fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

veracode medium issues

Browse Source 
Directory Transversal, OS Command Injection
This commit is contained in:
marcelo.cuiza
2015-04-06 17:43:51 -04:00
parent 4824edcf80
commit cac0c4e96e
10 changed files with 39 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
workflow/engine/classes/class.pmLicenseManager.php
View File

@@ -442,6 +442,10 @@ class pmLicenseManager
$LicenseStatus = $this->lookForStatusLicense(); //we're looking for a status ACTIVE
//getting the content from file
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$path = $filter->xssFilterHard($path, 'path');
$handle = fopen ( $path, "r" );
$contents = fread ( $handle, filesize ( $path ) );
fclose ( $handle );