fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I reviewed the XSS - MEDIUM in files

Browse Source
This commit is contained in:
Paula V. Quispe
2015-03-17 15:25:49 -04:00
parent ded144d932
commit cb1463a775
6 changed files with 83 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
workflow/engine/methods/cases/casesStartPage_Ajax.php
View File

@@ -1,4 +1,9 @@
<?php
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_POST = $filter->xssFilterHard($_POST);
$_REQUEST = $filter->xssFilterHard($_REQUEST);
$_SESSION = $filter->xssFilterHard($_SESSION);
if (!isset($_SESSION['USER_LOGGED'])) {
$res = new stdclass();
$res->message = G::LoadTranslation('ID_LOGIN_AGAIN');
@@ -215,6 +220,11 @@ function lookinginforContentProcess ($sproUid)
function startCase ()
{
G::LoadClass( 'case' );
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_POST = $filter->xssFilterHard($_POST);
$_REQUEST = $filter->xssFilterHard($_REQUEST);
$_SESSION = $filter->xssFilterHard($_SESSION);
/* GET , POST & $_SESSION Vars */
/* unset any variable, because we are starting a new case */
@@ -241,6 +251,7 @@ function startCase ()
lookinginforContentProcess( $_POST['processId'] );
$aData = $oCase->startCase( $_REQUEST['taskId'], $_SESSION['USER_LOGGED'] );
$aData = $filter->xssFilterHard($aData);
$_SESSION['APPLICATION'] = $aData['APPLICATION'];
$_SESSION['INDEX'] = $aData['INDEX'];