fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

VERACODE: I solved some issues [May 01]

Browse Source
This commit is contained in:
Paula V. Quispe
2015-05-04 17:26:32 -04:00
parent 04d40500b1
commit c4032c9dcb
4 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
gulliver/thirdparty/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php vendored
View File

@@ -96,7 +96,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac
G::LoadSystem('inputfilter'); G::LoadSystem('inputfilter');
$filter = new InputFilter(); $filter = new InputFilter();
$file = $filter->validateInput($file,"path"); $file = $filter->validateInput($file,'path');
return unlink($file); return unlink($file);
} }
@@ -209,7 +209,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac
G::LoadSystem('inputfilter'); G::LoadSystem('inputfilter');
$filter = new InputFilter(); $filter = new InputFilter();
$file = $filter->validateInput($file,"path"); $file = $filter->validateInput($file,'path');
if(is_file($file)) { if(is_file($file)) {
$result = file_put_contents($file, $data); $result = file_put_contents($file, $data);

10
workflow/engine/controllers/pmTablesProxy.php
View File

@@ -671,11 +671,11 @@ class pmTablesProxy extends HttpProxyController
$filter = new InputFilter(); $filter = new InputFilter();
$countRow = 250; $countRow = 250;
$tmpfilename = $_FILES['form']['tmp_name']['CSV_FILE']; $tmpfilename = $_FILES['form']['tmp_name']['CSV_FILE'];
$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path'); //$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path');
if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $tmpfilename ) ) === 0) { if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $tmpfilename ) ) === 0) {
$filename = $_FILES['form']['name']['CSV_FILE']; $filename = $_FILES['form']['name']['CSV_FILE'];
$filename = $filter->xssFilterHard($filename, 'path'); //$filename = $filter->xssFilterHard($filename, 'path');
if ($oFile = fopen( $tmpfilename, 'r' )) { if ($oFile = fopen( $filter->xssFilterHard($tmpfilename, 'path'), 'r' )) {
require_once 'classes/model/AdditionalTables.php'; require_once 'classes/model/AdditionalTables.php';
$oAdditionalTables = new AdditionalTables(); $oAdditionalTables = new AdditionalTables();
$aAdditionalTables = $oAdditionalTables->load( $_POST['form']['ADD_TAB_UID'], true ); $aAdditionalTables = $oAdditionalTables->load( $_POST['form']['ADD_TAB_UID'], true );
@@ -771,11 +771,11 @@ class pmTablesProxy extends HttpProxyController
G::LoadSystem('inputfilter'); G::LoadSystem('inputfilter');
$filter = new InputFilter(); $filter = new InputFilter();
$tmpfilename = $_FILES['form']['tmp_name']['CSV_FILE']; $tmpfilename = $_FILES['form']['tmp_name']['CSV_FILE'];
$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path'); //$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path');
if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $tmpfilename ) ) === 0) { if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $tmpfilename ) ) === 0) {
$filename = $_FILES['form']['name']['CSV_FILE']; $filename = $_FILES['form']['name']['CSV_FILE'];
$filename = $filter->xssFilterHard($filename, 'path'); $filename = $filter->xssFilterHard($filename, 'path');
if ($oFile = fopen( $tmpfilename, 'r' )) { if ($oFile = fopen( $filter->xssFilterHard($tmpfilename, 'path'), 'r' )) {
require_once 'classes/model/AdditionalTables.php'; require_once 'classes/model/AdditionalTables.php';
$oAdditionalTables = new AdditionalTables(); $oAdditionalTables = new AdditionalTables();
$aAdditionalTables = $oAdditionalTables->load( $_POST['form']['ADD_TAB_UID'], true ); $aAdditionalTables = $oAdditionalTables->load( $_POST['form']['ADD_TAB_UID'], true );

2
workflow/engine/methods/users/usersAjax.php
View File

@@ -200,7 +200,7 @@ switch ($_POST['action']) {
} }
$aData['USR_STATUS'] = $statusWF; $aData['USR_STATUS'] = $statusWF;
$aData['USR_UID'] = $sUserUID; $aData['USR_UID'] = $sUserUID;
$aData['USR_PASSWORD'] = md5($sUserUID); //fake :p $aData['USR_PASSWORD'] = G::encryptOld($sUserUID); //fake :p
$aData['USR_COUNTRY'] = $form['USR_COUNTRY']; $aData['USR_COUNTRY'] = $form['USR_COUNTRY'];
$aData['USR_CITY'] = $form['USR_CITY']; $aData['USR_CITY'] = $form['USR_CITY'];
$aData['USR_LOCATION'] = $form['USR_LOCATION']; $aData['USR_LOCATION'] = $form['USR_LOCATION'];

10
workflow/public_html/bootstrap.php
View File

@@ -77,13 +77,13 @@
$config['wsdl_cache'] = $filter->validateInput($config['wsdl_cache'],'int'); $config['wsdl_cache'] = $filter->validateInput($config['wsdl_cache'],'int');
$config['time_zone'] = $filter->validateInput($config['time_zone']); $config['time_zone'] = $filter->validateInput($config['time_zone']);
// Do not change any of these settings directly, use env.ini instead // Do not change any of these settings directly, use env.ini instead
ini_set( 'display_errors', $config['display_errors']); ini_set( 'display_errors', $filter->validateInput($config['display_errors']));
ini_set( 'error_reporting', $config['error_reporting']); ini_set( 'error_reporting', $filter->validateInput($config['error_reporting']));
ini_set('short_open_tag', 'On'); ini_set('short_open_tag', 'On');
ini_set('default_charset', "UTF-8"); ini_set('default_charset', "UTF-8");
ini_set('memory_limit', $config['memory_limit']); ini_set('memory_limit', $filter->validateInput($config['memory_limit']);
ini_set('soap.wsdl_cache_enabled', $config['wsdl_cache']); ini_set('soap.wsdl_cache_enabled', $config['wsdl_cache']);
ini_set('date.timezone', $config['time_zone']); ini_set('date.timezone', $filter->validateInput($config['time_zone']);
define ('DEBUG_SQL_LOG', $config['debug_sql']); define ('DEBUG_SQL_LOG', $config['debug_sql']);
define ('DEBUG_TIME_LOG', $config['debug_time']); define ('DEBUG_TIME_LOG', $config['debug_time']);
@@ -713,7 +713,7 @@
} elseif ($isRestRequest) { } elseif ($isRestRequest) {
G::dispatchRestService(SYS_TARGET, $restConfig, $restApiClassPath); G::dispatchRestService(SYS_TARGET, $restConfig, $restApiClassPath);
} else { } else {
require_once $phpFile; require_once $filter->validateInput($phpFile,'path');
} }
if (defined('SKIP_HEADERS')){ if (defined('SKIP_HEADERS')){