fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged in victorsl/processmaker/HOR-1363-31 (pull request #4470)

Browse Source 
HOR-1363
This commit is contained in:
Julio Cesar Laura Avendaño
2016-07-06 17:26:31 -04:00
parent a6cd2681ce 57a246b51c
commit dc50dadfb1
2 changed files with 38 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
gulliver/system/class.inputfilter.php
View File

@@ -661,4 +661,35 @@ class InputFilter
$sanitizefilteredPath = mb_ereg_replace("(^~)", '', $sanitizefilteredPath); $sanitizefilteredPath = mb_ereg_replace("(^~)", '', $sanitizefilteredPath);
return $sanitizefilteredPath; return $sanitizefilteredPath;
} }
/**
* Filter only characters valids by regular expression
*
* @param mixed $data Data
* @param mixed $regex Regular expression
*
* @return mixed Returns data with the characters valids by regular expression
*/
function xssRegexFilter($data, $regex)
{
try {
switch (gettype($data)) {
case 'array':
foreach ($data as $key => $value) {
$data[$key] = $this->xssRegexFilter($value, (is_array($regex))? ((isset($regex[$key]))? $regex[$key] : '') : $regex);
}
break;
default:
if ($regex != '') {
$data = (preg_match_all($regex, $data, $arrayMatch))? implode('', $arrayMatch[0]) : '';
}
break;
}
//Return
return $data;
} catch (Exception $e) {
throw $e;
}
}
} }

6
workflow/engine/methods/cases/cases_Step.php
View File

@@ -1,4 +1,10 @@
<?php <?php
$filter = new InputFilter();
list($_GET['UID'], $_GET['TYPE'], $_GET['POSITION'], $_GET['ACTION']) = $filter->xssRegexFilter(
[$_GET['UID'], $_GET['TYPE'], $_GET['POSITION'], $_GET['ACTION']], '/[\-\w]/'
);
if (!isset($_SESSION['USER_LOGGED'])) { if (!isset($_SESSION['USER_LOGGED'])) {
if(!strpos($_SERVER['REQUEST_URI'], 'gmail')) { if(!strpos($_SERVER['REQUEST_URI'], 'gmail')) {
$responseObject = new stdclass(); $responseObject = new stdclass();