fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

veracode medium issues

Browse Source 
Directory Transversal, OS Command Injection
This commit is contained in:
marcelo.cuiza
2015-04-06 17:43:51 -04:00
parent 4824edcf80
commit cac0c4e96e
10 changed files with 39 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
workflow/engine/methods/setup/languages_Import.php
View File

@@ -61,6 +61,7 @@ try {
$languageFile = $_FILES['form']['tmp_name']['LANGUAGE_FILENAME'];
$languageFilename = $_FILES['form']['name']['LANGUAGE_FILENAME'];
$languageFile = $filter->xssFilterHard($languageFile, 'path');
$languageFilename = $filter->xssFilterHard($languageFilename, 'path');
if (substr_compare( $languageFilename, ".gz", - 3, 3, true ) == 0) {
$zp = gzopen( $languageFile, "r" );