From 03dd440644696a6ed8d4f8d5b34aa1da7601b2a0 Mon Sep 17 00:00:00 2001
From: Victor Saisa Lopez <victor@colosa.com>
Date: Fri, 4 Sep 2015 14:10:46 -0400
Subject: [PATCH] PM-3383 "0018219: No valida el src del campo image" SOLVED

Issue:
    0018219: No valida el src del campo image
Cause:
    URL invalida en el atributo "src" del tag <img>, esto ocasiona que se haga un "redirect" al login
Solution:
    Si la URL es invalida entonces se redirige a la pagina 404 "not found"
---
 gulliver/system/class.bootstrap.php | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php
index d09defa5d..a9fe4f872 100644
--- a/gulliver/system/class.bootstrap.php
+++ b/gulliver/system/class.bootstrap.php
@@ -672,13 +672,13 @@ class Bootstrap
     {
         Bootstrap::LoadSystem('inputfilter');
         $filter = new InputFilter();
-        
+
         $path = PATH_GULLIVER . 'class.' . $strClass . '.php';
         $path = $filter->validateInput($path, "path");
-        
+
         $classfile = Bootstrap::ExpandPath("classes") . 'class.' . $strClass . '.php';
         $classfile = $filter->validateInput($classfile, "path");
-        
+
         if (!file_exists($classfile)) {
             if (file_exists($path)) {
                 return require_once ($path);
@@ -2130,14 +2130,19 @@ class Bootstrap
         array_shift($uriVars);
 
         $args = array();
-        $args['SYS_LANG'] = array_shift($uriVars);
-        $args['SYS_SKIN'] = array_shift($uriVars);
-        $args['SYS_COLLECTION'] = array_shift($uriVars);
-        $args['SYS_TARGET'] = array_shift($uriVars);
+
+        $element = array_shift($uriVars);
+        $args["SYS_LANG"] = (preg_match("/^[\w\-]+$/", $element))? $element : "";
+
+        $element = array_shift($uriVars);
+        $args["SYS_SKIN"] = (preg_match("/^[\w\-]+$/", $element))? $element : "";
+
+        $args["SYS_COLLECTION"] = array_shift($uriVars);
+        $args["SYS_TARGET"] = array_shift($uriVars);
 
         //to enable more than 2 directories...in the methods structure
-        while (count($uriVars) > 0) {
-            $args['SYS_TARGET'] .= '/' . array_shift($uriVars);
+        while (!empty($uriVars)) {
+            $args["SYS_TARGET"] = $args["SYS_TARGET"] . "/" . array_shift($uriVars);
         }
 
         /* Fix to prevent use uxs skin outside siplified interface,
@@ -2942,3 +2947,4 @@ class Bootstrap
         return md5($string);
     }
 }
+