From 42f391472b4d1e78466711299434898872fd960e Mon Sep 17 00:00:00 2001 From: Timmy38 <101416770+Timmy38@users.noreply.github.com> Date: Thu, 19 Dec 2024 11:39:00 +0100 Subject: [PATCH] =?UTF-8?q?N=C2=B06282=20Fix=20XSS=20vulnerability=20in=20?= =?UTF-8?q?soap=20(#690)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * N°6282 Fix XSS vulnerability in soap --- webservices/itopsoap.examples.php | 2 +- webservices/soapserver.php | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/webservices/itopsoap.examples.php b/webservices/itopsoap.examples.php index 673d7b71e2..5ed1bdc24c 100644 --- a/webservices/itopsoap.examples.php +++ b/webservices/itopsoap.examples.php @@ -25,7 +25,7 @@ */ require_once('itopsoaptypes.class.inc.php'); -$sItopRoot = 'http'.(utils::IsConnectionSecure() ? 's' : '').'://'.$_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT'].dirname($_SERVER['SCRIPT_NAME']).'/..'; +$sItopRoot = 'http://'.$_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT'].dirname($_SERVER['SCRIPT_NAME']).'/..'; $sWsdlUri = $sItopRoot.'/webservices/itop.wsdl.php'; //$sWsdlUri .= '?service_category='; diff --git a/webservices/soapserver.php b/webservices/soapserver.php index fbe4cd64e8..2d9b49ec46 100644 --- a/webservices/soapserver.php +++ b/webservices/soapserver.php @@ -26,9 +26,10 @@ // this file is generated dynamically with location = here $sWsdlUri = utils::GetAbsoluteUrlAppRoot().'webservices/itop.wsdl.php'; -if (isset($_REQUEST['service_category']) && (!empty($_REQUEST['service_category']))) +$sServiceCategory = utils::ReadParam('service_category'); +if (!empty($sServiceCategory)) { - $sWsdlUri .= "?service_category=".$_REQUEST['service_category']; + $sWsdlUri .= "?service_category=".$sServiceCategory; } @@ -43,9 +44,9 @@ ) ); // $oSoapServer->setPersistence(SOAP_PERSISTENCE_SESSION); -if (isset($_REQUEST['service_category']) && (!empty($_REQUEST['service_category']))) +if (!empty($sServiceCategory)) { - $sServiceClass = $_REQUEST['service_category']; + $sServiceClass = $sServiceCategory; if (!class_exists($sServiceClass)) { // not a valid class name (not a PHP class at all)