Security Issues - Improvements

- Se añadieron validaciones para sanitizar los valores enviados.
2013-11-15 15:29:07 -04:00
parent 096480f308
commit e40ca19dcc
6 changed files with 393 additions and 6 deletions
--- a/workflow/engine/methods/login/authentication.php
+++ b/workflow/engine/methods/login/authentication.php
@@ -240,14 +240,14 @@ try {
            if (strpos($_SERVER['HTTP_REFERER'], 'processes/processes_Map?PRO_UID=') !== false) {
                $sLocation = $_SERVER['HTTP_REFERER'];
            } else {
-                $sLocation = $_REQUEST['form']['URL'];
+                $sLocation = G::sanitizeInput($_REQUEST['form']['URL']);
            }
        } else {
-            $sLocation = $_REQUEST['form']['URL'];
+            $sLocation = G::sanitizeInput($_REQUEST['form']['URL']);
        }
    } else {
        if (isset($_REQUEST['u']) && $_REQUEST['u'] != '') {
-            $sLocation = $_REQUEST['u'];
+            $sLocation = G::sanitizeInput($_REQUEST['u']);
        } else {
            $sLocation = $oUserProperty->redirectTo($_SESSION['USER_LOGGED'], $lang);
        }