composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Still fixing regressions caused by Trac#446: XSS vulnerabilities...

Browse Source 
SVN:trunk[1450]
This commit is contained in:
Denis Flaven
2011-08-12 10:06:33 +00:00
parent 96f3350029
commit b02021a4ff
7 changed files with 53 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
synchro/synchro_exec.php
View File

@@ -61,9 +61,9 @@ function UsageAndExit($oP)
exit -2;
}
function ReadMandatoryParam($oP, $sParam)
function ReadMandatoryParam($oP, $sParam, $sSanitizationFilter = 'parameter')
{
$sValue = utils::ReadParam($sParam, null, true /* Allow CLI */);
$sValue = utils::ReadParam($sParam, null, true /* Allow CLI */, $sSanitizationFilter);
if (is_null($sValue))
{
$oP->p("ERROR: Missing argument '$sParam'\n");
@@ -100,9 +100,9 @@ if (utils::IsModeCLI())
// Next steps:
// specific arguments: 'csvfile'
//
$sAuthUser = ReadMandatoryParam($oP, 'auth_user');
$sAuthPwd = ReadMandatoryParam($oP, 'auth_pwd');
$sDataSourcesList = ReadMandatoryParam($oP, 'data_sources');
$sAuthUser = ReadMandatoryParam($oP, 'auth_user', 'raw_data');
$sAuthPwd = ReadMandatoryParam($oP, 'auth_pwd', 'raw_data');
$sDataSourcesList = ReadMandatoryParam($oP, 'data_sources', 'raw_data'); // May contain commas
if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd))
{
UserRights::Login($sAuthUser); // Login & set the user's language
@@ -119,7 +119,7 @@ else
require_once(APPROOT.'/application/loginwebpage.class.inc.php');
LoginWebPage::DoLogin(); // Check user rights and prompt if needed
$sDataSourcesList = utils::ReadParam('data_sources', null, true);
$sDataSourcesList = utils::ReadParam('data_sources', null, true, 'raw_data');
if ($sDataSourcesList == null)
{