("configuration");
$conf = new Configurations(); $conf = new Configurations();
$generalConfCasesList = $conf->getConfiguration('ENVIRONMENT_SETTINGS', ''); $generalConfCasesList = $conf->getConfiguration('ENVIRONMENT_SETTINGS', '');
if (isset($generalConfCasesList['casesListRowNumber'])) { if (isset($generalConfCasesList['casesListRowNumber'])) {
$filters["limit"] = (int)$generalConfCasesList['casesListRowNumber']; $filters['limit'] = (int)$generalConfCasesList['casesListRowNumber'];
} else { } else {
$filters["limit"] = 25; $filters['limit'] = 25;
} }
} else { } else {
$filters["limit"] = (int)$filters["limit"]; $filters['limit'] = (int)$filters['limit'];
} }
$filters["sort"] = G::toUpper($filters["sort"]); $filters['sort'] = G::toUpper($filters['sort']);
$columnsList = $listpeer::getFieldNames(BasePeer::TYPE_FIELDNAME); $columnsList = $listpeer::getFieldNames(BasePeer::TYPE_FIELDNAME);
if (!(in_array($filters["sort"], $columnsList))) { if (!(in_array($filters['sort'], $columnsList))) {
$filters["sort"] = ''; $filters['sort'] = '';
} }
$filters["dir"] = G::toUpper($filters["dir"]); $filters['dir'] = G::toUpper($filters['dir']);
if (!($filters["dir"] == 'DESC' || $filters["dir"] == 'ASC')) { if (!($filters['dir'] == 'DESC' || $filters['dir'] == 'ASC')) {
$filters["dir"] = 'DESC'; $filters['dir'] = 'DESC';
} }
$result = $list->loadList($userUid, $filters); $result = $list->loadList($userUid, $filters);
@@ -134,18 +134,18 @@ try {
} }
$filtersData = array(); $filtersData = array();
$filtersData['start'] = $filters["start"]; $filtersData['start'] = $filters['start'];
$filtersData['limit'] = $filters["limit"]; $filtersData['limit'] = $filters['limit'];
$filtersData['sort'] = G::toLower($filters["sort"]); $filtersData['sort'] = G::toLower($filters['sort']);
$filtersData['dir'] = G::toLower($filters["dir"]); $filtersData['dir'] = G::toLower($filters['dir']);
$filtersData['cat_uid'] = $filters["category"]; $filtersData['cat_uid'] = $filters['category'];
$filtersData['pro_uid'] = $filters["process"]; $filtersData['pro_uid'] = $filters['process'];
$filtersData['search'] = $filters["search"]; $filtersData['search'] = $filters['search'];
$filtersData['date_from'] = $filters["dateFrom"]; $filtersData['date_from'] = $filters['dateFrom'];
$filtersData['date_to'] = $filters["dateTo"]; $filtersData['date_to'] = $filters['dateTo'];
$response['filters'] = $filtersData; $response['filters'] = $filtersData;
$response['data'] = $result; $response['data'] = $result;
$filtersData['action'] = $filters["action"]; $filtersData['action'] = $filters['action'];
$response['totalCount'] = $list->countTotal($userUid, $filtersData); $response['totalCount'] = $list->countTotal($userUid, $filtersData);
$response = $filter->xssFilterHard($response); $response = $filter->xssFilterHard($response);

4
workflow/engine/methods/setup/pluginsRemove.php
View File

@@ -44,13 +44,13 @@ $filter = new InputFilter();
$pluginName = $_REQUEST['pluginUid']; $pluginName = $_REQUEST['pluginUid'];
$pluginName = $filter->xssFilterHard($pluginName); $pluginName = $filter->xssFilterHard($pluginName);
if (file_exists( PATH_PLUGINS . $pluginName . ".php" )) { if (file_exists( PATH_PLUGINS . $pluginName . '.php' )) {
$pluginRegistry = &PMPluginRegistry::getSingleton(); $pluginRegistry = &PMPluginRegistry::getSingleton();
$pluginRegistry->uninstallPlugin( $pluginName ); $pluginRegistry->uninstallPlugin( $pluginName );
$path = $filter->validateInput(PATH_DATA_SITE . 'plugin.singleton', 'path'); $path = $filter->validateInput(PATH_DATA_SITE . 'plugin.singleton', 'path');
$pluginRegistry->unSerializeInstance( file_get_contents( $path ) ); $pluginRegistry->unSerializeInstance( file_get_contents( $path ) );
} }
G::auditLog("RemovePlugin","Plugin Name: ".$pluginName); G::auditLog('RemovePlugin','Plugin Name: '.$pluginName);
echo $pluginName . ' ' . nl2br( $filter->xssFilterHard(G::LoadTranslation( 'ID_MSG_REMOVE_PLUGIN_SUCCESS' )) ); echo $pluginName . ' ' . nl2br( $filter->xssFilterHard(G::LoadTranslation( 'ID_MSG_REMOVE_PLUGIN_SUCCESS' )) );