fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-3920 Unauthenticated calling of may Ajax pages with tracker_designer=1 (URL INJECTION)

Browse Source 
- Add validation in sysGeneric with session PIN and CASE
This commit is contained in:
Marco Antonio Nina Mena
2017-10-11 12:56:52 -04:00
parent 0fc897e90a
commit f8300900b5
2 changed files with 21 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
workflow/public_html/sysGeneric.php
View File

@@ -999,23 +999,25 @@ if (! defined( 'EXECUTE_BY_CRON' )) {
}
}
if ($bRedirect && !isset($_GET["tracker_designer"])) {
if (substr( SYS_SKIN, 0, 2 ) == 'ux' && SYS_SKIN != 'uxs') { // verify if the current skin is a 'ux' variant
if ($bRedirect &&
(!isset($_GET['tracker_designer']) || (!isset($_SESSION['CASE']) && !isset($_SESSION['PIN']))) &&
$_GET['tracker_designer'] !== 1) {
if (substr(SYS_SKIN, 0, 2) === 'ux' && SYS_SKIN !== 'uxs') { // verify if the current skin is a 'ux' variant
$loginUrl = 'main/login';
} else if (strpos( $_SERVER['REQUEST_URI'], '/home' ) !== false) { //verify is it is using the uxs skin for simplified interface
} else if (strpos($_SERVER['REQUEST_URI'], '/home') !== false) { //verify is it is using the uxs skin for simplified interface
$loginUrl = 'home/login';
} else {
$loginUrl = 'login/login'; // just set up the classic login
}
if (empty( $_POST )) {
header( 'location: ' . SYS_URI . $loginUrl . '?u=' . urlencode( $_SERVER['REQUEST_URI'] ) );
if (empty($_POST)) {
header('location: ' . SYS_URI . $loginUrl . '?u=' . urlencode($_SERVER['REQUEST_URI']));
} else {
if ($isControllerCall) {
header( "HTTP/1.0 302 session lost in controller" );
header("HTTP/1.0 302 session lost in controller");
} else {
header( 'location: ' . SYS_URI . $loginUrl );
header('location: ' . SYS_URI . $loginUrl);
}
}
die();