fernando/luos
1
0
Fork 0
Code Releases Activity

Merged in mcuiza/processmaker/PM-VERAC-1 (pull request #1663)

Browse Source 
code injection (very high)
This commit is contained in:
Julio Cesar Laura Avendaño
2015-03-12 18:14:20 -04:00
parent d609cf7d0b 010e259fd5
commit e778677796
2 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
workflow/engine/src/ProcessMaker/BusinessModel/Process.php
View File

@@ -169,6 +169,10 @@ class Process
public function throwExceptionIfDataNotMetFieldDefinition($arrayData, $arrayFieldDefinition, $arrayFieldNameForException, $flagValidateRequired = true)
{
try {
\G::LoadSystem('inputfilter');
$filter = new \InputFilter();
if ($flagValidateRequired) {
foreach ($arrayFieldDefinition as $key => $value) {
$fieldName = $key;
@@ -187,6 +191,7 @@ class Process
foreach ($arrayData as $key => $value) {
$fieldName = $key;
$fieldValue = $value;
if (isset($arrayFieldDefinition[$fieldName])) {
$fieldNameAux = (isset($arrayFieldNameForException[$arrayFieldDefinition[$fieldName]["fieldNameAux"]]))? $arrayFieldNameForException[$arrayFieldDefinition[$fieldName]["fieldNameAux"]] : "";
@@ -281,6 +286,7 @@ class Process
}
if (is_string($fieldValue) && trim($fieldValue) . "" != "") {
$fieldValue = $filter->validateInput($fieldValue);
eval("\$arrayAux = $fieldValue;");
}