fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I reviewed XSS

Browse Source
This commit is contained in:
Paula V. Quispe
2015-03-20 16:02:57 -04:00
parent 49428ab37e
commit dda8a2a245
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
gulliver/system/class.soapNtlm.php
View File

@@ -184,6 +184,9 @@ class soapNtlm
*/ */
private function createBuffer ($path) private function createBuffer ($path)
{ {
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$path = $filter->xssFilterHard($path, "url");
if ($this->buffer) { if ($this->buffer) {
return; return;
} }
@@ -198,6 +201,7 @@ class soapNtlm
//Apply proxy settings //Apply proxy settings
if (class_exists( 'System' )) { if (class_exists( 'System' )) {
$sysConf = System::getSystemConfiguration(); $sysConf = System::getSystemConfiguration();
$sysConf = $filter->xssFilterHard($sysConf);
if ($sysConf['proxy_host'] != '') { if ($sysConf['proxy_host'] != '') {
curl_setopt( $this->ch, CURLOPT_PROXY, $sysConf['proxy_host'] . ($sysConf['proxy_port'] != '' ? ':' . $sysConf['proxy_port'] : '') ); curl_setopt( $this->ch, CURLOPT_PROXY, $sysConf['proxy_host'] . ($sysConf['proxy_port'] != '' ? ':' . $sysConf['proxy_port'] : '') );
if ($sysConf['proxy_port'] != '') { if ($sysConf['proxy_port'] != '') {

2
workflow/engine/classes/class.Upgrade.php
View File

@@ -33,6 +33,8 @@ class Upgrade
public function install() public function install()
{ {
G::LoadSystem('inputfilter');
$filter = new InputFilter();
//echo "Starting core installation...\n"; //echo "Starting core installation...\n";
$start = microtime(1); $start = microtime(1);
$filename = $this->addon->getDownloadFilename(); $filename = $this->addon->getDownloadFilename();