Merged in paulis/processmaker/PM-VERACODE-16 (pull request #1865)

I solved XSS in Thirdparty files
2015-04-08 14:54:05 -04:00
parent 98d7ddb774 c8c9928f37
commit c59bbc53b6
9 changed files with 39 additions and 62 deletions
--- a/workflow/engine/controllers/adminProxy.php
+++ b/workflow/engine/controllers/adminProxy.php
@@ -1086,6 +1086,8 @@ class adminProxy extends HttpProxyController
        } elseif ($files_img_type != '') {
            $failed = "1";
        }
+        $uploaded = $filter->validateInput($uploaded,'int');
+        $files_img_type = $filter->xssFilterHard($files_img_type);
        echo '{success: true, failed: ' . $failed . ', uploaded: ' . $uploaded . ', type: "' . $files_img_type . '"}';
        exit();
    }