diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php old mode 100755 new mode 100644 diff --git a/gulliver/thirdparty/html2ps_pdf/output._generic.class.php b/gulliver/thirdparty/html2ps_pdf/output._generic.class.php index 51e51559e..a793d2050 100755 --- a/gulliver/thirdparty/html2ps_pdf/output._generic.class.php +++ b/gulliver/thirdparty/html2ps_pdf/output._generic.class.php @@ -324,7 +324,16 @@ class OutputDriverGeneric extends OutputDriver { public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/html2ps_pdf/output.pdflib.1.6.class.php b/gulliver/thirdparty/html2ps_pdf/output.pdflib.1.6.class.php index a3f875ebe..71c14294d 100755 --- a/gulliver/thirdparty/html2ps_pdf/output.pdflib.1.6.class.php +++ b/gulliver/thirdparty/html2ps_pdf/output.pdflib.1.6.class.php @@ -224,7 +224,16 @@ class OutputDriverPdflib16 extends OutputDriverPdflib { public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } ?> \ No newline at end of file diff --git a/gulliver/thirdparty/html2ps_pdf/pdf.fpdf.encryption.php b/gulliver/thirdparty/html2ps_pdf/pdf.fpdf.encryption.php index 01666981d..0d3df8d0d 100755 --- a/gulliver/thirdparty/html2ps_pdf/pdf.fpdf.encryption.php +++ b/gulliver/thirdparty/html2ps_pdf/pdf.fpdf.encryption.php @@ -220,7 +220,16 @@ class FPDF_Protection extends FPDF public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/pear/HTTP/Request.php b/gulliver/thirdparty/pear/HTTP/Request.php index 4149a8e70..6a4cd8688 100755 --- a/gulliver/thirdparty/pear/HTTP/Request.php +++ b/gulliver/thirdparty/pear/HTTP/Request.php @@ -935,7 +935,16 @@ class HTTP_Request { public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/pear/HTTP/WebDAV/Server.php b/gulliver/thirdparty/pear/HTTP/WebDAV/Server.php index 22fe4cec4..e361be448 100755 --- a/gulliver/thirdparty/pear/HTTP/WebDAV/Server.php +++ b/gulliver/thirdparty/pear/HTTP/WebDAV/Server.php @@ -668,8 +668,21 @@ class HTTP_WebDAV_Server if(!is_array($file) || empty($file) || !isset($file["path"])) continue; $path = $file['path']; if(!is_string($path) || $path==="") continue; + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $ns_defs = $filter->xssFilterHard($ns_defs); - echo " \n"; + echo ' \n'; /* TODO right now the user implementation has to make sure collections end in a slash, this should be done in here @@ -808,12 +821,25 @@ class HTTP_WebDAV_Server $this->http_status("207 Multi-Status"); header('Content-Type: text/xml; charset="utf-8"'); + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $_mergePathes = $filter->xssFilterHard($this->_urlencode($this->_mergePathes($_SERVER["SCRIPT_NAME"], $this->path))); echo "\n"; echo "\n"; echo " \n"; - echo " ".$this->_urlencode($this->_mergePathes($_SERVER["SCRIPT_NAME"], $this->path))."\n"; + echo " ".$_mergePathes."\n"; foreach($options["props"] as $prop) { echo " \n"; @@ -1131,7 +1157,21 @@ class HTTP_WebDAV_Server case 'HTTP_CONTENT_ENCODING': // RFC 2616 14.11 // TODO support this if ext/zlib filters are available $this->http_status("501 not implemented"); - echo "The service does not support '$val' content encoding"; + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $val = $filter->xssFilterHard($val); + + echo 'The service does not support \''.$val.'\' content encoding'; return; case 'HTTP_CONTENT_LANGUAGE': // RFC 2616 14.12 @@ -1176,7 +1216,21 @@ class HTTP_WebDAV_Server default: // any other unknown Content-* headers $this->http_status("501 not implemented"); - echo "The service does not support '$key'"; + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $key = $filter->xssFilterHard($key); + + echo 'The service does not support \''.$key.'\' '; return; } } @@ -1375,6 +1429,20 @@ class HTTP_WebDAV_Server } else { $timeout = "Infinite"; } + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $options = $filter->xssFilterHard($options); + $timeout = $filter->xssFilterHard($timeout); header('Content-Type: text/xml; charset="utf-8"'); header("Lock-Token: <$options[locktoken]>"); @@ -2007,6 +2075,15 @@ class HTTP_WebDAV_Server public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/pear/Log/observer.php b/gulliver/thirdparty/pear/Log/observer.php index 12679a9e3..7cbe26369 100755 --- a/gulliver/thirdparty/pear/Log/observer.php +++ b/gulliver/thirdparty/pear/Log/observer.php @@ -129,6 +129,15 @@ class Log_observer public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/pear/Log/sql.php b/gulliver/thirdparty/pear/Log/sql.php index 37c6e6bed..9c6777ab2 100755 --- a/gulliver/thirdparty/pear/Log/sql.php +++ b/gulliver/thirdparty/pear/Log/sql.php @@ -294,6 +294,15 @@ class Log_sql extends Log public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/pear/Log/sqlite.php b/gulliver/thirdparty/pear/Log/sqlite.php index 30cf17e42..0473e069f 100755 --- a/gulliver/thirdparty/pear/Log/sqlite.php +++ b/gulliver/thirdparty/pear/Log/sqlite.php @@ -224,7 +224,16 @@ class Log_sqlite extends Log public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/pear/Net/FTP/Observer.php b/gulliver/thirdparty/pear/Net/FTP/Observer.php index 24fd014c7..3069ec30d 100755 --- a/gulliver/thirdparty/pear/Net/FTP/Observer.php +++ b/gulliver/thirdparty/pear/Net/FTP/Observer.php @@ -100,7 +100,16 @@ class Net_FTP_Observer public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/pear/Net/POP3.php b/gulliver/thirdparty/pear/Net/POP3.php index e26051bd8..8c6b7cda0 100755 --- a/gulliver/thirdparty/pear/Net/POP3.php +++ b/gulliver/thirdparty/pear/Net/POP3.php @@ -1221,7 +1221,16 @@ class Net_POP3 { public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } diff --git a/gulliver/thirdparty/pear/PEAR/Command/Package.php b/gulliver/thirdparty/pear/PEAR/Command/Package.php index fe1fe03ff..2db434e3f 100755 --- a/gulliver/thirdparty/pear/PEAR/Command/Package.php +++ b/gulliver/thirdparty/pear/PEAR/Command/Package.php @@ -467,13 +467,17 @@ Wrote: /usr/src/redhat/RPMS/i386/PEAR::Net_Socket-1.0-1.i386.rpm $plist = implode(" ", $params); $cmd = "$php -C -d include_path=$cwd$ps$ip -f $run_tests -- $plist"; - $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); - $docuroot = explode( '/', $realdocuroot ); - array_pop( $docuroot ); - $pathhome = implode( '/', $docuroot ) . '/'; - array_pop( $docuroot ); - $pathTrunk = implode( '/', $docuroot ) . '/'; - require_once($pathTrunk.'gulliver/system/class.inputfilter.php'); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + + G::LoadSystem('inputfilter'); $filter = new InputFilter(); $cmd = $filter->validateInput($cmd); diff --git a/gulliver/thirdparty/pear/PEAR/Remote.php b/gulliver/thirdparty/pear/PEAR/Remote.php index cc5556641..b6108e2b4 100755 --- a/gulliver/thirdparty/pear/PEAR/Remote.php +++ b/gulliver/thirdparty/pear/PEAR/Remote.php @@ -364,7 +364,16 @@ class PEAR_Remote extends PEAR public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/pear/SOAP/Interop/interop_client_run.php b/gulliver/thirdparty/pear/SOAP/Interop/interop_client_run.php index 70f98dddb..5829cd647 100755 --- a/gulliver/thirdparty/pear/SOAP/Interop/interop_client_run.php +++ b/gulliver/thirdparty/pear/SOAP/Interop/interop_client_run.php @@ -82,15 +82,20 @@ function print_test_names() function print_endpoint_names() { global $iop; - $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); - $docuroot = explode( '/', $realdocuroot ); - array_pop( $docuroot ); - $pathhome = implode( '/', $docuroot ) . '/'; - array_pop( $docuroot ); - $pathTrunk = implode( '/', $docuroot ) . '/'; - require_once($pathTrunk.'gulliver/system/class.inputfilter.php'); + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); $filter = new InputFilter(); $currTest = $filter->xssFilterHard($iop->currentTest); + if (!$iop->getEndpoints($iop->currentTest)) { die("Unable to retrieve endpoints for $currTest\n"); } @@ -148,6 +153,20 @@ foreach ($args[0] as $arg) { break; case 'v': if ($arg[1] != 'php' && $arg[1] != 'soapval') { + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $arg[1] = $filter->xssFilterHard($arg[1]); + die('Incorrect value for argument v: ' . $arg[1] . "\n"); } $iop->paramType = $arg[1]; diff --git a/gulliver/thirdparty/pear/SOAP/Transport/SMTP.php b/gulliver/thirdparty/pear/SOAP/Transport/SMTP.php index e85a48fd3..4619012cd 100755 --- a/gulliver/thirdparty/pear/SOAP/Transport/SMTP.php +++ b/gulliver/thirdparty/pear/SOAP/Transport/SMTP.php @@ -205,7 +205,16 @@ class SOAP_Transport_SMTP extends SOAP_Transport public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/pear/nusoap.colosa.php b/gulliver/thirdparty/pear/nusoap.colosa.php index ce620a12f..2ff8c7906 100755 --- a/gulliver/thirdparty/pear/nusoap.colosa.php +++ b/gulliver/thirdparty/pear/nusoap.colosa.php @@ -808,6 +808,20 @@ class nusoap_base_colosa { */ function varDump($data) { ob_start(); + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $data = $filter->xssFilterHard($data); + var_dump($data); $ret_val = ob_get_contents(); ob_end_clean(); @@ -3029,7 +3043,16 @@ class soap_transport_http extends nusoap_base_colosa { public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } @@ -3251,6 +3274,20 @@ class soap_server_colosa extends nusoap_base_colosa { $this->appendDebug($this->wsdl->getDebug()); $this->wsdl->clearDebug(); if($err = $this->wsdl->getError()){ + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $err = $filter->xssFilterHard($err); + die('WSDL ERROR: '.$err); } } @@ -3298,7 +3335,21 @@ class soap_server_colosa extends nusoap_base_colosa { } } elseif ($data == '' && $this->wsdl) { $this->debug("In service, there is no data, so return Web description"); - print $this->wsdl->webDescription(); + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $webDescription = $filter->xssFilterHard($this->wsdl->webDescription()); + + print $webDescription; } else { $this->debug("In service, invoke the request"); $this->parse_request($data); diff --git a/gulliver/thirdparty/pear/nusoap.php b/gulliver/thirdparty/pear/nusoap.php index 9e8c003c7..2f80ca174 100755 --- a/gulliver/thirdparty/pear/nusoap.php +++ b/gulliver/thirdparty/pear/nusoap.php @@ -805,6 +805,20 @@ class nusoap_base { */ function varDump($data) { ob_start(); + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $data = $filter->xssFilterHard($data); + var_dump($data); $ret_val = ob_get_contents(); ob_end_clean(); @@ -3032,7 +3046,16 @@ class soap_transport_http extends nusoap_base { public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } @@ -3254,6 +3277,20 @@ class soap_server extends nusoap_base { $this->appendDebug($this->wsdl->getDebug()); $this->wsdl->clearDebug(); if($err = $this->wsdl->getError()){ + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $err = $filter->xssFilterHard($err); + die('WSDL ERROR: '.$err); } } @@ -3301,7 +3338,21 @@ class soap_server extends nusoap_base { } } elseif ($data == '' && $this->wsdl) { $this->debug("In service, there is no data, so return Web description"); - print $this->wsdl->webDescription(); + + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $webDescription = $filter->xssFilterHard($this->wsdl->webDescription()); + + print $webDescription; } else { $this->debug("In service, invoke the request"); $this->parse_request($data); diff --git a/gulliver/thirdparty/pear/nusoapmime.php b/gulliver/thirdparty/pear/nusoapmime.php index e51b09046..51adcfefe 100755 --- a/gulliver/thirdparty/pear/nusoapmime.php +++ b/gulliver/thirdparty/pear/nusoapmime.php @@ -257,7 +257,16 @@ class soapclientmime extends soapclient { public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } @@ -482,7 +491,16 @@ class nusoapservermime extends soap_server { public function encryptOldNusoap($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } ?> diff --git a/gulliver/thirdparty/phing/system/io/PhingFile.php b/gulliver/thirdparty/phing/system/io/PhingFile.php index aa1367b62..2a889f9ca 100755 --- a/gulliver/thirdparty/phing/system/io/PhingFile.php +++ b/gulliver/thirdparty/phing/system/io/PhingFile.php @@ -865,7 +865,16 @@ class PhingFile { public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } ?> diff --git a/gulliver/thirdparty/phing/util/StringHelper.php b/gulliver/thirdparty/phing/util/StringHelper.php index 72f5759f9..3dd1833f4 100755 --- a/gulliver/thirdparty/phing/util/StringHelper.php +++ b/gulliver/thirdparty/phing/util/StringHelper.php @@ -205,7 +205,16 @@ class StringHelper { public function encryptCrc32($string) { - return crc32($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptCrc32($string); } } diff --git a/gulliver/thirdparty/smarty/libs/Smarty.class.php b/gulliver/thirdparty/smarty/libs/Smarty.class.php index 5dcf0f9ac..f6c42bc82 100755 --- a/gulliver/thirdparty/smarty/libs/Smarty.class.php +++ b/gulliver/thirdparty/smarty/libs/Smarty.class.php @@ -1939,7 +1939,16 @@ class Smarty public function encryptCrc32($string) { - return crc32($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptCrc32($string); } } diff --git a/gulliver/thirdparty/smarty/libs/Smarty_Compiler.class.php b/gulliver/thirdparty/smarty/libs/Smarty_Compiler.class.php index a0764f7d4..0b7431587 100755 --- a/gulliver/thirdparty/smarty/libs/Smarty_Compiler.class.php +++ b/gulliver/thirdparty/smarty/libs/Smarty_Compiler.class.php @@ -2302,7 +2302,16 @@ class Smarty_Compiler extends Smarty { public function encryptOld($string) { - return md5($string); + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); } } diff --git a/gulliver/thirdparty/tcpdf/barcodes.php b/gulliver/thirdparty/tcpdf/barcodes.php index a820d3ffd..4ebfedffd 100644 --- a/gulliver/thirdparty/tcpdf/barcodes.php +++ b/gulliver/thirdparty/tcpdf/barcodes.php @@ -98,7 +98,7 @@ class TCPDFBarcode { header('Pragma: public'); header('Expires: Sat, 26 Jul 1997 05:00:00 GMT'); // Date in the past header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT'); - header('Content-Disposition: inline; filename="'.md5($code).'.svg";'); + header('Content-Disposition: inline; filename="'.$this->encryptOld($code).'.svg";'); //header('Content-Length: '.strlen($code)); echo $code; } @@ -2280,6 +2280,20 @@ class TCPDFBarcode { } return $table; } + + public function encryptOld($string) + { + if (!class_exists('G')) { + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.g.php'); + } + return G::encryptOld($string); + } } // end of class //============================================================+ diff --git a/workflow/engine/controllers/adminProxy.php b/workflow/engine/controllers/adminProxy.php index d5e87a230..4979ad2c9 100644 --- a/workflow/engine/controllers/adminProxy.php +++ b/workflow/engine/controllers/adminProxy.php @@ -1076,7 +1076,8 @@ class adminProxy extends HttpProxyController } else { $failed = "3"; } - unlink ($dir . '/tmp' . $fileName); + $path = $filter->xssFilterHard($dir . '/tmp' . $fileName, 'path'); + unlink ($path); } catch (Exception $e) { $failed = "3"; } @@ -1088,6 +1089,7 @@ class adminProxy extends HttpProxyController } $uploaded = $filter->validateInput($uploaded,'int'); $files_img_type = $filter->xssFilterHard($files_img_type); + $failed = $filter->validateInput($failed,'int'); echo '{success: true, failed: ' . $failed . ', uploaded: ' . $uploaded . ', type: "' . $files_img_type . '"}'; exit(); } @@ -1236,6 +1238,11 @@ class adminProxy extends HttpProxyController public function showLogo($imagen) { $info = @getimagesize($imagen); + + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $imagen = $filter->validateInput($imagen, "path"); + $fp = fopen($imagen, "rb"); if ($info && $fp) { header("Content-type: {$info['mime']}"); @@ -1295,6 +1302,11 @@ class adminProxy extends HttpProxyController } $newDir .= PATH_SEP.$base64Id; $dir .= PATH_SEP.$base64Id; + + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $dir = $filter->validateInput($dir, "path"); + copy($dir,$newDir); self::showLogo($newDir); die; diff --git a/workflow/engine/controllers/installer.php b/workflow/engine/controllers/installer.php old mode 100755 new mode 100644 diff --git a/workflow/engine/includes/inc.JSForms.php b/workflow/engine/includes/inc.JSForms.php index e1cfd4f5a..0976c4c11 100755 --- a/workflow/engine/includes/inc.JSForms.php +++ b/workflow/engine/includes/inc.JSForms.php @@ -47,6 +47,7 @@ function RefreshDependentFields(ObjectName, Fields, InitValue) { global $HTTP_GET_VARS; if ($HTTP_SESSION_VARS['CURRENT_APPLICATION'] == '') $HTTP_SESSION_VARS['CURRENT_APPLICATION'] = '0'; $appid = $HTTP_SESSION_VARS['CURRENT_APPLICATION']; + $appid = $filter->xssFilterHard($appid); if ($HTTP_GET_VARS['dynaform'] != ''){ $Dynaform = '&__dynaform__=' . $HTTP_GET_VARS['dynaform']; $Dynaform = $filter->xssFilterHard($Dynaform); diff --git a/workflow/engine/methods/cases/cases_Ajax.php b/workflow/engine/methods/cases/cases_Ajax.php old mode 100755 new mode 100644 diff --git a/workflow/engine/methods/cases/proxyNewCasesList.php b/workflow/engine/methods/cases/proxyNewCasesList.php index e17092ca8..46fcfa3dc 100644 --- a/workflow/engine/methods/cases/proxyNewCasesList.php +++ b/workflow/engine/methods/cases/proxyNewCasesList.php @@ -147,7 +147,8 @@ try { $response['data'] = $result; $filtersData['action'] = $filters["action"]; $response['totalCount'] = $list->countTotal($userUid, $filtersData); - + + $response = $filter->xssFilterHard($response); echo G::json_encode($response); } catch (Exception $e) { $msg = array("error" => $e->getMessage()); diff --git a/workflow/engine/methods/setup/pluginsRemove.php b/workflow/engine/methods/setup/pluginsRemove.php index cbc34384c..f242d5558 100755 --- a/workflow/engine/methods/setup/pluginsRemove.php +++ b/workflow/engine/methods/setup/pluginsRemove.php @@ -41,15 +41,16 @@ switch ($RBAC->userCanAccess('PM_SETUP_ADVANCE')) G::LoadClass( "plugin" ); G::LoadSystem('inputfilter'); $filter = new InputFilter(); -$pluginName = $_REQUEST["pluginUid"]; +$pluginName = $_REQUEST['pluginUid']; +$pluginName = $filter->xssFilterHard($pluginName); if (file_exists( PATH_PLUGINS . $pluginName . ".php" )) { $pluginRegistry = &PMPluginRegistry::getSingleton(); $pluginRegistry->uninstallPlugin( $pluginName ); - - $pluginRegistry->unSerializeInstance( file_get_contents( PATH_DATA_SITE . "plugin.singleton" ) ); + $path = $filter->validateInput(PATH_DATA_SITE . 'plugin.singleton', 'path'); + $pluginRegistry->unSerializeInstance( file_get_contents( $path ) ); } G::auditLog("RemovePlugin","Plugin Name: ".$pluginName); -echo $pluginName . " " . nl2br( $filter->xssFilterHard(G::LoadTranslation( "ID_MSG_REMOVE_PLUGIN_SUCCESS" )) ); +echo $pluginName . ' ' . nl2br( $filter->xssFilterHard(G::LoadTranslation( 'ID_MSG_REMOVE_PLUGIN_SUCCESS' )) ); diff --git a/workflow/engine/methods/setup/setup.php b/workflow/engine/methods/setup/setup.php index 978cddd1c..953bea268 100755 --- a/workflow/engine/methods/setup/setup.php +++ b/workflow/engine/methods/setup/setup.php @@ -78,10 +78,10 @@ $G_PUBLISH->AddContent( 'template', '', '', '', $template ); G::RenderPage( 'publish' ); if (isset( $_GET['module'] )) { $module = $filter->xssFilterHard($_GET['module']); - print " + print ' - "; + '; }