fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I solved XSS in Thirdparty files

Browse Source
This commit is contained in:
Paula V. Quispe
2015-04-06 16:54:57 -04:00
parent 4824edcf80
commit ec26547def
9 changed files with 45 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
workflow/engine/methods/oauth2/grant.php
View File

@@ -14,7 +14,7 @@ $code = empty($_GET['code']) ? 'NN' : $_GET['code'];
$clientId = 'x-pm-local-client';
$secret = '179ad45c6ce2cb97cf1029e212046e81';
$userPwd = $clientId.':'.$secret;
$data = array(
'grant_type' => 'authorization_code',
'code' => $code
@@ -23,7 +23,7 @@ $data = array(
$ch = curl_init($endpoint);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_USERPWD, $clientId.':'.$secret);
curl_setopt($ch, CURLOPT_USERPWD, $userPwd);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);