Home Explore Help
Register Sign In
SKZH
/
ITSSTOOLS
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix after security fix

git-svn-id: http://svn.code.sf.net/p/itop/code/trunk@1448 a333f486-631f-4898-b8df-5754b55c2be0
romainq 14 years ago
parent
1ec4d7e6dd
commit
715d07d028
2 changed files with 6 additions and 6 deletions
Split View Show Diff Stats
  1. 1 1
      application/utils.inc.php
  2. 5 5
      setup/ajax.dataloader.php

+ 1 - 1
application/utils.inc.php
View File 

@@ -196,7 +196,7 @@ class utils
 
 			}

 			else

 			{

-				$retValue = filter_var($value, FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>'/^[A-Za-z0-9_=-]*$/'))); // the '=' equal character is used in serialized filters

+				$retValue = filter_var($value, FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>'/^[ A-Za-z0-9_=-]*$/'))); // the '=' equal character is used in serialized filters

 			}

 			break;

+ 5 - 5
setup/ajax.dataloader.php
View File 

@@ -141,7 +141,7 @@ try
 
 		SetupWebPage::log_info("Update Database Schema.");

 		InitDataModel(TMP_CONFIG_FILE, true);  // load data model and connect to the database

 		$sMode = Utils::ReadParam('mode', 'install');

-		$sSelectedModules = Utils::ReadParam('selected_modules', '');

+		$sSelectedModules = Utils::ReadParam('selected_modules', '', false, 'raw_data');

 		$aSelectedModules = explode(',', $sSelectedModules);

 		if(!CreateDatabaseStructure(MetaModel::GetConfig(), $aSelectedModules, $sMode))

 		{

@@ -153,7 +153,7 @@ try
 
 		case 'after_db_create':

 		SetupWebPage::log_info('After Database Creation');

 		$sMode = Utils::ReadParam('mode', 'install');

-		$sSelectedModules = Utils::ReadParam('selected_modules', '');

+		$sSelectedModules = Utils::ReadParam('selected_modules', '', false, 'raw_data');

 		$aSelectedModules = explode(',', $sSelectedModules);

 		InitDataModel(TMP_CONFIG_FILE, true);  // load data model and connect to the database

 		

@@ -186,8 +186,8 @@ try
 
 		if($sMode == 'install')

 		{

 			// Create the admin user only in case of installation

-			$sAdminUser = Utils::ReadParam('auth_user', '');

-			$sAdminPwd = Utils::ReadParam('auth_pwd', '');

+			$sAdminUser = Utils::ReadParam('auth_user', '', false, 'raw_data');

+			$sAdminPwd = Utils::ReadParam('auth_pwd', '', false, 'raw_data');

 			$sLanguage = Utils::ReadParam('language', '');

 			if (!CreateAdminAccount(MetaModel::GetConfig(), $sAdminUser, $sAdminPwd, $sLanguage))

 			{

@@ -201,7 +201,7 @@ try
 
 		break;

 		

 		case 'load_data': // Load data files

-		$sFileName = Utils::ReadParam('file', '');

+		$sFileName = Utils::ReadParam('file', '', false, 'raw_data');

 		$sSessionStatus = Utils::ReadParam('session_status', '');

 		$iPercent = (integer)Utils::ReadParam('percent', 0);

 		SetupWebPage::log_info("Loading file: $sFileName");