fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xss-4

Browse Source
This commit is contained in:
marcelo.cuiza
2015-03-20 17:21:22 -04:00
parent 21718ac715
commit f548e1464c
2 changed files with 28 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
gulliver/js/tinymce/jscripts/tiny_mce/plugins/pmSimpleUploader/uploader.php vendored
View File

@@ -35,7 +35,15 @@
</head> </head>
<body> <body>
<?php <?php
$Action = isset($_GET["q"]) ? $_GET["q"] : "none"; G::LoadSystem('inputfilter');
$filter = new InputFilter();
if(isset($_GET["q"])) {
$_GET["q"] = $filter->xssFilterHard($_GET["q"]);
$Action = $_GET["q"];
} else {
$Action = "none";
}
//$Action = isset($_GET["q"]) ? $_GET["q"] : "none";
if($Action =="none"){ if($Action =="none"){
displayUploadForm(); displayUploadForm();
}else if($Action=="upload"){ }else if($Action=="upload"){
@@ -50,6 +58,12 @@
// displays the upload form // displays the upload form
function displayUploadForm() function displayUploadForm()
{ {
G::LoadSystem('inputfilter');
$filter = new InputFilter();
if(isset($_SERVER["QUERY_STRING"])) {
$_SERVER["QUERY_STRING"] = $filter->xssFilterHard($_SERVER["QUERY_STRING"],'url');
}
$html = " $html = "
<div id=\"containerDataForm\"> <div id=\"containerDataForm\">
<form method=\"post\" enctype=\"multipart/form-data\" action=\"uploader.php?" . $_SERVER["QUERY_STRING"] . "&q=upload\" onsubmit=\"return validateForm();\"> <form method=\"post\" enctype=\"multipart/form-data\" action=\"uploader.php?" . $_SERVER["QUERY_STRING"] . "&q=upload\" onsubmit=\"return validateForm();\">
@@ -70,6 +84,10 @@ function displayUploadForm()
// uploads the file to the destination path, and returns a link with link path substituted for destination path // uploads the file to the destination path, and returns a link with link path substituted for destination path
function uploadContentFile() function uploadContentFile()
{ {
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_FILES["upload_file"] = $filter->xssFilterHard($_FILES["upload_file"]);
$StatusMessage = ""; $StatusMessage = "";
$ActualFileName = ""; $ActualFileName = "";
$DestPath = sys_get_temp_dir(); $DestPath = sys_get_temp_dir();
@@ -85,6 +103,9 @@ function uploadContentFile()
function showPopUp($PopupText) function showPopUp($PopupText)
{ {
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$PopupText = $filter->xssFilterHard($PopupText);
echo "<script type=\"text/javascript\" language=\"javascript\">alert (\"$PopupText\");</script>"; echo "<script type=\"text/javascript\" language=\"javascript\">alert (\"$PopupText\");</script>";
} }

6
workflow/engine/methods/cases/proxyCasesList.php
View File

@@ -1,4 +1,10 @@
<?php <?php
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_GET = $filter->xssFilterHard($_GET);
$_REQUEST = $filter->xssFilterHard($_REQUEST);
$_SESSION['USER_LOGGED'] = $filter->xssFilterHard($_SESSION['USER_LOGGED']);
if (!isset($_SESSION['USER_LOGGED'])) { if (!isset($_SESSION['USER_LOGGED'])) {
$responseObject = new stdclass(); $responseObject = new stdclass();
$responseObject->error = G::LoadTranslation('ID_LOGIN_AGAIN'); $responseObject->error = G::LoadTranslation('ID_LOGIN_AGAIN');