N°6282 Fix XSS vulnerability in soap (#690)

* N°6282 Fix XSS vulnerability in soap
Combodo · Dec 19, 2024 · 42f3914 · 42f3914
1 parent 30ef273
commit 42f3914
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 5 deletions.
diff --git a/webservices/itopsoap.examples.php b/webservices/itopsoap.examples.php
@@ -25,7 +25,7 @@
  */
 
 require_once('itopsoaptypes.class.inc.php');
-$sItopRoot = 'http'.(utils::IsConnectionSecure() ? 's' : '').'://'.$_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT'].dirname($_SERVER['SCRIPT_NAME']).'/..';
+$sItopRoot = 'http://'.$_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT'].dirname($_SERVER['SCRIPT_NAME']).'/..';
 $sWsdlUri = $sItopRoot.'/webservices/itop.wsdl.php';
 //$sWsdlUri .= '?service_category=';
 

diff --git a/webservices/soapserver.php b/webservices/soapserver.php
@@ -26,9 +26,10 @@
 
 // this file is generated dynamically with location = here
 $sWsdlUri = utils::GetAbsoluteUrlAppRoot().'webservices/itop.wsdl.php';
-if (isset($_REQUEST['service_category']) && (!empty($_REQUEST['service_category'])))
+$sServiceCategory = utils::ReadParam('service_category');
+if (!empty($sServiceCategory))
 {
-	$sWsdlUri .= "?service_category=".$_REQUEST['service_category'];
+	$sWsdlUri .= "?service_category=".$sServiceCategory;
 }
 
 
@@ -43,9 +44,9 @@
 	)
 );
 // $oSoapServer->setPersistence(SOAP_PERSISTENCE_SESSION);
-if (isset($_REQUEST['service_category']) && (!empty($_REQUEST['service_category'])))
+if (!empty($sServiceCategory))
 {
-	$sServiceClass = $_REQUEST['service_category'];
+	$sServiceClass = $sServiceCategory;
 	if (!class_exists($sServiceClass))
 	{
 		// not a valid class name (not a PHP class at all)