From dda8a2a2453f0026ce981b64465f96aabcc4a6ee Mon Sep 17 00:00:00 2001
From: "Paula V. Quispe" <paula.quispe@colosa.com>
Date: Fri, 20 Mar 2015 16:02:57 -0400
Subject: [PATCH] I reviewed XSS

---
 gulliver/system/class.soapNtlm.php        | 4 ++++
 workflow/engine/classes/class.Upgrade.php | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/gulliver/system/class.soapNtlm.php b/gulliver/system/class.soapNtlm.php
index 28ff4a933..6db6bb2a9 100644
--- a/gulliver/system/class.soapNtlm.php
+++ b/gulliver/system/class.soapNtlm.php
@@ -184,6 +184,9 @@ class soapNtlm
      */
     private function createBuffer ($path)
     {
+        G::LoadSystem('inputfilter');
+        $filter = new InputFilter();
+        $path = $filter->xssFilterHard($path, "url");
         if ($this->buffer) {
             return;
         }
@@ -198,6 +201,7 @@ class soapNtlm
         //Apply proxy settings
         if (class_exists( 'System' )) {
             $sysConf = System::getSystemConfiguration();
+            $sysConf = $filter->xssFilterHard($sysConf);
             if ($sysConf['proxy_host'] != '') {
                 curl_setopt( $this->ch, CURLOPT_PROXY, $sysConf['proxy_host'] . ($sysConf['proxy_port'] != '' ? ':' . $sysConf['proxy_port'] : '') );
                 if ($sysConf['proxy_port'] != '') {
diff --git a/workflow/engine/classes/class.Upgrade.php b/workflow/engine/classes/class.Upgrade.php
index b7a06ef12..2126ebf4d 100644
--- a/workflow/engine/classes/class.Upgrade.php
+++ b/workflow/engine/classes/class.Upgrade.php
@@ -33,6 +33,8 @@ class Upgrade
 
     public function install()
     {
+        G::LoadSystem('inputfilter');
+        $filter = new InputFilter();
         //echo "Starting core installation...\n";
         $start = microtime(1);
         $filename = $this->addon->getDownloadFilename();