From 7fa9167dc80aac08d86f1627f6f60fdb0889ede6 Mon Sep 17 00:00:00 2001 From: sunil Date: Tue, 14 Jul 2015 20:39:20 +0530 Subject: [PATCH] Fortify xss fix --- CRM/Campaign/Page/AJAX.php | 16 ++++++++++------ CRM/Contact/Page/AJAX.php | 35 ++++++++++++++++++----------------- CRM/Financial/Page/AJAX.php | 9 +++++---- 3 files changed, 33 insertions(+), 27 deletions(-) diff --git a/CRM/Campaign/Page/AJAX.php b/CRM/Campaign/Page/AJAX.php index 423e5903f6..272b4dacf9 100644 --- a/CRM/Campaign/Page/AJAX.php +++ b/CRM/Campaign/Page/AJAX.php @@ -106,7 +106,7 @@ class CRM_Campaign_Page_AJAX { public static function loadOptionGroupDetails() { - $id = CRM_Utils_Array::value('option_group_id', $_POST); + $id = CRM_Utils_Request::retrieve('option_group_id', 'Integer', CRM_Core_DAO::$_nullObject, FALSE, NULL, 'POST' ); $status = 'fail'; $opValues = array(); @@ -115,7 +115,7 @@ class CRM_Campaign_Page_AJAX { CRM_Core_OptionValue::getValues($groupParams, $opValues); } - $surveyId = CRM_Utils_Array::value('survey_id', $_POST); + $surveyId = CRM_Utils_Request::retrieve('survey_id', 'Integer', CRM_Core_DAO::$_nullObject, FALSE, NULL, 'POST' ); if ($surveyId) { $survey = new CRM_Campaign_DAO_Survey(); $survey->id = $surveyId; @@ -146,7 +146,8 @@ class CRM_Campaign_Page_AJAX { public function voterList() { //get the search criteria params. - $searchParams = explode(',', CRM_Utils_Array::value('searchCriteria', $_POST)); + $searchCriteria = CRM_Utils_Request::retrieve('searchCriteria', 'String', CRM_Core_DAO::$_nullObject, FALSE, NULL, 'POST' ); + $searchParams = explode(',', $searchCriteria); $params = $searchRows = array(); foreach ($searchParams as $param) { @@ -569,7 +570,8 @@ class CRM_Campaign_Page_AJAX { */ public function campaignList() { //get the search criteria params. - $searchParams = explode(',', CRM_Utils_Array::value('searchCriteria', $_POST)); + $searchCriteria = CRM_Utils_Request::retrieve('searchCriteria', 'String', CRM_Core_DAO::$_nullObject, FALSE, NULL, 'POST' ); + $searchParams = explode(',', $searchCriteria); $params = $searchRows = array(); foreach ($searchParams as $param) { @@ -671,7 +673,8 @@ class CRM_Campaign_Page_AJAX { */ public function surveyList() { //get the search criteria params. - $searchParams = explode(',', CRM_Utils_Array::value('searchCriteria', $_POST)); + $searchCriteria = CRM_Utils_Request::retrieve('searchCriteria', 'String', CRM_Core_DAO::$_nullObject, FALSE, NULL, 'POST' ); + $searchParams = explode(',', $searchCriteria); $params = $searchRows = array(); foreach ($searchParams as $param) { @@ -775,7 +778,8 @@ class CRM_Campaign_Page_AJAX { */ public function petitionList() { //get the search criteria params. - $searchParams = explode(',', CRM_Utils_Array::value('searchCriteria', $_POST)); + $searchCriteria = CRM_Utils_Request::retrieve('searchCriteria', 'String', CRM_Core_DAO::$_nullObject, FALSE, NULL, 'POST' ); + $searchParams = explode(',', $searchCriteria); $params = $searchRows = array(); foreach ($searchParams as $param) { diff --git a/CRM/Contact/Page/AJAX.php b/CRM/Contact/Page/AJAX.php index fb2b92e690..9069952ded 100644 --- a/CRM/Contact/Page/AJAX.php +++ b/CRM/Contact/Page/AJAX.php @@ -222,7 +222,7 @@ class CRM_Contact_Page_AJAX { public static function relationship() { $relType = CRM_Utils_Request::retrieve('rel_type', 'Positive', CRM_Core_DAO::$_nullObject, TRUE); $relContactID = CRM_Utils_Request::retrieve('rel_contact', 'Positive', CRM_Core_DAO::$_nullObject, TRUE); - $relationshipID = CRM_Utils_Array::value('rel_id', $_REQUEST); // this used only to determine add or update mode + $relationshipID = CRM_Utils_Request::retrieve('rel_id', 'Positive', CRM_Core_DAO::$_nullObject); // this used only to determine add or update mode $caseID = CRM_Utils_Request::retrieve('case_id', 'Positive', CRM_Core_DAO::$_nullObject, TRUE); // check if there are multiple clients for this case, if so then we need create @@ -308,11 +308,10 @@ class CRM_Contact_Page_AJAX { header('Content-Type: text/plain'); $customValueID = CRM_Utils_Type::escape($_REQUEST['valueID'], 'Positive'); $customGroupID = CRM_Utils_Type::escape($_REQUEST['groupID'], 'Positive'); - + $contactId = CRM_Utils_Request::retrieve('contactId', 'Positive', CRM_Core_DAO::$_nullObject ); CRM_Core_BAO_CustomValue::deleteCustomValue($customValueID, $customGroupID); - $contactId = CRM_Utils_Array::value('contactId', $_REQUEST); if ($contactId) { - echo CRM_Contact_BAO_Contact::getCountComponent('custom_' . $_REQUEST['groupID'], $contactId); + echo CRM_Contact_BAO_Contact::getCountComponent('custom_' . $customGroupID, $contactId); } // reset the group contact cache for this group @@ -325,17 +324,19 @@ class CRM_Contact_Page_AJAX { */ static public function checkUserName() { $signer = new CRM_Utils_Signer(CRM_Core_Key::privateKey(), array('for', 'ts')); + $sig = CRM_Utils_Request::retrieve('sig', 'String', CRM_Core_DAO::$_nullObject); + $for = CRM_Utils_Request::retrieve('for', 'String', CRM_Core_DAO::$_nullObject); if ( CRM_Utils_Time::getTimeRaw() > $_REQUEST['ts'] + self::CHECK_USERNAME_TTL - || $_REQUEST['for'] != 'civicrm/ajax/cmsuser' - || !$signer->validate($_REQUEST['sig'], $_REQUEST) + || $for != 'civicrm/ajax/cmsuser' + || !$signer->validate($sig, $_REQUEST) ) { $user = array('name' => 'error'); CRM_Utils_JSON::output($user); } $config = CRM_Core_Config::singleton(); - $username = trim($_REQUEST['cms_name']); + $username = trim(CRM_Utils_Type::escape($_REQUEST['cms_name'], 'String')); $params = array('name' => $username); @@ -391,7 +392,7 @@ class CRM_Contact_Page_AJAX { else { $cid = CRM_Utils_Array::value('cid', $_GET); if ($cid) { - //check cid for interger + //check cid for integer $contIDS = explode(',', $cid); foreach ($contIDS as $contID) { CRM_Utils_Type::escape($contID, 'Integer'); @@ -424,8 +425,8 @@ LIMIT {$offset}, {$rowCount} // send query to hook to be modified if needed CRM_Utils_Hook::contactListQuery($query, $name, - CRM_Utils_Array::value('context', $_GET), - CRM_Utils_Array::value('cid', $_GET) + CRM_Utils_Request::retrieve('context', 'String', CRM_Core_DAO::$_nullObject), + CRM_Utils_Request::retrieve('cid', 'Positive', CRM_Core_DAO::$_nullObject) ); $dao = CRM_Core_DAO::executeQuery($query); @@ -449,8 +450,8 @@ LIMIT {$offset}, {$rowCount} // send query to hook to be modified if needed CRM_Utils_Hook::contactListQuery($query, $name, - CRM_Utils_Array::value('context', $_GET), - CRM_Utils_Array::value('cid', $_GET) + CRM_Utils_Request::retrieve('context', 'String', CRM_Core_DAO::$_nullObject), + CRM_Utils_Request::retrieve('cid', 'Positive', CRM_Core_DAO::$_nullObject) ); $dao = CRM_Core_DAO::executeQuery($query); @@ -520,8 +521,8 @@ LIMIT {$offset}, {$rowCount} // send query to hook to be modified if needed CRM_Utils_Hook::contactListQuery($query, $name, - CRM_Utils_Array::value('context', $_GET), - CRM_Utils_Array::value('cid', $_GET) + CRM_Utils_Request::retrieve('context', 'String', CRM_Core_DAO::$_nullObject), + CRM_Utils_Request::retrieve('cid', 'Positive', CRM_Core_DAO::$_nullObject) ); $dao = CRM_Core_DAO::executeQuery($query); @@ -542,7 +543,7 @@ LIMIT {$offset}, {$rowCount} public static function buildSubTypes() { - $parent = CRM_Utils_Array::value('parentId', $_REQUEST); + $parent = CRM_Utils_Request::retrieve('parentId', 'Positive', CRM_Core_DAO::$_nullObject); switch ($parent) { case 1: @@ -564,7 +565,7 @@ LIMIT {$offset}, {$rowCount} } public static function buildDedupeRules() { - $parent = CRM_Utils_Array::value('parentId', $_REQUEST); + $parent = CRM_Utils_Request::retrieve('parentId', 'Positive', CRM_Core_DAO::$_nullObject); switch ($parent) { case 1: @@ -791,7 +792,7 @@ LIMIT {$offset}, {$rowCount} } public static function getAddressDisplay() { - $contactId = CRM_Utils_Array::value('contact_id', $_REQUEST); + $contactId = CRM_Utils_Request::retrieve('contact_id', 'Positive', CRM_Core_DAO::$_nullObject); if (!$contactId) { $addressVal["error_message"] = "no contact id found"; } diff --git a/CRM/Financial/Page/AJAX.php b/CRM/Financial/Page/AJAX.php index 907a4b20bf..9b52a3c719 100644 --- a/CRM/Financial/Page/AJAX.php +++ b/CRM/Financial/Page/AJAX.php @@ -113,7 +113,8 @@ class CRM_Financial_Page_AJAX { '3' => array(1, 9), //revenue '4' => array(7), //cost of sales ); - $financialAccountTypeId = CRM_Core_DAO::getFieldValue('CRM_Financial_DAO_FinancialAccount', $_GET['_value'], 'financial_account_type_id'); + $financialAccountId = CRM_Utils_Request::retrieve('_value', 'Positive', CRM_Core_DAO::$_nullObject); + $financialAccountTypeId = CRM_Core_DAO::getFieldValue('CRM_Financial_DAO_FinancialAccount', $financialAccountId, 'financial_account_type_id'); $result = CRM_Core_PseudoConstant::get('CRM_Financial_DAO_EntityFinancialAccount', 'account_relationship'); } @@ -162,8 +163,8 @@ class CRM_Financial_Page_AJAX { ) { CRM_Utils_System::civiExit(); } - - $elements = CRM_Core_DAO::getFieldValue('CRM_Contribute_DAO_Product', $_GET['_value'], 'financial_type_id'); + $productId = CRM_Utils_Request::retrieve('_value', 'Positive', CRM_Core_DAO::$_nullObject); + $elements = CRM_Core_DAO::getFieldValue('CRM_Contribute_DAO_Product', $productId, 'financial_type_id'); CRM_Utils_JSON::output($elements); } @@ -180,7 +181,7 @@ class CRM_Financial_Page_AJAX { } } - $entityID = CRM_Utils_Array::value('entityID', $_POST); + $entityID = CRM_Utils_Request::retrieve('entityID', 'Positive', CRM_Core_DAO::$_nullObject, FALSE, NULL, 'POST'); $methods = array( 'assign' => 'addBatchEntity', 'remove' => 'removeBatchEntity', -- 2.25.1