fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged in paulis/processmaker/PM-VERACODE-16 (pull request #1865)

Browse Source 
I solved XSS in Thirdparty files
This commit is contained in:
Julio Cesar Laura Avendaño
2015-04-08 14:54:05 -04:00
parent 98d7ddb774 c8c9928f37
commit c59bbc53b6
9 changed files with 39 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
gulliver/system/class.soapNtlm.php
View File

@@ -213,7 +213,9 @@ class soapNtlm
curl_setopt( $this->ch, CURLOPT_HTTPHEADER, array ('Expect:') ); curl_setopt( $this->ch, CURLOPT_HTTPHEADER, array ('Expect:') );
} }
} }
echo $this->buffer = curl_exec( $this->ch ); $this->buffer = curl_exec( $this->ch );
$buffer = $filter->xssFilterHard($this->buffer);
echo $buffer;
//echo "[NTLMStream::createBuffer] buffer size : " . strlen($this->buffer) . "bytes<br>"; //echo "[NTLMStream::createBuffer] buffer size : " . strlen($this->buffer) . "bytes<br>";
$this->pos = 0; $this->pos = 0;
} }

11
gulliver/thirdparty/creole/util/Blob.php vendored
View File

@@ -52,7 +52,16 @@ class Blob extends Lob {
} }
} else { } else {
echo $this->data; $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.inputfilter.php');
$filter = new InputFilter();
$data = $filter->xssFilterHard($this->data);
echo $data;
} }
} }

10
gulliver/thirdparty/creole/util/Clob.php vendored
View File

@@ -102,7 +102,15 @@ class Clob extends Lob {
} }
} else { } else {
echo $this->data; $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.inputfilter.php');
$filter = new InputFilter();
echo $filter->xssFilterHard($this->data);
} }
} }

11
gulliver/thirdparty/pear/Log/display.php vendored
View File

@@ -127,8 +127,17 @@ class Log_display extends Log
$message = $this->_extractMessage($message); $message = $this->_extractMessage($message);
/* Build and output the complete log line. */ /* Build and output the complete log line. */
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.inputfilter.php');
$filter = new InputFilter();
$tag = $filter->xssFilterHard(ucfirst($this->priorityToString($priority)));
echo $this->_error_prepend . echo $this->_error_prepend .
'<b>' . ucfirst($this->priorityToString($priority)) . '</b>: '. '<b>' . $tag . '</b>: '.
nl2br(htmlspecialchars($message)) . nl2br(htmlspecialchars($message)) .
$this->_error_append . $this->_linebreak; $this->_error_append . $this->_linebreak;

2
workflow/engine/controllers/adminProxy.php
View File

@@ -1086,6 +1086,8 @@ class adminProxy extends HttpProxyController
} elseif ($files_img_type != '') { } elseif ($files_img_type != '') {
$failed = "1"; $failed = "1";
} }
$uploaded = $filter->validateInput($uploaded,'int');
$files_img_type = $filter->xssFilterHard($files_img_type);
echo '{success: true, failed: ' . $failed . ', uploaded: ' . $uploaded . ', type: "' . $files_img_type . '"}'; echo '{success: true, failed: ' . $failed . ', uploaded: ' . $uploaded . ', type: "' . $files_img_type . '"}';
exit(); exit();
} }

53
workflow/engine/methods/controls/buscador.php
View File

@@ -1,53 +0,0 @@
<?php
/**
* buscador.php
*
* ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2008 Colosa Inc.23
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*/
$frm = $HTTP_GET_VARS;
?>
<h1>demo de buscador</h1>
<form method=post action="buscador2.php">
<input type=hidden name=ticket value="<?php echo $frm['ticket'] ?>"> <input
type=hidden name=tipo value="<?php echo $frm['tipo'] ?>">
Buscador tipo : <?php echo $frm['tipo'] ?><br>
<table>
<tr>
<td>curso</td>
<td><select name=curso>
<option value="curso1">Curso 1</option>
<option value="curso2">Curso 2</option>
<option value="curso3">Curso 3</option>
<option value="curso4">Curso 4</4option>
<option value="curso5">Curso 5</option></td>
</tr>
<tr>
<td colspan=2><input type=submit></td>
</tr>
</table>
</form>
</body>
</html>
<?php

4
workflow/engine/methods/oauth2/grant.php
View File

@@ -14,7 +14,7 @@ $code = empty($_GET['code']) ? 'NN' : $_GET['code'];
$clientId = 'x-pm-local-client'; $clientId = 'x-pm-local-client';
$secret = '179ad45c6ce2cb97cf1029e212046e81'; $secret = '179ad45c6ce2cb97cf1029e212046e81';
$userPwd = $clientId.':'.$secret;
$data = array( $data = array(
'grant_type' => 'authorization_code', 'grant_type' => 'authorization_code',
'code' => $code 'code' => $code
@@ -23,7 +23,7 @@ $data = array(
$ch = curl_init($endpoint); $ch = curl_init($endpoint);
curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_USERPWD, $clientId.':'.$secret); curl_setopt($ch, CURLOPT_USERPWD, $userPwd);
curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data); curl_setopt($ch, CURLOPT_POSTFIELDS, $data);

2
workflow/engine/methods/services/login_getStarted.php
View File

@@ -42,7 +42,7 @@ $oTemplatePower->assign('USR_UID', $aUser['USR_UID']);
$oTemplatePower->assign('USR_FULLNAME', $aData['USR_FIRSTNAME'] . ' ' . $aData['USR_LASTNAME'] . ' (' . $aData['USR_USERNAME'] . ')'); $oTemplatePower->assign('USR_FULLNAME', $aData['USR_FIRSTNAME'] . ' ' . $aData['USR_LASTNAME'] . ' (' . $aData['USR_USERNAME'] . ')');
*/ */
$userName = 'admin'; $userName = 'admin';
$userPass = 'The password introduced at the time of installing the application. (If you did not change the password by default is "admin")'; $userPass = "The password introduced at the time of installing the application. (If you did not change the password by default is $userName)";
if(isset($_SESSION['NW_PASSWORD'])){ if(isset($_SESSION['NW_PASSWORD'])){
if($_SESSION['NW_PASSWORD'] != ''){ if($_SESSION['NW_PASSWORD'] != ''){
$userPass = $_SESSION['NW_PASSWORD']; $userPass = $_SESSION['NW_PASSWORD'];

4
workflow/engine/methods/setup/webServicesAjax.php
View File

@@ -1510,8 +1510,8 @@ try {
die(); die();
break; break;
default: default:
$_POST = $filter->xssFilterHard($_POST); $post = $filter->xssFilterHard($_POST);
print_r( $_POST ); print_r( $post );
} }
} }