I reviewed the XSS - MEDIUM in 7 fiels
This commit is contained in:
Paula V. Quispe
@@ -447,10 +447,10 @@ class AdditionalTables extends BaseAdditionalTables
|
||||
}
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$sort = $filter->validateInput($_POST['sort']);
|
||||
$sClassPeerName = $filter->validateInput($sClassPeerName);
|
||||
|
||||
if (isset($_POST['sort'])) {
|
||||
$_POST['sort'] = $filter->validateInput($_POST['sort']);
|
||||
if ($_POST['dir'] == 'ASC') {
|
||||
if ($keyOrderUppercase) {
|
||||
eval('$oCriteria->addAscendingOrderByColumn("' . $sort . '");');
|
||||
|
||||
@@ -21,6 +21,10 @@
|
||||
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
|
||||
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
||||
*/
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
$_REQUEST = $filter->xssFilterHard($_REQUEST);
|
||||
|
||||
$arrayToTranslation = array(
|
||||
"TRIGGER" => G::LoadTranslation("ID_TRIGGER_DB"),
|
||||
@@ -31,11 +35,11 @@ $actionAjax = isset( $_REQUEST['actionAjax'] ) ? $_REQUEST['actionAjax'] : null;
|
||||
|
||||
if ($actionAjax == 'messageHistoryGridList_JXP') {
|
||||
|
||||
if (!isset($_REQUEST['start'])) {
|
||||
if (!isset($_REQUEST['start']) || $_REQUEST['start'] =='') {
|
||||
$_REQUEST['start'] = 0;
|
||||
}
|
||||
|
||||
if (!isset($_REQUEST['limit'])) {
|
||||
if (!isset($_REQUEST['limit']) || $_REQUEST['limit'] =='') {
|
||||
$_REQUEST['limit'] = 20;
|
||||
}
|
||||
|
||||
|
||||
@@ -23,6 +23,9 @@
|
||||
*/
|
||||
// die("first");
|
||||
/* Permissions */
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_GET = $filter->xssFilterHard($_GET,"url");
|
||||
switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
||||
case - 2:
|
||||
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
|
||||
@@ -35,8 +38,9 @@ switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
||||
die();
|
||||
break;
|
||||
}
|
||||
|
||||
$_SESSION = $filter->xssFilterHard($_SESSION,"url");
|
||||
if ((int) $_SESSION['INDEX'] < 1) {
|
||||
$_SERVER['HTTP_REFERER'] = $filter->xssFilterHard($_SERVER['HTTP_REFERER']);
|
||||
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' );
|
||||
G::header( 'location: ' . $_SERVER['HTTP_REFERER'] );
|
||||
die();
|
||||
|
||||
@@ -23,6 +23,9 @@
|
||||
*/
|
||||
//die("second");
|
||||
/* Permissions */
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_GET = $filter->xssFilterHard($_GET,"url");
|
||||
switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
||||
case - 2:
|
||||
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
|
||||
@@ -35,8 +38,9 @@ switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
||||
die();
|
||||
break;
|
||||
}
|
||||
|
||||
$_SESSION = $filter->xssFilterHard($_SESSION,"url");
|
||||
if ((int) $_SESSION['INDEX'] < 1) {
|
||||
$_SERVER['HTTP_REFERER'] = $filter->xssFilterHard($_SERVER['HTTP_REFERER']);
|
||||
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' );
|
||||
G::header( 'location: ' . $_SERVER['HTTP_REFERER'] );
|
||||
die();
|
||||
|
||||
@@ -23,6 +23,9 @@
|
||||
*/
|
||||
|
||||
/* Permissions */
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_GET = $filter->xssFilterHard($_GET,"url");
|
||||
switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
||||
case - 2:
|
||||
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
|
||||
@@ -35,7 +38,7 @@ switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
||||
die();
|
||||
break;
|
||||
}
|
||||
|
||||
$_SESSION = $filter->xssFilterHard($_SESSION,"url");
|
||||
/* Includes */
|
||||
G::LoadClass( 'case' );
|
||||
|
||||
|
||||
@@ -23,6 +23,9 @@
|
||||
*/
|
||||
|
||||
/* Permissions */
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_GET = $filter->xssFilterHard($_GET,"url");
|
||||
switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
||||
case - 2:
|
||||
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
|
||||
@@ -35,7 +38,7 @@ switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
||||
die();
|
||||
break;
|
||||
}
|
||||
|
||||
$_SESSION = $filter->xssFilterHard($_SESSION,"url");
|
||||
/* Includes */
|
||||
G::LoadClass( 'case' );
|
||||
|
||||
|
||||
@@ -4,6 +4,9 @@
|
||||
* and open the template in the editor.
|
||||
*/
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
require_once ("classes/model/AdditionalTables.php");
|
||||
require_once ("classes/model/Fields.php");
|
||||
// passing the parameters
|
||||
|
||||
@@ -1,3 +1,8 @@
|
||||
<?php
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST['qs'] = $filter->xssFilterHard($_POST['qs']);
|
||||
?>
|
||||
<html>
|
||||
<style type="text/css">
|
||||
.Footer .content {
|
||||
|
||||
Reference in New Issue
Block a user