composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-24 11:08:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°6282 Fix XSS vulnerability in soap (#690)

Browse Source 
* N°6282 Fix XSS vulnerability in soap
This commit is contained in:
Timmy38
2024-12-19 11:39:00 +01:00
committed by GitHub
parent 30ef2735b6
commit 42f391472b
2 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
webservices/soapserver.php
View File

@@ -26,9 +26,10 @@ require_once(APPROOT.'/application/startup.inc.php');
// this file is generated dynamically with location = here
$sWsdlUri = utils::GetAbsoluteUrlAppRoot().'webservices/itop.wsdl.php';
if (isset($_REQUEST['service_category']) && (!empty($_REQUEST['service_category'])))
$sServiceCategory = utils::ReadParam('service_category');
if (!empty($sServiceCategory))
{
$sWsdlUri .= "?service_category=".$_REQUEST['service_category'];
$sWsdlUri .= "?service_category=".$sServiceCategory;
}
@@ -43,9 +44,9 @@ $oSoapServer = new SoapServer
)
);
// $oSoapServer->setPersistence(SOAP_PERSISTENCE_SESSION);
if (isset($_REQUEST['service_category']) && (!empty($_REQUEST['service_category'])))
if (!empty($sServiceCategory))
{
$sServiceClass = $_REQUEST['service_category'];
$sServiceClass = $sServiceCategory;
if (!class_exists($sServiceClass))
{
// not a valid class name (not a PHP class at all)