Merged in mcuiza/processmaker/PM-VERAC-1 (pull request #1663)
code injection (very high)
This commit is contained in:
Julio Cesar Laura Avendaño
@@ -1,5 +1,4 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* class.bootstrap.php
|
||||
*
|
||||
@@ -8,7 +7,6 @@
|
||||
*/
|
||||
class Bootstrap
|
||||
{
|
||||
|
||||
public static $includeClassPaths = array();
|
||||
public static $includePaths = array();
|
||||
protected $relativeIncludePaths = array();
|
||||
@@ -461,6 +459,11 @@ class Bootstrap
|
||||
*/
|
||||
public function streamFile($file, $download = false, $downloadFileName = '', $forceLoad = false)
|
||||
{
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$file = $filter->xssFilterHard($file);
|
||||
$downloadFileName = $filter->xssFilterHard($downloadFileName);
|
||||
|
||||
$fileNameIni = $file;
|
||||
|
||||
$browserCacheFilesUid = G::browserCacheFilesGetUid();
|
||||
@@ -477,11 +480,8 @@ class Bootstrap
|
||||
//trick to generate the translation.language.js file , merging two files
|
||||
if (strtolower($typefile) == 'js' && $typearray[0] == 'translation') {
|
||||
Bootstrap::sendHeaders($fileNameIni, "text/javascript", $download, $downloadFileName);
|
||||
|
||||
$output = Bootstrap::streamJSTranslationFile($filename, $typearray[count($typearray) - 2]);
|
||||
|
||||
echo $output;
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -2895,6 +2895,11 @@ class Bootstrap
|
||||
$hashType = Bootstrap::getPasswordHashType();
|
||||
}
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$hashType = $filter->validateInput($hashType);
|
||||
$pass = $filter->validateInput($pass);
|
||||
|
||||
eval("\$var = hash('" . $hashType . "', '" . $pass . "');");
|
||||
|
||||
if ($includeHashType) {
|
||||
|
||||
@@ -169,6 +169,10 @@ class Process
|
||||
public function throwExceptionIfDataNotMetFieldDefinition($arrayData, $arrayFieldDefinition, $arrayFieldNameForException, $flagValidateRequired = true)
|
||||
{
|
||||
try {
|
||||
|
||||
\G::LoadSystem('inputfilter');
|
||||
$filter = new \InputFilter();
|
||||
|
||||
if ($flagValidateRequired) {
|
||||
foreach ($arrayFieldDefinition as $key => $value) {
|
||||
$fieldName = $key;
|
||||
@@ -188,6 +192,7 @@ class Process
|
||||
$fieldName = $key;
|
||||
$fieldValue = $value;
|
||||
|
||||
|
||||
if (isset($arrayFieldDefinition[$fieldName])) {
|
||||
$fieldNameAux = (isset($arrayFieldNameForException[$arrayFieldDefinition[$fieldName]["fieldNameAux"]]))? $arrayFieldNameForException[$arrayFieldDefinition[$fieldName]["fieldNameAux"]] : "";
|
||||
|
||||
@@ -281,6 +286,7 @@ class Process
|
||||
}
|
||||
|
||||
if (is_string($fieldValue) && trim($fieldValue) . "" != "") {
|
||||
$fieldValue = $filter->validateInput($fieldValue);
|
||||
eval("\$arrayAux = $fieldValue;");
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user