fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged in paulis/processmaker/PM-VERACODE-3 (pull request #1660)

Browse Source 
I solved all observation by Code Injection - Hight
This commit is contained in:
Julio Cesar Laura Avendaño
2015-03-12 16:31:55 -04:00
parent 2a22ed5e8f 056784289a
commit dac8b41142
4 changed files with 25 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
gulliver/system/class.g.php
View File

@@ -463,8 +463,11 @@ class G
* @return void * @return void
*/ */
public static function LoadSystem ($strClass) public static function LoadSystem ($strClass)
{ { require_once (PATH_GULLIVER . 'class.inputfilter.php');
require_once (PATH_GULLIVER . 'class.' . $strClass . '.php'); $filter = new InputFilter();
$path = PATH_GULLIVER . 'class.' . $strClass . '.php';
$path = $filter->validateInput($path, 'path');
require_once ($path);
} }
public function LoadSystemExist ($strClass) public function LoadSystemExist ($strClass)

13
workflow/engine/classes/class.pluginRegistry.php
View File

@@ -489,8 +489,11 @@ class PMPluginRegistry
if (! file_exists( PATH_PLUGINS . $pluginFile )) { if (! file_exists( PATH_PLUGINS . $pluginFile )) {
throw (new Exception( "File \"$pluginFile\" doesn't exist" )); throw (new Exception( "File \"$pluginFile\" doesn't exist" ));
} }
G::LoadSystem('inputfilter');
require_once (PATH_PLUGINS . $pluginFile); $filter = new InputFilter();
$path = PATH_PLUGINS . $pluginFile;
//$path = $filter->validateInput($path, 'path');
require_once ($path);
$details = $this->getPluginDetails( $pluginFile ); $details = $this->getPluginDetails( $pluginFile );
$this->installPlugin( $details->sNamespace ); $this->installPlugin( $details->sNamespace );
@@ -509,7 +512,11 @@ class PMPluginRegistry
} }
/////// ///////
require_once (PATH_PLUGINS . $pluginFile); $path = PATH_PLUGINS . $pluginFile;
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$path = $filter->validateInput($path, 'path');
require_once ($path);
foreach ($this->_aPluginDetails as $namespace => $detail) { foreach ($this->_aPluginDetails as $namespace => $detail) {
if ($namespace == $sNamespace) { if ($namespace == $sNamespace) {

6
workflow/engine/classes/model/AddonsManager.php
View File

@@ -132,7 +132,11 @@ class AddonsManager extends BaseAddonsManager
$oPluginRegistry = &PMPluginRegistry::getSingleton(); $oPluginRegistry = &PMPluginRegistry::getSingleton();
require_once (PATH_PLUGINS . $this->getAddonName() . ".php"); G::LoadSystem('inputfilter');
$filter = new InputFilter();
$requiredPath = PATH_PLUGINS . $this->getAddonName() . ".php";
$requiredPath = $filter->validateInput($requiredPath, 'path');
require_once ($requiredPath);
if ($enable) { if ($enable) {
//$oDetails = $oPluginRegistry->getPluginDetails($this->getAddonName()); //$oDetails = $oPluginRegistry->getPluginDetails($this->getAddonName());

7
workflow/engine/methods/setup/pluginsChange.php
View File

@@ -29,7 +29,10 @@ $pluginStatus = $_GET['status'];
$items = array (); $items = array ();
G::LoadClass( 'plugin' ); G::LoadClass( 'plugin' );
//here we are enabling or disabling the plugin and all related options registered. //here we are enabling or disabling the plugin and all related options registered.
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$path = PATH_PLUGINS . $pluginFile;
$path = $filter->validateInput($path, 'path');
$oPluginRegistry = & PMPluginRegistry::getSingleton(); $oPluginRegistry = & PMPluginRegistry::getSingleton();
@@ -69,7 +72,7 @@ if ($handle = opendir( PATH_PLUGINS )) {
} }
/*----------------------------------********---------------------------------*/ /*----------------------------------********---------------------------------*/
//print "change to ENABLED"; //print "change to ENABLED";
require_once(PATH_PLUGINS . $pluginFile); require_once($path);
$details = $oPluginRegistry->getPluginDetails($pluginFile); $details = $oPluginRegistry->getPluginDetails($pluginFile);
$oPluginRegistry->enablePlugin($details->sNamespace); $oPluginRegistry->enablePlugin($details->sNamespace);
$oPluginRegistry->setupPlugins(); //get and setup enabled plugins $oPluginRegistry->setupPlugins(); //get and setup enabled plugins