composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-17 06:18:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°6282 Fix XSS vulnerability in soap (#690)

Browse Source 
* N°6282 Fix XSS vulnerability in soap
This commit is contained in:
Timmy38
2024-12-19 11:39:00 +01:00
committed by GitHub
parent 30ef2735b6
commit 42f391472b
2 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
webservices/itopsoap.examples.php
View File

@@ -25,7 +25,7 @@
*/
require_once('itopsoaptypes.class.inc.php');
$sItopRoot = 'http'.(utils::IsConnectionSecure() ? 's' : '').'://'.$_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT'].dirname($_SERVER['SCRIPT_NAME']).'/..';
$sItopRoot = 'http://'.$_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT'].dirname($_SERVER['SCRIPT_NAME']).'/..';
$sWsdlUri = $sItopRoot.'/webservices/itop.wsdl.php';
//$sWsdlUri .= '?service_category=';

9
webservices/soapserver.php
View File

@@ -26,9 +26,10 @@ require_once(APPROOT.'/application/startup.inc.php');
// this file is generated dynamically with location = here
$sWsdlUri = utils::GetAbsoluteUrlAppRoot().'webservices/itop.wsdl.php';
if (isset($_REQUEST['service_category']) && (!empty($_REQUEST['service_category'])))
$sServiceCategory = utils::ReadParam('service_category');
if (!empty($sServiceCategory))
{
$sWsdlUri .= "?service_category=".$_REQUEST['service_category'];
$sWsdlUri .= "?service_category=".$sServiceCategory;
}
@@ -43,9 +44,9 @@ $oSoapServer = new SoapServer
)
);
// $oSoapServer->setPersistence(SOAP_PERSISTENCE_SESSION);
if (isset($_REQUEST['service_category']) && (!empty($_REQUEST['service_category'])))
if (!empty($sServiceCategory))
{
$sServiceClass = $_REQUEST['service_category'];
$sServiceClass = $sServiceCategory;
if (!class_exists($sServiceClass))
{
// not a valid class name (not a PHP class at all)