fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I solved some issues with Directory traversal

Browse Source
This commit is contained in:
Paula V. Quispe
2015-03-26 14:55:51 -04:00
parent c2d32d4f59
commit f4664ce34c
3 changed files with 43 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
workflow/engine/classes/class.dynaformEditor.php
View File

@@ -515,6 +515,8 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax
*/ */
public function restore_html($A) public function restore_html($A)
{ {
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$script = null; $script = null;
$fileTmp = G::decrypt($A, URL_KEY); $fileTmp = G::decrypt($A, URL_KEY);
$form = new Form($fileTmp, PATH_DYNAFORM, SYS_LANG, true); $form = new Form($fileTmp, PATH_DYNAFORM, SYS_LANG, true);
@@ -527,10 +529,11 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax
$form->enableTemplate = false; $form->enableTemplate = false;
$html = $form->printTemplate($form->template, $script); $html = $form->printTemplate($form->template, $script);
$html = str_replace('{$form_className}', 'formDefault', $html); $html = str_replace('{$form_className}', 'formDefault', $html);
if (file_exists(PATH_DYNAFORM . $fileTmp . '.html')) { $pathTmp = $filter->xssFilterHard(PATH_DYNAFORM . $fileTmp . '.html', 'path');
unlink(PATH_DYNAFORM . $fileTmp . '.html'); if (file_exists($pathTmp)) {
unlink($pathTmp);
} }
$fp = fopen(PATH_DYNAFORM . $fileTmp . '.html', 'w'); $fp = fopen($pathTmp, 'w');
fwrite($fp, $html); fwrite($fp, $html);
fclose($fp); fclose($fp);
@@ -546,6 +549,8 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax
public function set_htmlcode($A, $htmlcode) public function set_htmlcode($A, $htmlcode)
{ {
try { try {
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$iOcurrences = preg_match_all('/\{\$.*?\}/im', $htmlcode, $matches); $iOcurrences = preg_match_all('/\{\$.*?\}/im', $htmlcode, $matches);
if ($iOcurrences) { if ($iOcurrences) {
if (isset($matches[0])) { if (isset($matches[0])) {
@@ -561,6 +566,7 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax
$file = G::decrypt($A, URL_KEY); $file = G::decrypt($A, URL_KEY);
$form = new Form($file, PATH_DYNAFORM, SYS_LANG, true); $form = new Form($file, PATH_DYNAFORM, SYS_LANG, true);
$filename = substr($form->fileName, 0, - 3) . ($form->type === 'xmlform' ? '' : '.' . $form->type) . 'html'; $filename = substr($form->fileName, 0, - 3) . ($form->type === 'xmlform' ? '' : '.' . $form->type) . 'html';
$filename = $filter->xssFilterHard($filename, 'path');
$fp = fopen($filename, 'w'); $fp = fopen($filename, 'w');
fwrite($fp, $htmlcode); fwrite($fp, $htmlcode);
fclose($fp); fclose($fp);
@@ -598,10 +604,13 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax
*/ */
public function set_xmlcode($A, $xmlcode) public function set_xmlcode($A, $xmlcode)
{ {
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$xmlcode = urldecode($xmlcode); $xmlcode = urldecode($xmlcode);
$file = G::decrypt($A, URL_KEY); $file = G::decrypt($A, URL_KEY);
$xmlcode = str_replace(' ', ' ', trim($xmlcode)); $xmlcode = str_replace(' ', ' ', trim($xmlcode));
$fp = fopen(PATH_DYNAFORM . $file . '.xml', 'w'); $pathFile = $filter->xssFilterHard(PATH_DYNAFORM . $file . '.xml', "path");
$fp = fopen($pathFile, 'w');
fwrite($fp, $xmlcode); fwrite($fp, $xmlcode);
fclose($fp); fclose($fp);
return ""; return "";
@@ -647,6 +656,9 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax
*/ */
public function set_javascript($A, $fieldName, $sCode, $meta = '') public function set_javascript($A, $fieldName, $sCode, $meta = '')
{ {
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$fieldName = $filter->xssFilterHard($fieldName, 'path');
if ($fieldName == '___pm_boot_strap___') { if ($fieldName == '___pm_boot_strap___') {
return 0; return 0;
} }
@@ -661,8 +673,8 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax
*/ */
G::LoadSystem('dynaformhandler'); G::LoadSystem('dynaformhandler');
$pathFile = $filter->xssFilterHard(PATH_DYNAFORM . "{$file}.xml", 'path');
$dynaform = new dynaFormHandler(PATH_DYNAFORM . "{$file}.xml"); $dynaform = new dynaFormHandler($pathFile);
$dynaform->replace($fieldName, $fieldName, Array('type' => 'javascript', 'meta' => $meta, '#cdata' => $sCode $dynaform->replace($fieldName, $fieldName, Array('type' => 'javascript', 'meta' => $meta, '#cdata' => $sCode
)); ));
@@ -716,6 +728,8 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax
public function set_properties($A, $DYN_UID, $getFields) public function set_properties($A, $DYN_UID, $getFields)
{ {
try { try {
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$post = array(); $post = array();
parse_str($getFields, $post); parse_str($getFields, $post);
$Fields = $post['form']; $Fields = $post['form'];
@@ -729,8 +743,9 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax
$tmp['Properties'] = $Fields; $tmp['Properties'] = $Fields;
self::_setTmpData($tmp); self::_setTmpData($tmp);
} }
$dynaform = new dynaFormHandler(PATH_DYNAFORM . "{$file}.xml"); $pathFile = $filter->xssFilterHard(PATH_DYNAFORM . "{$file}.xml", 'path');
$dbc2 = new DBConnection(PATH_DYNAFORM . $file . '.xml', '', '', '', 'myxml'); $dynaform = new dynaFormHandler($pathFile);
$dbc2 = new DBConnection($pathFile, '', '', '', 'myxml');
$ses2 = new DBSession($dbc2); $ses2 = new DBSession($dbc2);
//if (!isset($Fields['ENABLETEMPLATE'])) $Fields['ENABLETEMPLATE'] ="0"; //if (!isset($Fields['ENABLETEMPLATE'])) $Fields['ENABLETEMPLATE'] ="0";
@@ -791,13 +806,15 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax
*/ */
public function set_enabletemplate($A, $value) public function set_enabletemplate($A, $value)
{ {
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$file = G::decrypt($A, URL_KEY); $file = G::decrypt($A, URL_KEY);
$value = $value == "1" ? "1" : "0"; $value = $value == "1" ? "1" : "0";
// $dbc2 = new DBConnection( PATH_DYNAFORM . $file . '.xml', '', '', '', 'myxml' ); // $dbc2 = new DBConnection( PATH_DYNAFORM . $file . '.xml', '', '', '', 'myxml' );
// $ses2 = new DBSession( $dbc2 ); // $ses2 = new DBSession( $dbc2 );
// $ses2->execute( "UPDATE . SET ENABLETEMPLATE = '$value'" ); // $ses2->execute( "UPDATE . SET ENABLETEMPLATE = '$value'" );
$pathFile = $filter->xssFilterHard(PATH_DYNAFORM . "{$file}.xml", 'path');
$dynaform = new dynaFormHandler(PATH_DYNAFORM . "{$file}.xml"); $dynaform = new dynaFormHandler($pathFile);
$dynaform->modifyHeaderAttribute('enabletemplate', $value); $dynaform->modifyHeaderAttribute('enabletemplate', $value);
return $value; return $value;

16
workflow/engine/classes/class.system.php
View File

@@ -281,11 +281,14 @@ class System
*/ */
public function verifyFileForUpgrade () public function verifyFileForUpgrade ()
{ {
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$upgradeFilename = isset( $_FILES['form']['name']['UPGRADE_FILENAME'] ) ? $_FILES['form']['name']['UPGRADE_FILENAME'] : ''; $upgradeFilename = isset( $_FILES['form']['name']['UPGRADE_FILENAME'] ) ? $_FILES['form']['name']['UPGRADE_FILENAME'] : '';
$tempFilename = isset( $_FILES['form']['tmp_name']['UPGRADE_FILENAME'] ) ? $_FILES['form']['tmp_name']['UPGRADE_FILENAME'] : ''; $tempFilename = isset( $_FILES['form']['tmp_name']['UPGRADE_FILENAME'] ) ? $_FILES['form']['tmp_name']['UPGRADE_FILENAME'] : '';
$this->sRevision = str_replace( '.tar.gz', '', str_replace( 'pmos-patch-', '', $upgradeFilename ) ); $this->sRevision = str_replace( '.tar.gz', '', str_replace( 'pmos-patch-', '', $upgradeFilename ) );
$sTemFilename = $tempFilename; $sTemFilename = $tempFilename;
$this->sFilename = PATH_DATA . 'upgrade' . PATH_SEP . $upgradeFilename; $pathFile = $filter->xssFilterHard(PATH_DATA . 'upgrade' . PATH_SEP . $upgradeFilename, 'path');
$this->sFilename = $pathFile;
$this->sPath = dirname( $this->sFilename ) . PATH_SEP; $this->sPath = dirname( $this->sFilename ) . PATH_SEP;
G::mk_dir( PATH_DATA . 'upgrade' ); G::mk_dir( PATH_DATA . 'upgrade' );
if (! move_uploaded_file( $sTemFilename, $this->sFilename )) { if (! move_uploaded_file( $sTemFilename, $this->sFilename )) {
@@ -615,8 +618,12 @@ class System
} }
} }
G::LoadSystem('inputfilter');
$filter = new InputFilter();
//clean up xmlform folders //clean up xmlform folders
$sDir = PATH_C . 'xmlform'; $sDir = PATH_C . 'xmlform';
$sDir = $filter->xssFilterHard($sDir, 'path');
if (file_exists( $sDir ) && is_dir( $sDir )) { if (file_exists( $sDir ) && is_dir( $sDir )) {
$oDirectory = dir( $sDir ); $oDirectory = dir( $sDir );
while ($sObjectName = $oDirectory->read()) { while ($sObjectName = $oDirectory->read()) {
@@ -729,8 +736,11 @@ class System
*/ */
public static function getPluginSchema ($pluginName) public static function getPluginSchema ($pluginName)
{ {
if (file_exists( PATH_PLUGINS . $pluginName . "/config/schema.xml" )) { G::LoadSystem('inputfilter');
return System::getSchema( PATH_PLUGINS . $pluginName . "/config/schema.xml" ); $filter = new InputFilter();
$pathFile = $filter->xssFilterHard(PATH_PLUGINS . $pluginName . "/config/schema.xml", 'path');
if (file_exists( $pathFile )) {
return System::getSchema( $pathFile );
} else { } else {
return false; return false;
} }

3
workflow/engine/methods/cases/casesStreamingFile.php
View File

@@ -54,6 +54,9 @@ exit;
function rangeDownload($location,$mimeType) function rangeDownload($location,$mimeType)
{ {
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$location = $filter->xssFilterHard($location, "path");
if (!file_exists($location)) if (!file_exists($location))
{ {
header ("HTTP/1.0 404 Not Found"); header ("HTTP/1.0 404 Not Found");