I solved XSS in Thirdparty files

2015-04-06 16:54:57 -04:00
parent 4824edcf80
commit ec26547def
9 changed files with 45 additions and 14 deletions
--- a/workflow/engine/controllers/adminProxy.php
+++ b/workflow/engine/controllers/adminProxy.php
@@ -1086,6 +1086,8 @@ class adminProxy extends HttpProxyController
        } elseif ($files_img_type != '') {
            $failed = "1";
        }
+        $uploaded = $filter->validateInput($uploaded,'int');
+        $files_img_type = $filter->xssFilterHard($files_img_type);
        echo '{success: true, failed: ' . $failed . ', uploaded: ' . $uploaded . ', type: "' . $files_img_type . '"}';
        exit();
    }