fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I solved XSS

Browse Source
This commit is contained in:
Paula V. Quispe
2015-03-18 16:06:25 -04:00
parent 02b3c93a98
commit f9ac06de93
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
workflow/engine/methods/dbConnections/dbConnectionsAjax.php
View File

@@ -30,6 +30,11 @@
* @Param var action from POST request * @Param var action from POST request
*/ */
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_POST = $filter->xssFilterHard($_POST);
$_SESSION = $filter->xssFilterHard($_SESSION);
if (isset( $_POST['action'] ) || isset( $_POST['function'] )) { if (isset( $_POST['action'] ) || isset( $_POST['function'] )) {
$action = (isset( $_POST['action'] )) ? $_POST['action'] : $_POST['function']; $action = (isset( $_POST['action'] )) ? $_POST['action'] : $_POST['function'];
} else { } else {

7
workflow/engine/methods/services/demoSoap.php
View File

@@ -61,12 +61,17 @@ a.krumo-name {
</style> </style>
<?php <?php
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_POST = $filter->xssFilterHard($_POST);
$_SESSION = $filter->xssFilterHard($_SESSION);
if (isset( $_POST["epr"] )) { if (isset( $_POST["epr"] )) {
$_SESSION['END_POINT'] = $_POST["epr"]; $_SESSION['END_POINT'] = $_POST["epr"];
} }
$endpoint = isset( $_SESSION['END_POINT'] ) ? $_SESSION['END_POINT'] : 'http://sugar.opensource.colosa.net/soap.php'; $endpoint = isset( $_SESSION['END_POINT'] ) ? $_SESSION['END_POINT'] : 'http://sugar.opensource.colosa.net/soap.php';
$endpoint = $filter->xssFilterHard($endpoint);
$sessionId = isset( $_SESSION['SESSION_ID'] ) ? $_SESSION['SESSION_ID'] : ''; $sessionId = isset( $_SESSION['SESSION_ID'] ) ? $_SESSION['SESSION_ID'] : '';
$sessionId = $filter->xssFilterHard($sessionId);
?> ?>
<form method="post" action=""> <form method="post" action="">