CHtml::encode

callcenter-magnus · callcenter-magnus · commit f41db5c0a7e0 · 2025-03-25T15:55:41.000-03:00
diff --git a/build/MagnusBilling-current.tar.gz b/build/MagnusBilling-current.tar.gz
diff --git a/protected/components/MagnusLog.php b/protected/components/MagnusLog.php
@@ -13,7 +13,7 @@ public static function insertLOG($action, $description)
         $id_user                       = isset(Yii::app()->session['id_user']) ? Yii::app()->session['id_user'] : null;
         $modelLogUsers                 = new LogUsers();
         $modelLogUsers->id_user        = $id_user;
-        $modelLogUsers->description    = $description;
+        $modelLogUsers->description    = CHtml::encode($description);
         $modelLogUsers->id_log_actions = $action;
         $modelLogUsers->ip             = $_SERVER['REMOTE_ADDR'];
         try {
diff --git a/protected/components/SqlInject.php b/protected/components/SqlInject.php
@@ -63,7 +63,10 @@ public static function sanitize($src)
             'pg_query',
             'sqlite_query',
             'prepare',
-
+            'alert',
+            'src=',
+            '<img',
+            'console'
         ];
 
 
@@ -75,14 +78,17 @@ public static function sanitize($src)
             foreach ($codes as $code) {
 
                 $code = strtolower($code);
+                if (Util::isJson($value)) {
+                    $value = json_decode($value);
+                }
 
                 if (is_array($value)) {
                     foreach ($value as $key => $valuearray) {
 
                         if (is_array($valuearray)) {
                             foreach ($valuearray as $key => $value) {
 
-                                $value = strtolower($value);
+                                $value = @strtolower($value);
                                 if (strlen($value) > 250) {
                                     $info    = 'Variable to long: ' . $value . '. Controller => ' . Yii::app()->controller->id;
                                     $id_user = isset(Yii::app()->session['id_user']) ? Yii::app()->session['id_user'] : 'NULL';
@@ -91,7 +97,7 @@ public static function sanitize($src)
                                         'rows'  => [],
                                         'count' => 0,
                                         'sum'   => [],
-                                        'msg'   => $info
+                                        'msg'   => CHtml::encode($info)
                                     ]);
                                     exit;
                                 }
@@ -107,7 +113,7 @@ public static function sanitize($src)
                                         'rows'  => [],
                                         'count' => 0,
                                         'sum'   => [],
-                                        'msg'   => $info
+                                        'msg'   =>  CHtml::encode($info)
                                     ]);
                                     exit;
                                 }
@@ -122,7 +128,7 @@ public static function sanitize($src)
                                     'rows'  => [],
                                     'count' => 0,
                                     'sum'   => [],
-                                    'msg'   => $info
+                                    'msg'   =>  CHtml::encode($info)
                                 ]);
                                 exit;
                             }
@@ -138,7 +144,7 @@ public static function sanitize($src)
                                     'rows'  => [],
                                     'count' => 0,
                                     'sum'   => [],
-                                    'msg'   => $info
+                                    'msg'   => CHtml::encode($info)
                                 ]);
                                 exit;
                             }
@@ -154,7 +160,7 @@ public static function sanitize($src)
                             'rows'  => [],
                             'count' => 0,
                             'sum'   => [],
-                            'msg'   => $info
+                            'msg'   => CHtml::encode($info)
                         ]);
                         exit;
                     }
@@ -167,7 +173,7 @@ public static function sanitize($src)
                             'rows'  => [],
                             'count' => 0,
                             'sum'   => [],
-                            'msg'   => $info
+                            'msg'   => CHtml::encode($info)
                         ]);
                         exit;
                     }
diff --git a/protected/components/Util.php b/protected/components/Util.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * =======================================
  * ###################################
@@ -59,8 +60,10 @@ public static function getNewUsername($required = true)
             $length = $config['global']['generate_length'] == 0 ? 5 : $config['global']['generate_length'];
 
             if (isset($_SESSION['id_group']) && Yii::app()->session['id_group'] > 0) {
-                $modeGroupUser = GroupUser::model()->find('id = :key',
-                    [':key' => Yii::app()->session['id_group']]);
+                $modeGroupUser = GroupUser::model()->find(
+                    'id = :key',
+                    [':key' => Yii::app()->session['id_group']]
+                );
             }
 
             if (isset($modeGroupUser->id) && strlen($modeGroupUser->user_prefix) > 0) {
@@ -194,7 +197,7 @@ public static function unique_multidim_array($array, $key)
         $key_array  = [];
 
         foreach ($array as $val) {
-            if ( ! in_array($val[$key], $key_array)) {
+            if (! in_array($val[$key], $key_array)) {
                 $key_array[$i]  = $val[$key];
                 $temp_array[$i] = $val;
             }
@@ -210,7 +213,7 @@ public static function unique_multidim_obj($obj, $key)
         $key_array  = [];
 
         foreach ($obj as $val) {
-            if ( ! in_array($val->$key, $key_array)) {
+            if (! in_array($val->$key, $key_array)) {
                 $key_array[$i]  = $val->$key;
                 $temp_array[$i] = $val;
             }
@@ -259,7 +262,6 @@ public static function number_translation($prefix_local, $destination)
                 } elseif ($number_prefix == $grab) {
                     $destination = $replace . substr($destination, strlen($grab));
                 }
-
             } else {
 
                 if (strlen($destination) == $digit) {
@@ -288,7 +290,6 @@ public static function calculation_price($buyrate, $duration, $initblock, $incre
             if ($mod_sec > 0) {
                 $ratecallduration += ($increment - $mod_sec);
             }
-
         }
         $ratecost = ($ratecallduration / 60) * $buyrate;
         $ratecost = $ratecost;
@@ -299,7 +300,7 @@ public static function valid_extension($filename, $allowed = [])
     {
         $ext = strtolower(CFileHelper::getExtension($filename));
 
-        if ( ! in_array($ext, $allowed)) {
+        if (! in_array($ext, $allowed)) {
             echo json_encode([
                 'success' => false,
                 'errors'  => 'File error',
@@ -308,6 +309,10 @@ public static function valid_extension($filename, $allowed = [])
         }
 
         return $ext;
-
+    }
+    public static function isJson($string)
+    {
+        json_decode($string);
+        return (json_last_error() === JSON_ERROR_NONE);
     }
 }
