fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I solved XSS

Browse Source
This commit is contained in:
Paula V. Quispe
2015-03-18 16:06:25 -04:00
parent 02b3c93a98
commit f9ac06de93
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
workflow/engine/methods/dbConnections/dbConnectionsAjax.php
View File

@@ -30,6 +30,11 @@
* @Param var action from POST request
*/
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_POST = $filter->xssFilterHard($_POST);
$_SESSION = $filter->xssFilterHard($_SESSION);
if (isset( $_POST['action'] ) || isset( $_POST['function'] )) {
$action = (isset( $_POST['action'] )) ? $_POST['action'] : $_POST['function'];
} else {

7
workflow/engine/methods/services/demoSoap.php
View File

@@ -61,12 +61,17 @@ a.krumo-name {
</style>
<?php
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_POST = $filter->xssFilterHard($_POST);
$_SESSION = $filter->xssFilterHard($_SESSION);
if (isset( $_POST["epr"] )) {
$_SESSION['END_POINT'] = $_POST["epr"];
}
$endpoint = isset( $_SESSION['END_POINT'] ) ? $_SESSION['END_POINT'] : 'http://sugar.opensource.colosa.net/soap.php';
$endpoint = $filter->xssFilterHard($endpoint);
$sessionId = isset( $_SESSION['SESSION_ID'] ) ? $_SESSION['SESSION_ID'] : '';
$sessionId = $filter->xssFilterHard($sessionId);
?>
<form method="post" action="">