fernando/luos
1
0
Fork 0
Code Releases Activity

VERACODE: I solved some issues [May 01]

Browse Source
This commit is contained in:
Paula V. Quispe
2015-05-04 17:26:32 -04:00
parent 04d40500b1
commit c4032c9dcb
4 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
workflow/engine/controllers/pmTablesProxy.php
View File

@@ -671,11 +671,11 @@ class pmTablesProxy extends HttpProxyController
$filter = new InputFilter();
$countRow = 250;
$tmpfilename = $_FILES['form']['tmp_name']['CSV_FILE'];
$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path');
//$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path');
if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $tmpfilename ) ) === 0) {
$filename = $_FILES['form']['name']['CSV_FILE'];
$filename = $filter->xssFilterHard($filename, 'path');
if ($oFile = fopen( $tmpfilename, 'r' )) {
//$filename = $filter->xssFilterHard($filename, 'path');
if ($oFile = fopen( $filter->xssFilterHard($tmpfilename, 'path'), 'r' )) {
require_once 'classes/model/AdditionalTables.php';
$oAdditionalTables = new AdditionalTables();
$aAdditionalTables = $oAdditionalTables->load( $_POST['form']['ADD_TAB_UID'], true );
@@ -771,11 +771,11 @@ class pmTablesProxy extends HttpProxyController
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$tmpfilename = $_FILES['form']['tmp_name']['CSV_FILE'];
$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path');
//$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path');
if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $tmpfilename ) ) === 0) {
$filename = $_FILES['form']['name']['CSV_FILE'];
$filename = $filter->xssFilterHard($filename, 'path');
if ($oFile = fopen( $tmpfilename, 'r' )) {
if ($oFile = fopen( $filter->xssFilterHard($tmpfilename, 'path'), 'r' )) {
require_once 'classes/model/AdditionalTables.php';
$oAdditionalTables = new AdditionalTables();
$aAdditionalTables = $oAdditionalTables->load( $_POST['form']['ADD_TAB_UID'], true );