From f9ac06de937bffccc940828ebe39b347cecf87dc Mon Sep 17 00:00:00 2001
From: "Paula V. Quispe" <paula.quispe@colosa.com>
Date: Wed, 18 Mar 2015 16:06:25 -0400
Subject: [PATCH] I solved XSS

---
 .../engine/methods/dbConnections/dbConnectionsAjax.php     | 5 +++++
 workflow/engine/methods/services/demoSoap.php              | 7 ++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/workflow/engine/methods/dbConnections/dbConnectionsAjax.php b/workflow/engine/methods/dbConnections/dbConnectionsAjax.php
index b30792b4a..2325d37da 100755
--- a/workflow/engine/methods/dbConnections/dbConnectionsAjax.php
+++ b/workflow/engine/methods/dbConnections/dbConnectionsAjax.php
@@ -30,6 +30,11 @@
  * @Param  var action from POST request
  */
 
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$_POST = $filter->xssFilterHard($_POST);
+$_SESSION = $filter->xssFilterHard($_SESSION);
+
 if (isset( $_POST['action'] ) || isset( $_POST['function'] )) {
     $action = (isset( $_POST['action'] )) ? $_POST['action'] : $_POST['function'];
 } else {
diff --git a/workflow/engine/methods/services/demoSoap.php b/workflow/engine/methods/services/demoSoap.php
index 2604889e1..e468512df 100755
--- a/workflow/engine/methods/services/demoSoap.php
+++ b/workflow/engine/methods/services/demoSoap.php
@@ -61,12 +61,17 @@ a.krumo-name {
 </style>
 <?php
 
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$_POST = $filter->xssFilterHard($_POST);
+$_SESSION = $filter->xssFilterHard($_SESSION);
 if (isset( $_POST["epr"] )) {
     $_SESSION['END_POINT'] = $_POST["epr"];
 }
 $endpoint = isset( $_SESSION['END_POINT'] ) ? $_SESSION['END_POINT'] : 'http://sugar.opensource.colosa.net/soap.php';
-
+$endpoint = $filter->xssFilterHard($endpoint);
 $sessionId = isset( $_SESSION['SESSION_ID'] ) ? $_SESSION['SESSION_ID'] : '';
+$sessionId = $filter->xssFilterHard($sessionId);
 ?>
 <form method="post" action="">