fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PMCORE-1976 Use of ampersand in password will produce wrong credentials error upon login.

Browse Source
This commit is contained in:
Roly Rudy Gutierrez Pinto
2020-09-09 15:46:15 -04:00
parent e31ad1f404
commit f6e81b4cac
7 changed files with 37 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
workflow/engine/methods/users/usersAjax.php
View File

@@ -2,17 +2,6 @@
use ProcessMaker\BusinessModel\User as BmUser;
// Sanitizing the values sent in the global variables
$filter = new InputFilter();
$_POST = $filter->xssFilterHard($_POST);
if (isset($_SESSION['USER_LOGGED'])) {
$_SESSION['USER_LOGGED'] = $filter->xssFilterHard($_SESSION['USER_LOGGED']);
}
if (isset($_SESSION['USR_USERNAME'])) {
$_SESSION['USR_USERNAME'] = $filter->xssFilterHard($_SESSION['USR_USERNAME']);
}
// Initializing variables
$action = !empty($_POST['action']) ? $_POST['action'] : '';
$result = new StdClass();
@@ -149,7 +138,7 @@ try {
if (!empty($form["USR_EMAIL"])) {
$form["USR_EMAIL"] = strtolower($form["USR_EMAIL"]);
}
switch ($_POST['action']) {
case 'saveUser':
if (!$user->checkPermission($_SESSION['USER_LOGGED'], 'PM_USERS')) {