I reviewed the XSS - MEDIUM in 7 fiels
This commit is contained in:
Paula V. Quispe
@@ -446,11 +446,11 @@ class AdditionalTables extends BaseAdditionalTables
|
|||||||
eval('$count = ' . $sClassPeerName . '::doCount($oCriteria);');
|
eval('$count = ' . $sClassPeerName . '::doCount($oCriteria);');
|
||||||
}
|
}
|
||||||
G::LoadSystem('inputfilter');
|
G::LoadSystem('inputfilter');
|
||||||
$filter = new InputFilter();
|
$filter = new InputFilter();
|
||||||
$sort = $filter->validateInput($_POST['sort']);
|
|
||||||
$sClassPeerName = $filter->validateInput($sClassPeerName);
|
$sClassPeerName = $filter->validateInput($sClassPeerName);
|
||||||
|
|
||||||
if (isset($_POST['sort'])) {
|
if (isset($_POST['sort'])) {
|
||||||
|
$_POST['sort'] = $filter->validateInput($_POST['sort']);
|
||||||
if ($_POST['dir'] == 'ASC') {
|
if ($_POST['dir'] == 'ASC') {
|
||||||
if ($keyOrderUppercase) {
|
if ($keyOrderUppercase) {
|
||||||
eval('$oCriteria->addAscendingOrderByColumn("' . $sort . '");');
|
eval('$oCriteria->addAscendingOrderByColumn("' . $sort . '");');
|
||||||
|
|||||||
@@ -21,6 +21,10 @@
|
|||||||
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
|
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
|
||||||
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
||||||
*/
|
*/
|
||||||
|
G::LoadSystem('inputfilter');
|
||||||
|
$filter = new InputFilter();
|
||||||
|
$_POST = $filter->xssFilterHard($_POST);
|
||||||
|
$_REQUEST = $filter->xssFilterHard($_REQUEST);
|
||||||
|
|
||||||
$arrayToTranslation = array(
|
$arrayToTranslation = array(
|
||||||
"TRIGGER" => G::LoadTranslation("ID_TRIGGER_DB"),
|
"TRIGGER" => G::LoadTranslation("ID_TRIGGER_DB"),
|
||||||
@@ -31,11 +35,11 @@ $actionAjax = isset( $_REQUEST['actionAjax'] ) ? $_REQUEST['actionAjax'] : null;
|
|||||||
|
|
||||||
if ($actionAjax == 'messageHistoryGridList_JXP') {
|
if ($actionAjax == 'messageHistoryGridList_JXP') {
|
||||||
|
|
||||||
if (!isset($_REQUEST['start'])) {
|
if (!isset($_REQUEST['start']) || $_REQUEST['start'] =='') {
|
||||||
$_REQUEST['start'] = 0;
|
$_REQUEST['start'] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!isset($_REQUEST['limit'])) {
|
if (!isset($_REQUEST['limit']) || $_REQUEST['limit'] =='') {
|
||||||
$_REQUEST['limit'] = 20;
|
$_REQUEST['limit'] = 20;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -23,6 +23,9 @@
|
|||||||
*/
|
*/
|
||||||
// die("first");
|
// die("first");
|
||||||
/* Permissions */
|
/* Permissions */
|
||||||
|
G::LoadSystem('inputfilter');
|
||||||
|
$filter = new InputFilter();
|
||||||
|
$_GET = $filter->xssFilterHard($_GET,"url");
|
||||||
switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
||||||
case - 2:
|
case - 2:
|
||||||
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
|
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
|
||||||
@@ -35,8 +38,9 @@ switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
|||||||
die();
|
die();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
$_SESSION = $filter->xssFilterHard($_SESSION,"url");
|
||||||
if ((int) $_SESSION['INDEX'] < 1) {
|
if ((int) $_SESSION['INDEX'] < 1) {
|
||||||
|
$_SERVER['HTTP_REFERER'] = $filter->xssFilterHard($_SERVER['HTTP_REFERER']);
|
||||||
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' );
|
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' );
|
||||||
G::header( 'location: ' . $_SERVER['HTTP_REFERER'] );
|
G::header( 'location: ' . $_SERVER['HTTP_REFERER'] );
|
||||||
die();
|
die();
|
||||||
|
|||||||
@@ -23,6 +23,9 @@
|
|||||||
*/
|
*/
|
||||||
//die("second");
|
//die("second");
|
||||||
/* Permissions */
|
/* Permissions */
|
||||||
|
G::LoadSystem('inputfilter');
|
||||||
|
$filter = new InputFilter();
|
||||||
|
$_GET = $filter->xssFilterHard($_GET,"url");
|
||||||
switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
||||||
case - 2:
|
case - 2:
|
||||||
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
|
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
|
||||||
@@ -35,8 +38,9 @@ switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
|||||||
die();
|
die();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
$_SESSION = $filter->xssFilterHard($_SESSION,"url");
|
||||||
if ((int) $_SESSION['INDEX'] < 1) {
|
if ((int) $_SESSION['INDEX'] < 1) {
|
||||||
|
$_SERVER['HTTP_REFERER'] = $filter->xssFilterHard($_SERVER['HTTP_REFERER']);
|
||||||
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' );
|
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' );
|
||||||
G::header( 'location: ' . $_SERVER['HTTP_REFERER'] );
|
G::header( 'location: ' . $_SERVER['HTTP_REFERER'] );
|
||||||
die();
|
die();
|
||||||
|
|||||||
@@ -23,6 +23,9 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
/* Permissions */
|
/* Permissions */
|
||||||
|
G::LoadSystem('inputfilter');
|
||||||
|
$filter = new InputFilter();
|
||||||
|
$_GET = $filter->xssFilterHard($_GET,"url");
|
||||||
switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
||||||
case - 2:
|
case - 2:
|
||||||
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
|
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
|
||||||
@@ -35,7 +38,7 @@ switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
|||||||
die();
|
die();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
$_SESSION = $filter->xssFilterHard($_SESSION,"url");
|
||||||
/* Includes */
|
/* Includes */
|
||||||
G::LoadClass( 'case' );
|
G::LoadClass( 'case' );
|
||||||
|
|
||||||
|
|||||||
@@ -23,6 +23,9 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
/* Permissions */
|
/* Permissions */
|
||||||
|
G::LoadSystem('inputfilter');
|
||||||
|
$filter = new InputFilter();
|
||||||
|
$_GET = $filter->xssFilterHard($_GET,"url");
|
||||||
switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
||||||
case - 2:
|
case - 2:
|
||||||
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
|
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
|
||||||
@@ -35,7 +38,7 @@ switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
|||||||
die();
|
die();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
$_SESSION = $filter->xssFilterHard($_SESSION,"url");
|
||||||
/* Includes */
|
/* Includes */
|
||||||
G::LoadClass( 'case' );
|
G::LoadClass( 'case' );
|
||||||
|
|
||||||
|
|||||||
@@ -4,6 +4,9 @@
|
|||||||
* and open the template in the editor.
|
* and open the template in the editor.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
G::LoadSystem('inputfilter');
|
||||||
|
$filter = new InputFilter();
|
||||||
|
$_POST = $filter->xssFilterHard($_POST);
|
||||||
require_once ("classes/model/AdditionalTables.php");
|
require_once ("classes/model/AdditionalTables.php");
|
||||||
require_once ("classes/model/Fields.php");
|
require_once ("classes/model/Fields.php");
|
||||||
// passing the parameters
|
// passing the parameters
|
||||||
|
|||||||
@@ -1,3 +1,8 @@
|
|||||||
|
<?php
|
||||||
|
G::LoadSystem('inputfilter');
|
||||||
|
$filter = new InputFilter();
|
||||||
|
$_POST['qs'] = $filter->xssFilterHard($_POST['qs']);
|
||||||
|
?>
|
||||||
<html>
|
<html>
|
||||||
<style type="text/css">
|
<style type="text/css">
|
||||||
.Footer .content {
|
.Footer .content {
|
||||||
|
|||||||
Reference in New Issue
Block a user