I reviewed the XSS - MEDIUM in 7 fiels

2015-03-16 17:26:48 -04:00
parent 4bc49c7568
commit b6fdc8e7be
8 changed files with 34 additions and 8 deletions
--- a/workflow/engine/classes/model/AdditionalTables.php
+++ b/workflow/engine/classes/model/AdditionalTables.php
@@ -447,10 +447,10 @@ class AdditionalTables extends BaseAdditionalTables
        }
        G::LoadSystem('inputfilter');
        $filter = new InputFilter();        
-        $sort = $filter->validateInput($_POST['sort']);
        $sClassPeerName = $filter->validateInput($sClassPeerName);

        if (isset($_POST['sort'])) {
+            $_POST['sort'] = $filter->validateInput($_POST['sort']);
            if ($_POST['dir'] == 'ASC') {
                if ($keyOrderUppercase) {
                    eval('$oCriteria->addAscendingOrderByColumn("' . $sort . '");');
--- a/workflow/engine/methods/cases/caseMessageHistory_Ajax.php
+++ b/workflow/engine/methods/cases/caseMessageHistory_Ajax.php
@@ -21,6 +21,10 @@
 * For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
 * Coral Gables, FL, 33134, USA, or email info@colosa.com.
 */
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$_POST = $filter->xssFilterHard($_POST);
+$_REQUEST = $filter->xssFilterHard($_REQUEST);

 $arrayToTranslation = array(
    "TRIGGER"    => G::LoadTranslation("ID_TRIGGER_DB"),
@@ -31,11 +35,11 @@ $actionAjax = isset( $_REQUEST['actionAjax'] ) ? $_REQUEST['actionAjax'] : null;

 if ($actionAjax == 'messageHistoryGridList_JXP') {

-    if (!isset($_REQUEST['start'])) {
+    if (!isset($_REQUEST['start']) || $_REQUEST['start'] =='') {
        $_REQUEST['start'] = 0;
    }

-    if (!isset($_REQUEST['limit'])) {
+    if (!isset($_REQUEST['limit']) || $_REQUEST['limit'] =='') {
        $_REQUEST['limit'] = 20;
    }

--- a/workflow/engine/methods/cases/cases_StepToRevise.php
+++ b/workflow/engine/methods/cases/cases_StepToRevise.php
@@ -23,6 +23,9 @@
 */
 //  die("first");
 /* Permissions */
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$_GET = $filter->xssFilterHard($_GET,"url");
 switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
    case - 2:
        G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
@@ -35,8 +38,9 @@ switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
        die();
        break;
 }
-
+$_SESSION = $filter->xssFilterHard($_SESSION,"url");
 if ((int) $_SESSION['INDEX'] < 1) {
+    $_SERVER['HTTP_REFERER'] = $filter->xssFilterHard($_SERVER['HTTP_REFERER']);
    G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' );
    G::header( 'location: ' . $_SERVER['HTTP_REFERER'] );
    die();
--- a/workflow/engine/methods/cases/cases_StepToReviseInputs.php
+++ b/workflow/engine/methods/cases/cases_StepToReviseInputs.php
@@ -23,6 +23,9 @@
 */
 //die("second");
 /* Permissions */
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$_GET = $filter->xssFilterHard($_GET,"url");
 switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
    case - 2:
        G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
@@ -35,8 +38,9 @@ switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
        die();
        break;
 }
-
+$_SESSION = $filter->xssFilterHard($_SESSION,"url");
 if ((int) $_SESSION['INDEX'] < 1) {
+    $_SERVER['HTTP_REFERER'] = $filter->xssFilterHard($_SERVER['HTTP_REFERER']);
    G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' );
    G::header( 'location: ' . $_SERVER['HTTP_REFERER'] );
    die();
--- a/workflow/engine/methods/cases/cases_StepToReviseOutputs.php
+++ b/workflow/engine/methods/cases/cases_StepToReviseOutputs.php
@@ -23,6 +23,9 @@
 */

 /* Permissions */
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$_GET = $filter->xssFilterHard($_GET,"url");
 switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
    case - 2:
        G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
@@ -35,7 +38,7 @@ switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
        die();
        break;
 }
-
+$_SESSION = $filter->xssFilterHard($_SESSION,"url");
 /* Includes */
 G::LoadClass( 'case' );

--- a/workflow/engine/methods/cases/cases_ToReviseOutputDocView.php
+++ b/workflow/engine/methods/cases/cases_ToReviseOutputDocView.php
@@ -23,6 +23,9 @@
 */

 /* Permissions */
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$_GET = $filter->xssFilterHard($_GET,"url");
 switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
    case - 2:
        G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
@@ -35,7 +38,7 @@ switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
        die();
        break;
 }
-
+$_SESSION = $filter->xssFilterHard($_SESSION,"url");
 /* Includes */
 G::LoadClass( 'case' );

--- a/workflow/engine/methods/cases/cases_generatePMTable.php
+++ b/workflow/engine/methods/cases/cases_generatePMTable.php
@@ -4,6 +4,9 @@
 * and open the template in the editor.
 */

+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$_POST = $filter->xssFilterHard($_POST);
 require_once ("classes/model/AdditionalTables.php");
 require_once ("classes/model/Fields.php");
 // passing the parameters
--- a/workflow/engine/templates/cases/cases_Load.php
+++ b/workflow/engine/templates/cases/cases_Load.php
@@ -1,3 +1,8 @@
+<?php 
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$_POST['qs'] = $filter->xssFilterHard($_POST['qs']);
+?>
 <html>
  <style type="text/css">
   .Footer .content {