fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xss-4

Browse Source
This commit is contained in:
marcelo.cuiza
2015-03-20 17:21:22 -04:00
parent 21718ac715
commit f548e1464c
2 changed files with 28 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
gulliver/js/tinymce/jscripts/tiny_mce/plugins/pmSimpleUploader/uploader.php vendored
View File

@@ -35,7 +35,15 @@
</head>
<body>
<?php
$Action = isset($_GET["q"]) ? $_GET["q"] : "none";
G::LoadSystem('inputfilter');
$filter = new InputFilter();
if(isset($_GET["q"])) {
$_GET["q"] = $filter->xssFilterHard($_GET["q"]);
$Action = $_GET["q"];
} else {
$Action = "none";
}
//$Action = isset($_GET["q"]) ? $_GET["q"] : "none";
if($Action =="none"){
displayUploadForm();
}else if($Action=="upload"){
@@ -50,6 +58,12 @@
// displays the upload form
function displayUploadForm()
{
G::LoadSystem('inputfilter');
$filter = new InputFilter();
if(isset($_SERVER["QUERY_STRING"])) {
$_SERVER["QUERY_STRING"] = $filter->xssFilterHard($_SERVER["QUERY_STRING"],'url');
}
$html = "
<div id=\"containerDataForm\">
<form method=\"post\" enctype=\"multipart/form-data\" action=\"uploader.php?" . $_SERVER["QUERY_STRING"] . "&q=upload\" onsubmit=\"return validateForm();\">
@@ -70,6 +84,10 @@ function displayUploadForm()
// uploads the file to the destination path, and returns a link with link path substituted for destination path
function uploadContentFile()
{
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_FILES["upload_file"] = $filter->xssFilterHard($_FILES["upload_file"]);
$StatusMessage = "";
$ActualFileName = "";
$DestPath = sys_get_temp_dir();
@@ -85,6 +103,9 @@ function uploadContentFile()
function showPopUp($PopupText)
{
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$PopupText = $filter->xssFilterHard($PopupText);
echo "<script type=\"text/javascript\" language=\"javascript\">alert (\"$PopupText\");</script>";
}

6
workflow/engine/methods/cases/proxyCasesList.php
View File

@@ -1,4 +1,10 @@
<?php
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_GET = $filter->xssFilterHard($_GET);
$_REQUEST = $filter->xssFilterHard($_REQUEST);
$_SESSION['USER_LOGGED'] = $filter->xssFilterHard($_SESSION['USER_LOGGED']);
if (!isset($_SESSION['USER_LOGGED'])) {
$responseObject = new stdclass();
$responseObject->error = G::LoadTranslation('ID_LOGIN_AGAIN');