diff --git a/workflow/engine/classes/class.dynaformEditor.php b/workflow/engine/classes/class.dynaformEditor.php index f59ae7c9d..b87f488d9 100755 --- a/workflow/engine/classes/class.dynaformEditor.php +++ b/workflow/engine/classes/class.dynaformEditor.php @@ -515,6 +515,8 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax */ public function restore_html($A) { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); $script = null; $fileTmp = G::decrypt($A, URL_KEY); $form = new Form($fileTmp, PATH_DYNAFORM, SYS_LANG, true); @@ -527,10 +529,11 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax $form->enableTemplate = false; $html = $form->printTemplate($form->template, $script); $html = str_replace('{$form_className}', 'formDefault', $html); - if (file_exists(PATH_DYNAFORM . $fileTmp . '.html')) { - unlink(PATH_DYNAFORM . $fileTmp . '.html'); + $pathTmp = $filter->xssFilterHard(PATH_DYNAFORM . $fileTmp . '.html', 'path'); + if (file_exists($pathTmp)) { + unlink($pathTmp); } - $fp = fopen(PATH_DYNAFORM . $fileTmp . '.html', 'w'); + $fp = fopen($pathTmp, 'w'); fwrite($fp, $html); fclose($fp); @@ -546,6 +549,8 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax public function set_htmlcode($A, $htmlcode) { try { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); $iOcurrences = preg_match_all('/\{\$.*?\}/im', $htmlcode, $matches); if ($iOcurrences) { if (isset($matches[0])) { @@ -561,6 +566,7 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax $file = G::decrypt($A, URL_KEY); $form = new Form($file, PATH_DYNAFORM, SYS_LANG, true); $filename = substr($form->fileName, 0, - 3) . ($form->type === 'xmlform' ? '' : '.' . $form->type) . 'html'; + $filename = $filter->xssFilterHard($filename, 'path'); $fp = fopen($filename, 'w'); fwrite($fp, $htmlcode); fclose($fp); @@ -598,10 +604,13 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax */ public function set_xmlcode($A, $xmlcode) { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); $xmlcode = urldecode($xmlcode); $file = G::decrypt($A, URL_KEY); $xmlcode = str_replace(' ', ' ', trim($xmlcode)); - $fp = fopen(PATH_DYNAFORM . $file . '.xml', 'w'); + $pathFile = $filter->xssFilterHard(PATH_DYNAFORM . $file . '.xml', "path"); + $fp = fopen($pathFile, 'w'); fwrite($fp, $xmlcode); fclose($fp); return ""; @@ -647,6 +656,9 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax */ public function set_javascript($A, $fieldName, $sCode, $meta = '') { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $fieldName = $filter->xssFilterHard($fieldName, 'path'); if ($fieldName == '___pm_boot_strap___') { return 0; } @@ -661,8 +673,8 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax */ G::LoadSystem('dynaformhandler'); - - $dynaform = new dynaFormHandler(PATH_DYNAFORM . "{$file}.xml"); + $pathFile = $filter->xssFilterHard(PATH_DYNAFORM . "{$file}.xml", 'path'); + $dynaform = new dynaFormHandler($pathFile); $dynaform->replace($fieldName, $fieldName, Array('type' => 'javascript', 'meta' => $meta, '#cdata' => $sCode )); @@ -716,6 +728,8 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax public function set_properties($A, $DYN_UID, $getFields) { try { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); $post = array(); parse_str($getFields, $post); $Fields = $post['form']; @@ -729,8 +743,9 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax $tmp['Properties'] = $Fields; self::_setTmpData($tmp); } - $dynaform = new dynaFormHandler(PATH_DYNAFORM . "{$file}.xml"); - $dbc2 = new DBConnection(PATH_DYNAFORM . $file . '.xml', '', '', '', 'myxml'); + $pathFile = $filter->xssFilterHard(PATH_DYNAFORM . "{$file}.xml", 'path'); + $dynaform = new dynaFormHandler($pathFile); + $dbc2 = new DBConnection($pathFile, '', '', '', 'myxml'); $ses2 = new DBSession($dbc2); //if (!isset($Fields['ENABLETEMPLATE'])) $Fields['ENABLETEMPLATE'] ="0"; @@ -791,13 +806,15 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax */ public function set_enabletemplate($A, $value) { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); $file = G::decrypt($A, URL_KEY); $value = $value == "1" ? "1" : "0"; // $dbc2 = new DBConnection( PATH_DYNAFORM . $file . '.xml', '', '', '', 'myxml' ); // $ses2 = new DBSession( $dbc2 ); // $ses2->execute( "UPDATE . SET ENABLETEMPLATE = '$value'" ); - - $dynaform = new dynaFormHandler(PATH_DYNAFORM . "{$file}.xml"); + $pathFile = $filter->xssFilterHard(PATH_DYNAFORM . "{$file}.xml", 'path'); + $dynaform = new dynaFormHandler($pathFile); $dynaform->modifyHeaderAttribute('enabletemplate', $value); return $value; diff --git a/workflow/engine/classes/class.system.php b/workflow/engine/classes/class.system.php index 4e11f5f96..a1c1f4175 100755 --- a/workflow/engine/classes/class.system.php +++ b/workflow/engine/classes/class.system.php @@ -281,11 +281,14 @@ class System */ public function verifyFileForUpgrade () { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); $upgradeFilename = isset( $_FILES['form']['name']['UPGRADE_FILENAME'] ) ? $_FILES['form']['name']['UPGRADE_FILENAME'] : ''; $tempFilename = isset( $_FILES['form']['tmp_name']['UPGRADE_FILENAME'] ) ? $_FILES['form']['tmp_name']['UPGRADE_FILENAME'] : ''; $this->sRevision = str_replace( '.tar.gz', '', str_replace( 'pmos-patch-', '', $upgradeFilename ) ); $sTemFilename = $tempFilename; - $this->sFilename = PATH_DATA . 'upgrade' . PATH_SEP . $upgradeFilename; + $pathFile = $filter->xssFilterHard(PATH_DATA . 'upgrade' . PATH_SEP . $upgradeFilename, 'path'); + $this->sFilename = $pathFile; $this->sPath = dirname( $this->sFilename ) . PATH_SEP; G::mk_dir( PATH_DATA . 'upgrade' ); if (! move_uploaded_file( $sTemFilename, $this->sFilename )) { @@ -615,8 +618,12 @@ class System } } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + //clean up xmlform folders $sDir = PATH_C . 'xmlform'; + $sDir = $filter->xssFilterHard($sDir, 'path'); if (file_exists( $sDir ) && is_dir( $sDir )) { $oDirectory = dir( $sDir ); while ($sObjectName = $oDirectory->read()) { @@ -729,8 +736,11 @@ class System */ public static function getPluginSchema ($pluginName) { - if (file_exists( PATH_PLUGINS . $pluginName . "/config/schema.xml" )) { - return System::getSchema( PATH_PLUGINS . $pluginName . "/config/schema.xml" ); + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $pathFile = $filter->xssFilterHard(PATH_PLUGINS . $pluginName . "/config/schema.xml", 'path'); + if (file_exists( $pathFile )) { + return System::getSchema( $pathFile ); } else { return false; } diff --git a/workflow/engine/methods/cases/casesStreamingFile.php b/workflow/engine/methods/cases/casesStreamingFile.php index fdc5c1ffb..66dc2bc17 100644 --- a/workflow/engine/methods/cases/casesStreamingFile.php +++ b/workflow/engine/methods/cases/casesStreamingFile.php @@ -54,6 +54,9 @@ exit; function rangeDownload($location,$mimeType) { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $location = $filter->xssFilterHard($location, "path"); if (!file_exists($location)) { header ("HTTP/1.0 404 Not Found");