diff --git a/gulliver/js/tinymce/jscripts/tiny_mce/plugins/pmSimpleUploader/uploader.php b/gulliver/js/tinymce/jscripts/tiny_mce/plugins/pmSimpleUploader/uploader.php index f0331fbe7..4ea183dc0 100644 --- a/gulliver/js/tinymce/jscripts/tiny_mce/plugins/pmSimpleUploader/uploader.php +++ b/gulliver/js/tinymce/jscripts/tiny_mce/plugins/pmSimpleUploader/uploader.php @@ -35,7 +35,15 @@ xssFilterHard($_GET["q"]); + $Action = $_GET["q"]; + } else { + $Action = "none"; + } + //$Action = isset($_GET["q"]) ? $_GET["q"] : "none"; if($Action =="none"){ displayUploadForm(); }else if($Action=="upload"){ @@ -50,6 +58,12 @@ // displays the upload form function displayUploadForm() { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + if(isset($_SERVER["QUERY_STRING"])) { + $_SERVER["QUERY_STRING"] = $filter->xssFilterHard($_SERVER["QUERY_STRING"],'url'); + } + $html = "
@@ -70,6 +84,10 @@ function displayUploadForm() // uploads the file to the destination path, and returns a link with link path substituted for destination path function uploadContentFile() { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $_FILES["upload_file"] = $filter->xssFilterHard($_FILES["upload_file"]); + $StatusMessage = ""; $ActualFileName = ""; $DestPath = sys_get_temp_dir(); @@ -85,6 +103,9 @@ function uploadContentFile() function showPopUp($PopupText) { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $PopupText = $filter->xssFilterHard($PopupText); echo ""; } diff --git a/workflow/engine/methods/cases/proxyCasesList.php b/workflow/engine/methods/cases/proxyCasesList.php index cab3ed544..74d5937b9 100755 --- a/workflow/engine/methods/cases/proxyCasesList.php +++ b/workflow/engine/methods/cases/proxyCasesList.php @@ -1,4 +1,10 @@ xssFilterHard($_GET); +$_REQUEST = $filter->xssFilterHard($_REQUEST); +$_SESSION['USER_LOGGED'] = $filter->xssFilterHard($_SESSION['USER_LOGGED']); + if (!isset($_SESSION['USER_LOGGED'])) { $responseObject = new stdclass(); $responseObject->error = G::LoadTranslation('ID_LOGIN_AGAIN');