From 13be93d3c17c2ebcabb9cc2ec33ef87c8d5c4c2e Mon Sep 17 00:00:00 2001 From: Marco Antonio Nina Date: Wed, 29 Aug 2012 15:34:57 -0400 Subject: [PATCH] BUG 9621 Persistent XSS and AJAX Vulnerabilities, Multiple SOLVED - It was noticed that no was validated these entry. - Was validated with htmlentities for both cases. --- gulliver/methods/propelTableAjax.php | 2 +- workflow/engine/controllers/main.php | 2 +- workflow/engine/skinEngine/skinEngine.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/gulliver/methods/propelTableAjax.php b/gulliver/methods/propelTableAjax.php index edbc159bb..735e1c330 100755 --- a/gulliver/methods/propelTableAjax.php +++ b/gulliver/methods/propelTableAjax.php @@ -71,7 +71,7 @@ $fastSearch = get_ajax_value('fastSearch'); if (isset($fastSearch)) { - $ntable->fastSearch= urldecode($fastSearch); + $ntable->fastSearch= htmlentities(urldecode($fastSearch), ENT_QUOTES, 'UTF-8'); $page = 1; } diff --git a/workflow/engine/controllers/main.php b/workflow/engine/controllers/main.php index d8315fe91..792c34007 100644 --- a/workflow/engine/controllers/main.php +++ b/workflow/engine/controllers/main.php @@ -31,7 +31,7 @@ class Main extends Controller // setting variables for template $this->setVar('logo_company', $this->getCompanyLogo()); - $this->setVar('userfullname', $this->getUserFullName()); + $this->setVar('userfullname', htmlentities($this->getUserFullName(), ENT_QUOTES, 'UTF-8') ); $this->setVar('user', isset($_SESSION['USR_USERNAME']) ? $_SESSION['USR_USERNAME'] : ''); $this->setVar('pipe', isset($_SESSION['USR_USERNAME']) ? ' | ' : ''); $this->setVar('rolename', $this->getUserRole()); diff --git a/workflow/engine/skinEngine/skinEngine.php b/workflow/engine/skinEngine/skinEngine.php index e7038000e..6e07d23a1 100755 --- a/workflow/engine/skinEngine/skinEngine.php +++ b/workflow/engine/skinEngine/skinEngine.php @@ -635,7 +635,7 @@ class SkinEngine $smarty->assign('switch_interface', $switch_interface); $smarty->assign('switch_interface_label', G::LoadTranslation('ID_SWITCH_INTERFACE')); - $smarty->assign('userfullname', isset($_SESSION['USR_FULLNAME']) ? $_SESSION['USR_FULLNAME'] : ''); + $smarty->assign('userfullname', isset($_SESSION['USR_FULLNAME']) ? htmlentities($_SESSION['USR_FULLNAME'] , ENT_QUOTES, 'UTF-8'): ''); $smarty->assign('user', isset($_SESSION['USR_USERNAME']) ? '(' . $_SESSION['USR_USERNAME'] . ')' : ''); $smarty->assign('rolename', isset($_SESSION['USR_ROLENAME']) ? $_SESSION['USR_ROLENAME'] . '' : ''); $smarty->assign('pipe', isset($_SESSION['USR_USERNAME']) ? ' | ' : '');