Merged in paulis/processmaker/PM-VERACODE-16 (pull request #1865)
I solved XSS in Thirdparty files
This commit is contained in:
Julio Cesar Laura Avendaño
@@ -213,7 +213,9 @@ class soapNtlm
|
||||
curl_setopt( $this->ch, CURLOPT_HTTPHEADER, array ('Expect:') );
|
||||
}
|
||||
}
|
||||
echo $this->buffer = curl_exec( $this->ch );
|
||||
$this->buffer = curl_exec( $this->ch );
|
||||
$buffer = $filter->xssFilterHard($this->buffer);
|
||||
echo $buffer;
|
||||
//echo "[NTLMStream::createBuffer] buffer size : " . strlen($this->buffer) . "bytes<br>";
|
||||
$this->pos = 0;
|
||||
}
|
||||
|
||||
11
gulliver/thirdparty/creole/util/Blob.php
vendored
11
gulliver/thirdparty/creole/util/Blob.php
vendored
@@ -52,7 +52,16 @@ class Blob extends Lob {
|
||||
}
|
||||
|
||||
} else {
|
||||
echo $this->data;
|
||||
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
|
||||
$docuroot = explode( '/', $realdocuroot );
|
||||
array_pop( $docuroot );
|
||||
$pathhome = implode( '/', $docuroot ) . '/';
|
||||
array_pop( $docuroot );
|
||||
$pathTrunk = implode( '/', $docuroot ) . '/';
|
||||
require_once($pathTrunk.'gulliver/system/class.inputfilter.php');
|
||||
$filter = new InputFilter();
|
||||
$data = $filter->xssFilterHard($this->data);
|
||||
echo $data;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
10
gulliver/thirdparty/creole/util/Clob.php
vendored
10
gulliver/thirdparty/creole/util/Clob.php
vendored
@@ -102,7 +102,15 @@ class Clob extends Lob {
|
||||
}
|
||||
|
||||
} else {
|
||||
echo $this->data;
|
||||
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
|
||||
$docuroot = explode( '/', $realdocuroot );
|
||||
array_pop( $docuroot );
|
||||
$pathhome = implode( '/', $docuroot ) . '/';
|
||||
array_pop( $docuroot );
|
||||
$pathTrunk = implode( '/', $docuroot ) . '/';
|
||||
require_once($pathTrunk.'gulliver/system/class.inputfilter.php');
|
||||
$filter = new InputFilter();
|
||||
echo $filter->xssFilterHard($this->data);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
11
gulliver/thirdparty/pear/Log/display.php
vendored
11
gulliver/thirdparty/pear/Log/display.php
vendored
@@ -127,8 +127,17 @@ class Log_display extends Log
|
||||
$message = $this->_extractMessage($message);
|
||||
|
||||
/* Build and output the complete log line. */
|
||||
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
|
||||
$docuroot = explode( '/', $realdocuroot );
|
||||
array_pop( $docuroot );
|
||||
$pathhome = implode( '/', $docuroot ) . '/';
|
||||
array_pop( $docuroot );
|
||||
$pathTrunk = implode( '/', $docuroot ) . '/';
|
||||
require_once($pathTrunk.'gulliver/system/class.inputfilter.php');
|
||||
$filter = new InputFilter();
|
||||
$tag = $filter->xssFilterHard(ucfirst($this->priorityToString($priority)));
|
||||
echo $this->_error_prepend .
|
||||
'<b>' . ucfirst($this->priorityToString($priority)) . '</b>: '.
|
||||
'<b>' . $tag . '</b>: '.
|
||||
nl2br(htmlspecialchars($message)) .
|
||||
$this->_error_append . $this->_linebreak;
|
||||
|
||||
|
||||
@@ -1086,6 +1086,8 @@ class adminProxy extends HttpProxyController
|
||||
} elseif ($files_img_type != '') {
|
||||
$failed = "1";
|
||||
}
|
||||
$uploaded = $filter->validateInput($uploaded,'int');
|
||||
$files_img_type = $filter->xssFilterHard($files_img_type);
|
||||
echo '{success: true, failed: ' . $failed . ', uploaded: ' . $uploaded . ', type: "' . $files_img_type . '"}';
|
||||
exit();
|
||||
}
|
||||
|
||||
@@ -1,53 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* buscador.php
|
||||
*
|
||||
* ProcessMaker Open Source Edition
|
||||
* Copyright (C) 2004 - 2008 Colosa Inc.23
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
|
||||
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
||||
*/
|
||||
$frm = $HTTP_GET_VARS;
|
||||
|
||||
?>
|
||||
|
||||
<h1>demo de buscador</h1>
|
||||
<form method=post action="buscador2.php">
|
||||
<input type=hidden name=ticket value="<?php echo $frm['ticket'] ?>"> <input
|
||||
type=hidden name=tipo value="<?php echo $frm['tipo'] ?>">
|
||||
Buscador tipo : <?php echo $frm['tipo'] ?><br>
|
||||
|
||||
<table>
|
||||
<tr>
|
||||
<td>curso</td>
|
||||
<td><select name=curso>
|
||||
<option value="curso1">Curso 1</option>
|
||||
<option value="curso2">Curso 2</option>
|
||||
<option value="curso3">Curso 3</option>
|
||||
<option value="curso4">Curso 4</4option>
|
||||
|
||||
<option value="curso5">Curso 5</option></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td colspan=2><input type=submit></td>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
<?php
|
||||
|
||||
@@ -14,7 +14,7 @@ $code = empty($_GET['code']) ? 'NN' : $_GET['code'];
|
||||
|
||||
$clientId = 'x-pm-local-client';
|
||||
$secret = '179ad45c6ce2cb97cf1029e212046e81';
|
||||
|
||||
$userPwd = $clientId.':'.$secret;
|
||||
$data = array(
|
||||
'grant_type' => 'authorization_code',
|
||||
'code' => $code
|
||||
@@ -23,7 +23,7 @@ $data = array(
|
||||
$ch = curl_init($endpoint);
|
||||
|
||||
curl_setopt($ch, CURLOPT_HEADER, false);
|
||||
curl_setopt($ch, CURLOPT_USERPWD, $clientId.':'.$secret);
|
||||
curl_setopt($ch, CURLOPT_USERPWD, $userPwd);
|
||||
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
|
||||
curl_setopt($ch, CURLOPT_POST, 1);
|
||||
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
|
||||
|
||||
@@ -42,7 +42,7 @@ $oTemplatePower->assign('USR_UID', $aUser['USR_UID']);
|
||||
$oTemplatePower->assign('USR_FULLNAME', $aData['USR_FIRSTNAME'] . ' ' . $aData['USR_LASTNAME'] . ' (' . $aData['USR_USERNAME'] . ')');
|
||||
*/
|
||||
$userName = 'admin';
|
||||
$userPass = 'The password introduced at the time of installing the application. (If you did not change the password by default is "admin")';
|
||||
$userPass = "The password introduced at the time of installing the application. (If you did not change the password by default is $userName)";
|
||||
if(isset($_SESSION['NW_PASSWORD'])){
|
||||
if($_SESSION['NW_PASSWORD'] != ''){
|
||||
$userPass = $_SESSION['NW_PASSWORD'];
|
||||
|
||||
@@ -1510,8 +1510,8 @@ try {
|
||||
die();
|
||||
break;
|
||||
default:
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
print_r( $_POST );
|
||||
$post = $filter->xssFilterHard($_POST);
|
||||
print_r( $post );
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user