diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php index 85dd96ca4..24d7a3f76 100755 --- a/gulliver/system/class.g.php +++ b/gulliver/system/class.g.php @@ -310,8 +310,12 @@ class G while (! @is_dir( dirname( end( $folder_path ) ) ) && dirname( end( $folder_path ) ) != '/' && dirname( end( $folder_path ) ) != '.' && dirname( end( $folder_path ) ) != '') { array_push( $folder_path, dirname( end( $folder_path ) ) ); //var_dump($folder_path); die; } + + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); while ($parent_folder_path = array_pop( $folder_path )) { + $parent_folder_path = $filter->validateInput($parent_folder_path,"path"); if (! @is_dir( $parent_folder_path )) { if (! @mkdir( $parent_folder_path, $rights)) { error_log( "Can't create folder \"$parent_folder_path\""); @@ -2718,6 +2722,10 @@ class G $image = $inputFn( $path ); imagecopyresampled( $image_p, $image, 0, 0, 0, 0, $resWidth, $resHeight, $width, $height ); $outputFn( $image_p, $saveTo ); + + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $saveTo = $filter->validateInput($saveTo, "path"); @chmod( $saveTo, 0666 ); } @@ -3137,7 +3145,7 @@ class G G::LoadSystem('inputfilter'); $filter = new InputFilter(); $c = $filter->xssFilterHard($c); - print ("") ; + print ('') ; } /** diff --git a/gulliver/thirdparty/html2ps_pdf/output._generic.class.php b/gulliver/thirdparty/html2ps_pdf/output._generic.class.php index 51e51559e..a793d2050 100755 --- a/gulliver/thirdparty/html2ps_pdf/output._generic.class.php +++ b/gulliver/thirdparty/html2ps_pdf/output._generic.class.php @@ -324,7 +324,16 @@ class OutputDriverGeneric extends OutputDriver { public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/html2ps_pdf/output.pdflib.1.6.class.php b/gulliver/thirdparty/html2ps_pdf/output.pdflib.1.6.class.php index a3f875ebe..71c14294d 100755 --- a/gulliver/thirdparty/html2ps_pdf/output.pdflib.1.6.class.php +++ b/gulliver/thirdparty/html2ps_pdf/output.pdflib.1.6.class.php @@ -224,7 +224,16 @@ class OutputDriverPdflib16 extends OutputDriverPdflib { public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } ?> \ No newline at end of file diff --git a/gulliver/thirdparty/html2ps_pdf/pdf.fpdf.encryption.php b/gulliver/thirdparty/html2ps_pdf/pdf.fpdf.encryption.php index 01666981d..0d3df8d0d 100755 --- a/gulliver/thirdparty/html2ps_pdf/pdf.fpdf.encryption.php +++ b/gulliver/thirdparty/html2ps_pdf/pdf.fpdf.encryption.php @@ -220,7 +220,16 @@ class FPDF_Protection extends FPDF public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/pear/HTTP/Request.php b/gulliver/thirdparty/pear/HTTP/Request.php index 4149a8e70..6a4cd8688 100755 --- a/gulliver/thirdparty/pear/HTTP/Request.php +++ b/gulliver/thirdparty/pear/HTTP/Request.php @@ -935,7 +935,16 @@ class HTTP_Request { public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/pear/HTTP/WebDAV/Server.php b/gulliver/thirdparty/pear/HTTP/WebDAV/Server.php index 22fe4cec4..78803c9cb 100755 --- a/gulliver/thirdparty/pear/HTTP/WebDAV/Server.php +++ b/gulliver/thirdparty/pear/HTTP/WebDAV/Server.php @@ -668,8 +668,21 @@ class HTTP_WebDAV_Server if(!is_array($file) || empty($file) || !isset($file["path"])) continue; $path = $file['path']; if(!is_string($path) || $path==="") continue; + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $ns_defs = $filter->xssFilterHard($ns_defs); - echo " \n"; + echo ' \n'; /* TODO right now the user implementation has to make sure collections end in a slash, this should be done in here @@ -808,12 +821,25 @@ class HTTP_WebDAV_Server $this->http_status("207 Multi-Status"); header('Content-Type: text/xml; charset="utf-8"'); + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $_mergePathes = $filter->xssFilterHard($this->_urlencode($this->_mergePathes($_SERVER["SCRIPT_NAME"], $this->path))); echo "\n"; echo "\n"; echo " \n"; - echo " ".$this->_urlencode($this->_mergePathes($_SERVER["SCRIPT_NAME"], $this->path))."\n"; + echo " ".$_mergePathes."\n"; foreach($options["props"] as $prop) { echo " \n"; @@ -1131,7 +1157,21 @@ class HTTP_WebDAV_Server case 'HTTP_CONTENT_ENCODING': // RFC 2616 14.11 // TODO support this if ext/zlib filters are available $this->http_status("501 not implemented"); - echo "The service does not support '$val' content encoding"; + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $val = $filter->xssFilterHard($val); + + echo 'The service does not support \'$val\' content encoding'; return; case 'HTTP_CONTENT_LANGUAGE': // RFC 2616 14.12 @@ -1176,7 +1216,21 @@ class HTTP_WebDAV_Server default: // any other unknown Content-* headers $this->http_status("501 not implemented"); - echo "The service does not support '$key'"; + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $key = $filter->xssFilterHard($key); + + echo 'The service does not support \'$key\' '; return; } } @@ -1375,6 +1429,20 @@ class HTTP_WebDAV_Server } else { $timeout = "Infinite"; } + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $options = $filter->xssFilterHard($options); + $timeout = $filter->xssFilterHard($timeout); header('Content-Type: text/xml; charset="utf-8"'); header("Lock-Token: <$options[locktoken]>"); @@ -2007,6 +2075,15 @@ class HTTP_WebDAV_Server public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/pear/Log/observer.php b/gulliver/thirdparty/pear/Log/observer.php index 12679a9e3..7cbe26369 100755 --- a/gulliver/thirdparty/pear/Log/observer.php +++ b/gulliver/thirdparty/pear/Log/observer.php @@ -129,6 +129,15 @@ class Log_observer public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/pear/Log/sql.php b/gulliver/thirdparty/pear/Log/sql.php index 37c6e6bed..9c6777ab2 100755 --- a/gulliver/thirdparty/pear/Log/sql.php +++ b/gulliver/thirdparty/pear/Log/sql.php @@ -294,6 +294,15 @@ class Log_sql extends Log public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/pear/Log/sqlite.php b/gulliver/thirdparty/pear/Log/sqlite.php index 30cf17e42..0473e069f 100755 --- a/gulliver/thirdparty/pear/Log/sqlite.php +++ b/gulliver/thirdparty/pear/Log/sqlite.php @@ -224,7 +224,16 @@ class Log_sqlite extends Log public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/pear/Net/FTP/Observer.php b/gulliver/thirdparty/pear/Net/FTP/Observer.php index 24fd014c7..3069ec30d 100755 --- a/gulliver/thirdparty/pear/Net/FTP/Observer.php +++ b/gulliver/thirdparty/pear/Net/FTP/Observer.php @@ -100,7 +100,16 @@ class Net_FTP_Observer public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/pear/Net/POP3.php b/gulliver/thirdparty/pear/Net/POP3.php index e26051bd8..8c6b7cda0 100755 --- a/gulliver/thirdparty/pear/Net/POP3.php +++ b/gulliver/thirdparty/pear/Net/POP3.php @@ -1221,7 +1221,16 @@ class Net_POP3 { public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } diff --git a/gulliver/thirdparty/pear/PEAR/Command/Package.php b/gulliver/thirdparty/pear/PEAR/Command/Package.php index fe1fe03ff..2db434e3f 100755 --- a/gulliver/thirdparty/pear/PEAR/Command/Package.php +++ b/gulliver/thirdparty/pear/PEAR/Command/Package.php @@ -467,13 +467,17 @@ Wrote: /usr/src/redhat/RPMS/i386/PEAR::Net_Socket-1.0-1.i386.rpm $plist = implode(" ", $params); $cmd = "$php -C -d include_path=$cwd$ps$ip -f $run_tests -- $plist"; - $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); - $docuroot = explode( '/', $realdocuroot ); - array_pop( $docuroot ); - $pathhome = implode( '/', $docuroot ) . '/'; - array_pop( $docuroot ); - $pathTrunk = implode( '/', $docuroot ) . '/'; - require_once($pathTrunk.'gulliver/system/class.inputfilter.php'); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + + G::LoadSystem('inputfilter'); $filter = new InputFilter(); $cmd = $filter->validateInput($cmd); diff --git a/gulliver/thirdparty/pear/PEAR/Remote.php b/gulliver/thirdparty/pear/PEAR/Remote.php index cc5556641..b6108e2b4 100755 --- a/gulliver/thirdparty/pear/PEAR/Remote.php +++ b/gulliver/thirdparty/pear/PEAR/Remote.php @@ -364,7 +364,16 @@ class PEAR_Remote extends PEAR public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/pear/SOAP/Interop/interop_client_run.php b/gulliver/thirdparty/pear/SOAP/Interop/interop_client_run.php index 70f98dddb..5829cd647 100755 --- a/gulliver/thirdparty/pear/SOAP/Interop/interop_client_run.php +++ b/gulliver/thirdparty/pear/SOAP/Interop/interop_client_run.php @@ -82,15 +82,20 @@ function print_test_names() function print_endpoint_names() { global $iop; - $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); - $docuroot = explode( '/', $realdocuroot ); - array_pop( $docuroot ); - $pathhome = implode( '/', $docuroot ) . '/'; - array_pop( $docuroot ); - $pathTrunk = implode( '/', $docuroot ) . '/'; - require_once($pathTrunk.'gulliver/system/class.inputfilter.php'); + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); $filter = new InputFilter(); $currTest = $filter->xssFilterHard($iop->currentTest); + if (!$iop->getEndpoints($iop->currentTest)) { die("Unable to retrieve endpoints for $currTest\n"); } @@ -148,6 +153,20 @@ foreach ($args[0] as $arg) { break; case 'v': if ($arg[1] != 'php' && $arg[1] != 'soapval') { + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $arg[1] = $filter->xssFilterHard($arg[1]); + die('Incorrect value for argument v: ' . $arg[1] . "\n"); } $iop->paramType = $arg[1]; diff --git a/gulliver/thirdparty/pear/SOAP/Transport/SMTP.php b/gulliver/thirdparty/pear/SOAP/Transport/SMTP.php index e85a48fd3..4619012cd 100755 --- a/gulliver/thirdparty/pear/SOAP/Transport/SMTP.php +++ b/gulliver/thirdparty/pear/SOAP/Transport/SMTP.php @@ -205,7 +205,16 @@ class SOAP_Transport_SMTP extends SOAP_Transport public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/pear/nusoap.colosa.php b/gulliver/thirdparty/pear/nusoap.colosa.php index ce620a12f..2ff8c7906 100755 --- a/gulliver/thirdparty/pear/nusoap.colosa.php +++ b/gulliver/thirdparty/pear/nusoap.colosa.php @@ -808,6 +808,20 @@ class nusoap_base_colosa { */ function varDump($data) { ob_start(); + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $data = $filter->xssFilterHard($data); + var_dump($data); $ret_val = ob_get_contents(); ob_end_clean(); @@ -3029,7 +3043,16 @@ class soap_transport_http extends nusoap_base_colosa { public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } @@ -3251,6 +3274,20 @@ class soap_server_colosa extends nusoap_base_colosa { $this->appendDebug($this->wsdl->getDebug()); $this->wsdl->clearDebug(); if($err = $this->wsdl->getError()){ + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $err = $filter->xssFilterHard($err); + die('WSDL ERROR: '.$err); } } @@ -3298,7 +3335,21 @@ class soap_server_colosa extends nusoap_base_colosa { } } elseif ($data == '' && $this->wsdl) { $this->debug("In service, there is no data, so return Web description"); - print $this->wsdl->webDescription(); + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $webDescription = $filter->xssFilterHard($this->wsdl->webDescription()); + + print $webDescription; } else { $this->debug("In service, invoke the request"); $this->parse_request($data); diff --git a/gulliver/thirdparty/pear/nusoap.php b/gulliver/thirdparty/pear/nusoap.php index 9e8c003c7..2f80ca174 100755 --- a/gulliver/thirdparty/pear/nusoap.php +++ b/gulliver/thirdparty/pear/nusoap.php @@ -805,6 +805,20 @@ class nusoap_base { */ function varDump($data) { ob_start(); + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $data = $filter->xssFilterHard($data); + var_dump($data); $ret_val = ob_get_contents(); ob_end_clean(); @@ -3032,7 +3046,16 @@ class soap_transport_http extends nusoap_base { public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } @@ -3254,6 +3277,20 @@ class soap_server extends nusoap_base { $this->appendDebug($this->wsdl->getDebug()); $this->wsdl->clearDebug(); if($err = $this->wsdl->getError()){ + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $err = $filter->xssFilterHard($err); + die('WSDL ERROR: '.$err); } } @@ -3301,7 +3338,21 @@ class soap_server extends nusoap_base { } } elseif ($data == '' && $this->wsdl) { $this->debug("In service, there is no data, so return Web description"); - print $this->wsdl->webDescription(); + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $webDescription = $filter->xssFilterHard($this->wsdl->webDescription()); + + print $webDescription; } else { $this->debug("In service, invoke the request"); $this->parse_request($data); diff --git a/gulliver/thirdparty/pear/nusoapmime.php b/gulliver/thirdparty/pear/nusoapmime.php index e51b09046..51adcfefe 100755 --- a/gulliver/thirdparty/pear/nusoapmime.php +++ b/gulliver/thirdparty/pear/nusoapmime.php @@ -257,7 +257,16 @@ class soapclientmime extends soapclient { public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } @@ -482,7 +491,16 @@ class nusoapservermime extends soap_server { public function encryptOldNusoap($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } ?> diff --git a/gulliver/thirdparty/phing/system/io/PhingFile.php b/gulliver/thirdparty/phing/system/io/PhingFile.php index aa1367b62..2a889f9ca 100755 --- a/gulliver/thirdparty/phing/system/io/PhingFile.php +++ b/gulliver/thirdparty/phing/system/io/PhingFile.php @@ -865,7 +865,16 @@ class PhingFile { public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } ?> diff --git a/gulliver/thirdparty/phing/util/StringHelper.php b/gulliver/thirdparty/phing/util/StringHelper.php index 72f5759f9..3dd1833f4 100755 --- a/gulliver/thirdparty/phing/util/StringHelper.php +++ b/gulliver/thirdparty/phing/util/StringHelper.php @@ -205,7 +205,16 @@ class StringHelper { public function encryptCrc32($string) { - return crc32($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptCrc32($string); } } diff --git a/gulliver/thirdparty/smarty/libs/Smarty.class.php b/gulliver/thirdparty/smarty/libs/Smarty.class.php index 5dcf0f9ac..f6c42bc82 100755 --- a/gulliver/thirdparty/smarty/libs/Smarty.class.php +++ b/gulliver/thirdparty/smarty/libs/Smarty.class.php @@ -1939,7 +1939,16 @@ class Smarty public function encryptCrc32($string) { - return crc32($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptCrc32($string); } } diff --git a/gulliver/thirdparty/smarty/libs/Smarty_Compiler.class.php b/gulliver/thirdparty/smarty/libs/Smarty_Compiler.class.php index a0764f7d4..0b7431587 100755 --- a/gulliver/thirdparty/smarty/libs/Smarty_Compiler.class.php +++ b/gulliver/thirdparty/smarty/libs/Smarty_Compiler.class.php @@ -2302,7 +2302,16 @@ class Smarty_Compiler extends Smarty { public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/tcpdf/barcodes.php b/gulliver/thirdparty/tcpdf/barcodes.php index a820d3ffd..4ebfedffd 100644 --- a/gulliver/thirdparty/tcpdf/barcodes.php +++ b/gulliver/thirdparty/tcpdf/barcodes.php @@ -98,7 +98,7 @@ class TCPDFBarcode { header('Pragma: public'); header('Expires: Sat, 26 Jul 1997 05:00:00 GMT'); // Date in the past header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT'); - header('Content-Disposition: inline; filename="'.md5($code).'.svg";'); + header('Content-Disposition: inline; filename="'.$this->encryptOld($code).'.svg";'); //header('Content-Length: '.strlen($code)); echo $code; } @@ -2280,6 +2280,20 @@ class TCPDFBarcode { } return $table; } + + public function encryptOld($string) + { + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); + } } // end of class //============================================================+ diff --git a/workflow/engine/controllers/adminProxy.php b/workflow/engine/controllers/adminProxy.php index d5e87a230..4979ad2c9 100644 --- a/workflow/engine/controllers/adminProxy.php +++ b/workflow/engine/controllers/adminProxy.php @@ -1076,7 +1076,8 @@ class adminProxy extends HttpProxyController } else { $failed = "3"; } - unlink ($dir . '/tmp' . $fileName); + $path = $filter->xssFilterHard($dir . '/tmp' . $fileName, 'path'); + unlink ($path); } catch (Exception $e) { $failed = "3"; } @@ -1088,6 +1089,7 @@ class adminProxy extends HttpProxyController } $uploaded = $filter->validateInput($uploaded,'int'); $files_img_type = $filter->xssFilterHard($files_img_type); + $failed = $filter->validateInput($failed,'int'); echo '{success: true, failed: ' . $failed . ', uploaded: ' . $uploaded . ', type: "' . $files_img_type . '"}'; exit(); } @@ -1236,6 +1238,11 @@ class adminProxy extends HttpProxyController public function showLogo($imagen) { $info = @getimagesize($imagen); + + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $imagen = $filter->validateInput($imagen, "path"); + $fp = fopen($imagen, "rb"); if ($info && $fp) { header("Content-type: {$info['mime']}"); @@ -1295,6 +1302,11 @@ class adminProxy extends HttpProxyController } $newDir .= PATH_SEP.$base64Id; $dir .= PATH_SEP.$base64Id; + + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $dir = $filter->validateInput($dir, "path"); + copy($dir,$newDir); self::showLogo($newDir); die; diff --git a/workflow/engine/controllers/installer.php b/workflow/engine/controllers/installer.php index e0248996e..a94fd7a9e 100755 --- a/workflow/engine/controllers/installer.php +++ b/workflow/engine/controllers/installer.php @@ -321,8 +321,14 @@ class Installer extends Controller G::verifyPath( $aux['dirname'], true ); if (is_dir( $aux['dirname'] )) { if (! file_exists( $_REQUEST['pathLogFile'] )) { - @file_put_contents( $_REQUEST['pathLogFile'], '' ); - @chmod($_REQUEST['pathShared'], 0770); + + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $pathLogFile = $filter->validateInput($_REQUEST['pathLogFile'], "path"); + $pathShared = $filter->validateInput($_REQUEST['pathShared'], "path"); + + @file_put_contents( $pathLogFile, '' ); + @chmod($pathShared, 0770); } } } @@ -769,6 +775,8 @@ class Installer extends Controller } $this->installLog( G::LoadTranslation('ID_CREATING', SYS_LANG, Array($db_file) )); + + $db_file = $filter->validateInput($db_file, "path"); file_put_contents( $db_file, $dbText ); // Generate the databases.php file @@ -789,6 +797,8 @@ class Installer extends Controller $databasesText = str_replace( '{dbData}', $dbData, @file_get_contents( PATH_HOME . 'engine/templates/installer/databases.tpl' ) ); $this->installLog( G::LoadTranslation('ID_CREATING', SYS_LANG, Array($databases_file) )); + + $databases_file = $filter->validateInput($databases_file, "path"); file_put_contents( $databases_file, $databasesText ); // Execute scripts to create and populates databases @@ -843,10 +853,10 @@ class Installer extends Controller $query = sprintf( "USE %s;", $wf_workpace ); $this->mysqlQuery( $query ); - $query = sprintf( "UPDATE USERS SET USR_USERNAME = '%s', USR_LASTNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, $adminUsername, md5( $adminPassword ) ); + $query = sprintf( "UPDATE USERS SET USR_USERNAME = '%s', USR_LASTNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, $adminUsername, G::encryptOld( $adminPassword ) ); $this->mysqlQuery( $query ); - $query = sprintf( "UPDATE RBAC_USERS SET USR_USERNAME = '%s', USR_LASTNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, $adminUsername, md5( $adminPassword ) ); + $query = sprintf( "UPDATE RBAC_USERS SET USR_USERNAME = '%s', USR_LASTNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, $adminUsername, G::encryptOld( $adminPassword ) ); $this->mysqlQuery( $query ); // Write the paths_installed.php file (contains all the information configured so far) @@ -1091,6 +1101,8 @@ class Installer extends Controller } $this->installLog( G::LoadTranslation('ID_CREATING', SYS_LANG, Array($db_file) )); + + $db_file = $filter->validateInput($db_file, "path"); file_put_contents( $db_file, $dbText ); // Generate the databases.php file @@ -1111,6 +1123,8 @@ class Installer extends Controller $databasesText = str_replace( '{dbData}', $dbData, @file_get_contents( PATH_HOME . 'engine/templates/installer/databases.tpl' ) ); $this->installLog( G::LoadTranslation('ID_CREATING', SYS_LANG, Array($databases_file) )); + + $databases_file = $filter->validateInput($databases_file, "path"); file_put_contents( $databases_file, $databasesText ); //execute scripts to create and populates databases @@ -1237,32 +1251,32 @@ class Installer extends Controller $info = new stdclass(); if ($_REQUEST['db_engine'] == 'mysql') { - $_REQUEST['db_hostname'] = $filter->validateInput($_REQUEST['db_hostname']); - $_REQUEST['db_username'] = $filter->validateInput($_REQUEST['db_username']); - $_REQUEST['db_password'] = $filter->validateInput($_REQUEST['db_password']); - $link = @mysql_connect( $_REQUEST['db_hostname'], $_REQUEST['db_username'], $_REQUEST['db_password'] ); + $db_hostname = $filter->validateInput($_REQUEST['db_hostname']); + $db_username = $filter->validateInput($_REQUEST['db_username']); + $db_password = $filter->validateInput($_REQUEST['db_password']); + $link = @mysql_connect( $db_hostname, $db_username, $db_password ); $_REQUEST['wfDatabase'] = $filter->validateInput($_REQUEST['wfDatabase'], 'nosql'); $query = "show databases like '%s' "; $query = $filter->preventSqlInjection( $query, array($_REQUEST['wfDatabase']) ); $dataset = @mysql_query( $query, $link ); $info->wfDatabaseExists = (@mysql_num_rows( $dataset ) > 0); } else if ($_REQUEST['db_engine'] == 'mssql') { - $link = @mssql_connect( $_REQUEST['db_hostname'], $_REQUEST['db_username'], $_REQUEST['db_password'] ); + $link = @mssql_connect( $db_hostname, $db_username, $db_password ); $_REQUEST['wfDatabase'] = $filter->validateInput($_REQUEST['wfDatabase'], 'nosql'); $query = "select * from sys.databases where name = '%s' "; $query = $filter->preventSqlInjection( $query, array($_REQUEST['wfDatabase']) ); $dataset = @mssql_query( $query , $link ); $info->wfDatabaseExists = (@mssql_num_rows( $dataset ) > 0); } else if ($_REQUEST['db_engine'] == 'sqlsrv') { - $arguments = array("UID" => $_REQUEST['db_username'], "PWD" => $_REQUEST['db_password']); - $link = @sqlsrv_connect( $_REQUEST['db_hostname'], $arguments); + $arguments = array("UID" => $db_username, "PWD" => $db_password); + $link = @sqlsrv_connect( $db_hostname, $arguments); $_REQUEST['wfDatabase'] = $filter->validateInput($_REQUEST['wfDatabase'], 'nosql'); $query = "select * from sys.databases where name = '%s' "; $query = $filter->preventSqlInjection( $query, array($_REQUEST['wfDatabase']) ); $dataset = @sqlsrv_query( $link, $query ); $info->wfDatabaseExists = (@sqlsrv_num_rows( $dataset ) > 0); } else { - $link = @mssql_connect( $_REQUEST['db_hostname'], $_REQUEST['db_username'], $_REQUEST['db_password'] ); + $link = @mssql_connect( $db_hostname, $db_username, $db_password ); $_REQUEST['wfDatabase'] = $filter->validateInput($_REQUEST['wfDatabase'], 'nosql'); $query = "select * from sys.databases where name = '%s' "; $query = $filter->preventSqlInjection( $query, array($_REQUEST['wfDatabase']) ); @@ -1670,6 +1684,7 @@ class Installer extends Controller $db_password = trim( $_REQUEST['db_password'] ); $db_password = $filter->validateInput($db_password); $wf = trim( $_REQUEST['wfDatabase'] ); + $wf = $filter->validateInput($wf); $db_host = ($db_port != '' && $db_port != 3306) ? $db_hostname . ':' . $db_port : $db_hostname; diff --git a/workflow/engine/includes/inc.JSForms.php b/workflow/engine/includes/inc.JSForms.php index e1cfd4f5a..0976c4c11 100755 --- a/workflow/engine/includes/inc.JSForms.php +++ b/workflow/engine/includes/inc.JSForms.php @@ -47,6 +47,7 @@ function RefreshDependentFields(ObjectName, Fields, InitValue) { global $HTTP_GET_VARS; if ($HTTP_SESSION_VARS['CURRENT_APPLICATION'] == '') $HTTP_SESSION_VARS['CURRENT_APPLICATION'] = '0'; $appid = $HTTP_SESSION_VARS['CURRENT_APPLICATION']; + $appid = $filter->xssFilterHard($appid); if ($HTTP_GET_VARS['dynaform'] != ''){ $Dynaform = '&__dynaform__=' . $HTTP_GET_VARS['dynaform']; $Dynaform = $filter->xssFilterHard($Dynaform); diff --git a/workflow/engine/methods/cases/cases_Ajax.php b/workflow/engine/methods/cases/cases_Ajax.php index a494ff921..37fb6ce20 100755 --- a/workflow/engine/methods/cases/cases_Ajax.php +++ b/workflow/engine/methods/cases/cases_Ajax.php @@ -254,13 +254,13 @@ switch (($_POST['action']) ? $_POST['action'] : $_REQUEST['action']) { switch ($_POST['TAS_ASSIGN_TYPE']) { // switch verify $_POST['TAS_ASSIGN_TYPE'] case 'BALANCED': - $_POST['USR_UID'] = $filter->xssFilterHard($_POST['USR_UID']); + $USR_UID = $filter->xssFilterHard($_POST['USR_UID']); G::LoadClass( 'user' ); $oUser = new User( new DBConnection() ); - $oUser->load( $_POST['USR_UID'] ); + $oUser->load( $USR_UID ); $oUser->Fields['USR_FIRSTNAME'] = $filter->xssFilterHard($oUser->Fields['USR_FIRSTNAME']); $oUser->Fields['USR_LASTNAME'] = $filter->xssFilterHard($oUser->Fields['USR_LASTNAME']); - echo $oUser->Fields['USR_FIRSTNAME'] . ' ' . $oUser->Fields['USR_LASTNAME'] . ''; + echo $oUser->Fields['USR_FIRSTNAME'] . ' ' . $oUser->Fields['USR_LASTNAME'] . ''; break; case 'MANUAL': $sAux = ''; } else { $ID_EMPTY = $filter->xssFilterHard(G::LoadTranslation( 'ID_EMPTY' )); - echo 'Error: ' . $_POST['TAS_ASSIGN_VARIABLE'] . ' ' . $ID_EMPTY; + echo 'Error: ' . $TAS_ASSIGN_VARIABLE . ' ' . $ID_EMPTY; echo ''; } break; @@ -461,14 +461,14 @@ switch (($_POST['action']) ? $_POST['action'] : $_REQUEST['action']) { $cases->reassignCase( $_SESSION['APPLICATION'], $_SESSION['INDEX'], $_SESSION['USER_LOGGED'], $_POST['USR_UID'], $_POST['THETYPE'] ); break; case 'toRevisePanel': - $_POST['APP_UID'] = $filter->xssFilterHard($_POST['APP_UID']); - $_POST['DEL_INDEX'] = $filter->xssFilterHard($_POST['DEL_INDEX']); + $APP_UID = $filter->xssFilterHard($_POST['APP_UID']); + $DEL_INDEX = $filter->xssFilterHard($_POST['DEL_INDEX']); - $_GET['APP_UID'] = $_POST['APP_UID']; - $_GET['DEL_INDEX'] = $_POST['DEL_INDEX']; + $_GET['APP_UID'] = $APP_UID; + $_GET['DEL_INDEX'] = $DEL_INDEX; $G_PUBLISH = new Publisher(); - echo ""; + echo ""; // $G_PUBLISH->AddContent( 'smarty', 'cases/cases_toRevise' ); // $G_PUBLISH->AddContent('smarty', 'cases/cases_toReviseIn', '', '', array()); G::RenderPage( 'publish', 'raw' ); diff --git a/workflow/engine/methods/cases/proxyNewCasesList.php b/workflow/engine/methods/cases/proxyNewCasesList.php index e17092ca8..46fcfa3dc 100644 --- a/workflow/engine/methods/cases/proxyNewCasesList.php +++ b/workflow/engine/methods/cases/proxyNewCasesList.php @@ -147,7 +147,8 @@ try { $response['data'] = $result; $filtersData['action'] = $filters["action"]; $response['totalCount'] = $list->countTotal($userUid, $filtersData); - + + $response = $filter->xssFilterHard($response); echo G::json_encode($response); } catch (Exception $e) { $msg = array("error" => $e->getMessage()); diff --git a/workflow/engine/methods/setup/pluginsRemove.php b/workflow/engine/methods/setup/pluginsRemove.php index cbc34384c..f242d5558 100755 --- a/workflow/engine/methods/setup/pluginsRemove.php +++ b/workflow/engine/methods/setup/pluginsRemove.php @@ -41,15 +41,16 @@ switch ($RBAC->userCanAccess('PM_SETUP_ADVANCE')) G::LoadClass( "plugin" ); G::LoadSystem('inputfilter'); $filter = new InputFilter(); -$pluginName = $_REQUEST["pluginUid"]; +$pluginName = $_REQUEST['pluginUid']; +$pluginName = $filter->xssFilterHard($pluginName); if (file_exists( PATH_PLUGINS . $pluginName . ".php" )) { $pluginRegistry = &PMPluginRegistry::getSingleton(); $pluginRegistry->uninstallPlugin( $pluginName ); - - $pluginRegistry->unSerializeInstance( file_get_contents( PATH_DATA_SITE . "plugin.singleton" ) ); + $path = $filter->validateInput(PATH_DATA_SITE . 'plugin.singleton', 'path'); + $pluginRegistry->unSerializeInstance( file_get_contents( $path ) ); } G::auditLog("RemovePlugin","Plugin Name: ".$pluginName); -echo $pluginName . " " . nl2br( $filter->xssFilterHard(G::LoadTranslation( "ID_MSG_REMOVE_PLUGIN_SUCCESS" )) ); +echo $pluginName . ' ' . nl2br( $filter->xssFilterHard(G::LoadTranslation( 'ID_MSG_REMOVE_PLUGIN_SUCCESS' )) ); diff --git a/workflow/engine/methods/setup/setup.php b/workflow/engine/methods/setup/setup.php index 978cddd1c..da2a6dff8 100755 --- a/workflow/engine/methods/setup/setup.php +++ b/workflow/engine/methods/setup/setup.php @@ -78,10 +78,10 @@ $G_PUBLISH->AddContent( 'template', '', '', '', $template ); G::RenderPage( 'publish' ); if (isset( $_GET['module'] )) { $module = $filter->xssFilterHard($_GET['module']); - print " + print ' - "; + '; }