diff --git a/gulliver/system/class.database_mssql.php b/gulliver/system/class.database_mssql.php index e631f6bf2..da3b157fa 100755 --- a/gulliver/system/class.database_mssql.php +++ b/gulliver/system/class.database_mssql.php @@ -747,11 +747,14 @@ class database extends database_base public function getServerVersion ($driver, $dbIP, $dbPort, $dbUser, $dbPasswd, $dbSourcename) { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $DB_NAME = $filter->validateInput(DB_NAME); if (strlen( trim( $dbIP ) ) <= 0) { $dbIP = DB_HOST; } if ($link = @mssql_connect( $dbIP, $dbUser, $dbPasswd )) { - @mssql_select_db( DB_NAME, $link ); + @mssql_select_db( $DB_NAME, $link ); $oResult = @mssql_query( "select substring(@@version, 21, 6) + ' (' + CAST(SERVERPROPERTY ('productlevel') as varchar(10)) + ') ' + CAST(SERVERPROPERTY('productversion') AS VARCHAR(15)) + ' ' + CAST(SERVERPROPERTY ('edition') AS VARCHAR(25)) as version; ", $link ); $aResult = @mssql_fetch_array( $oResult ); @mssql_free_result( $oResult ); @@ -813,9 +816,12 @@ class database extends database_base */ public function reportTableExist () { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $DB_NAME = $filter->validateInput(DB_NAME); $bExists = true; $oConnection = mssql_connect( DB_HOST, DB_USER, DB_PASS ); - mssql_select_db( DB_NAME ); + mssql_select_db( $DB_NAME ); $oDataset = mssql_query( 'SELECT COUNT(*) FROM REPORT_TABLE' ) || ($bExists = false); return $bExists; @@ -835,10 +841,13 @@ class database extends database_base */ public function tableExists ($table, $db) { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $DB_NAME = $filter->validateInput(DB_NAME); $sql = "SELECT * FROM sysobjects WHERE name='" . $table . "' AND type='u'"; $bExists = true; $oConnection = mssql_connect( DB_HOST, DB_USER, DB_PASS ); - mssql_select_db( DB_NAME ); + mssql_select_db( $DB_NAME ); $oDataset = mssql_query( $sql ) || ($bExists = false); return $bExists; } diff --git a/gulliver/system/class.database_mysql.php b/gulliver/system/class.database_mysql.php index 44bf43ec6..658330431 100755 --- a/gulliver/system/class.database_mysql.php +++ b/gulliver/system/class.database_mysql.php @@ -853,9 +853,12 @@ class database extends database_base */ public function reportTableExist () { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $DB_NAME = $filter->validateInput(DB_NAME); $bExists = true; $oConnection = mysql_connect( DB_HOST, DB_USER, DB_PASS ); - mysql_select_db( DB_NAME ); + mysql_select_db( $DB_NAME ); $oDataset = mysql_query( 'SELECT COUNT(*) FROM REPORT_TABLE' ) || ($bExists = false); return $bExists; diff --git a/workflow/engine/classes/class.net.php b/workflow/engine/classes/class.net.php index 78e3e2e0a..4091f5ffe 100755 --- a/workflow/engine/classes/class.net.php +++ b/workflow/engine/classes/class.net.php @@ -208,6 +208,13 @@ class NET */ public function tryConnectServer($pDbDriver, array $arrayServerData = array()) { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $this->ip = $filter->validateInput($this->ip); + $this->db_port = $filter->validateInput($this->db_port,'int'); + $this->db_user = $filter->validateInput($this->db_user); + $this->db_passwd = $filter->validateInput($this->db_passwd); + $this->db_sourcename = $filter->validateInput($this->db_sourcename); if ($this->errno != 0) { return 0; } @@ -324,6 +331,13 @@ class NET */ public function tryOpenDataBase($pDbDriver, array $arrayServerData = array()) { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $this->ip = $filter->validateInput($this->ip); + $this->db_port = $filter->validateInput($this->db_port,'int'); + $this->db_user = $filter->validateInput($this->db_user); + $this->db_passwd = $filter->validateInput($this->db_passwd); + $this->db_sourcename = $filter->validateInput($this->db_sourcename); if ($this->errno != 0) { return 0; } diff --git a/workflow/engine/controllers/installer.php b/workflow/engine/controllers/installer.php index d1c19d0a1..76b32e2ce 100755 --- a/workflow/engine/controllers/installer.php +++ b/workflow/engine/controllers/installer.php @@ -658,6 +658,8 @@ class Installer extends Controller public function createMySQLWorkspace () { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); ini_set( 'max_execution_time', '0' ); $info = new StdClass(); $info->result = false; @@ -666,8 +668,11 @@ class Installer extends Controller $db_hostname = trim( $_REQUEST['db_hostname'] ); $db_port = trim( $_REQUEST['db_port'] ); + $db_port = $filter->validateInput($db_port); $db_username = trim( $_REQUEST['db_username'] ); + $db_username = $filter->validateInput($db_username); $db_password = trim( $_REQUEST['db_password'] ); + $db_password = $filter->validateInput($db_password); $wf = trim( $_REQUEST['wfDatabase'] ); $rb = trim( $_REQUEST['wfDatabase'] ); $rp = trim( $_REQUEST['wfDatabase'] ); @@ -678,9 +683,12 @@ class Installer extends Controller $pathShared = trim( $_REQUEST['pathShared'] ); $pathXmlforms = trim( $_REQUEST['pathXmlforms'] ); $adminPassword = trim( $_REQUEST['adminPassword'] ); + $adminPassword = $filter->validateInput($adminPassword); $adminUsername = trim( $_REQUEST['adminUsername'] ); + $adminUsername = $filter->validateInput($adminUsername); $deleteDB = ($_REQUEST['deleteDB'] == 'true'); $userLogged = (isset($_REQUEST['userLogged']) ? ($_REQUEST['userLogged'] == 'true') : false); + $userLogged = $filter->validateInput($userLogged); if (substr( $pathShared, - 1 ) != '/') { $pathShared .= '/'; @@ -986,6 +994,8 @@ class Installer extends Controller public function createMSSQLWorkspace () { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); ini_set( 'max_execution_time', '0' ); $info = new stdClass(); @@ -993,9 +1003,13 @@ class Installer extends Controller $info->message = ''; $db_hostname = trim( $_REQUEST['db_hostname'] ); + $db_hostname = $filter->validateInput($db_hostname); $db_port = trim( $_REQUEST['db_port'] ); + $db_port = $filter->validateInput($db_port); $db_username = trim( $_REQUEST['db_username'] ); + $db_username = $filter->validateInput($db_username); $db_password = trim( $_REQUEST['db_password'] ); + $db_password = $filter->validateInput($db_password); $wf = trim( $_REQUEST['wfDatabase'] ); $rb = trim( $_REQUEST['wfDatabase'] ); $rp = trim( $_REQUEST['wfDatabase'] ); @@ -1268,9 +1282,13 @@ class Installer extends Controller return $info; } $db_hostname = $_REQUEST['db_hostname']; - $db_port = $_REQUEST['db_port']; + $db_hostname = $filter->validateInput($db_hostname); + $db_port = $_REQUEST['db_port']; + $db_port = $filter->validateInput($db_port); $db_username = $_REQUEST['db_username']; + $db_username = $filter->validateInput($db_username); $db_password = $_REQUEST['db_password']; + $db_password = $filter->validateInput($db_password); $fp = @fsockopen( $db_hostname, $db_port, $errno, $errstr, 30 ); if (! $fp) { $info->message .= G::LoadTranslation('ID_CONNECTION_ERROR', SYS_LANG, Array("$errstr ($errno)")); @@ -1303,6 +1321,8 @@ class Installer extends Controller private function testMSSQLconnection () { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); $info = new stdClass(); $info->result = false; $info->message = ''; @@ -1313,9 +1333,13 @@ class Installer extends Controller } $db_hostname = $_REQUEST['db_hostname']; - $db_port = $_REQUEST['db_port']; + $db_hostname = $filter->validateInput($db_hostname); + $db_port = $_REQUEST['db_port']; + $db_port = $filter->validateInput($db_port); $db_username = $_REQUEST['db_username']; + $db_username = $filter->validateInput($db_username); $db_password = $_REQUEST['db_password']; + $db_password = $filter->validateInput($db_password); $fp = @fsockopen( $db_hostname, $db_port, $errno, $errstr, 30 ); if (! $fp) { @@ -1483,6 +1507,8 @@ class Installer extends Controller public function buildParternExtras($username, $password, $workspace, $lang, $skinName) { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); ini_set('max_execution_time', '0'); ini_set('memory_limit', '256M'); @@ -1503,8 +1529,11 @@ class Installer extends Controller chmod($cookiefile, 0777); $user = urlencode($username); + $user = $filter->validateInput($user); $pass = urlencode($password); + $pass = $filter->validateInput($pass); $lang = urlencode($lang); + $lang = $filter->validateInput($lang); $ch = curl_init(); @@ -1622,9 +1651,13 @@ class Installer extends Controller $namePlugin = $dataPlugin['filename']; if ($value != 'enterprise') { $db_hostname = trim( $_REQUEST['db_hostname'] ); + $db_hostname = $filter->validateInput($db_hostname); $db_port = trim( $_REQUEST['db_port'] ); + $db_port = $filter->validateInput($db_port); $db_username = trim( $_REQUEST['db_username'] ); + $db_username = $filter->validateInput($db_username); $db_password = trim( $_REQUEST['db_password'] ); + $db_password = $filter->validateInput($db_password); $wf = trim( $_REQUEST['wfDatabase'] ); $db_host = ($db_port != '' && $db_port != 3306) ? $db_hostname . ':' . $db_port : $db_hostname;