Security Issues - Improvements

- Se añadieron validaciones para sanitizar los valores enviados.

workflow/engine/methods/cases/casesMenuLoader.php

@@ -1,5 +1,7 @@
 <?php
-$action = isset( $_GET['action'] ) ? $_GET['action'] : 'default';
+
+$action = isset( $_GET['action'] ) ? G::sanitizeInput($_GET['action'])  : 'default';
+
 G::LoadClass( 'case' );
 G::LoadClass( 'configuration' );
 $userId = isset( $_SESSION['USER_LOGGED'] ) ? $_SESSION['USER_LOGGED'] : '00000000000000000000000000000000';

workflow/engine/methods/login/authentication.php

@@ -240,14 +240,14 @@ try {
             if (strpos($_SERVER['HTTP_REFERER'], 'processes/processes_Map?PRO_UID=') !== false) {
                 $sLocation = $_SERVER['HTTP_REFERER'];
             } else {
-                $sLocation = $_REQUEST['form']['URL'];
+                $sLocation = G::sanitizeInput($_REQUEST['form']['URL']);
             }
         } else {
-            $sLocation = $_REQUEST['form']['URL'];
+            $sLocation = G::sanitizeInput($_REQUEST['form']['URL']);
         }
     } else {
         if (isset($_REQUEST['u']) && $_REQUEST['u'] != '') {
-            $sLocation = $_REQUEST['u'];
+            $sLocation = G::sanitizeInput($_REQUEST['u']);
         } else {
             $sLocation = $oUserProperty->redirectTo($_SESSION['USER_LOGGED'], $lang);
         }

workflow/engine/methods/setup/mainAjax.php

@@ -1,7 +1,7 @@
 <?php
 ob_start();
 
-$request = isset( $_POST['request'] ) ? $_POST['request'] : (isset( $_GET['request'] ) ? $_GET['request'] : null);
+$request = isset( $_POST['request'] ) ? G::sanitizeInput($_POST['request']) : (isset( $_GET['request'] ) ? G::sanitizeInput($_GET['request']) : null);
 
 switch ($request) {
     case 'loadMenu':