veracode medium issues

Directory Transversal, OS Command Injection
2015-04-06 17:43:51 -04:00
parent 4824edcf80
commit cac0c4e96e
10 changed files with 39 additions and 9 deletions
--- a/workflow/engine/classes/class.case.php
+++ b/workflow/engine/classes/class.case.php
@@ -3797,6 +3797,10 @@ class Cases
                if (!is_dir($strPathName)) {
                    G::verifyPath($strPathName, true);
                }
+                
+                G::LoadSystem('inputfilter');
+                $filter = new InputFilter();
+                $file = $filter->xssFilterHard($file, 'path');

                copy($file, $strPathName . $strFileName);
                chmod($strPathName . $strFileName, 0666);