CVE-2013-7326

Vulnerability Summary for CVE-2013-7326

This vulnerability isn't that dangerous, the link has to be launched from within vtiger CRM, so you already have to be logged in, which means basically that it has to be done by some installed extension….

In any case, this is the patch that fixes the issue for vtiger CRM 5.4.0

Index: modules/com_vtiger_workflow/savetask.php
===================================================================
--- modules/com_vtiger_workflow/savetask.php	(revisión: 7011)
+++ modules/com_vtiger_workflow/savetask.php	(copia de trabajo)
@@ -18,7 +18,7 @@
 	$util = new VTWorkflowUtils();
 		$module = new VTWorkflowApplication("savetask");
 		$mod = return_module_language($current_language, $module->name);
-
+		$request = vtlib_purify($request);  // this cleans all values of the array
 		if(!$util->checkAdminAccess()){
 			$errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NOT_ADMIN']);
 			$util->redirectTo($errorUrl, $mod['LBL_ERROR_NOT_ADMIN']);
Index: modules/com_vtiger_workflow/edittask.php
===================================================================
--- modules/com_vtiger_workflow/edittask.php	(revisión: 7011)
+++ modules/com_vtiger_workflow/edittask.php	(copia de trabajo)
@@ -20,6 +20,7 @@
 	function vtTaskEdit($adb, $request, $current_language, $app_strings){
 		global $theme;
 		$util = new VTWorkflowUtils();
+		$request = vtlib_purify($request);  // this cleans all values of the array
 		$image_path = "themes/$theme/images/";
 
 		$module = new VTWorkflowApplication('edittask');
Index: modules/com_vtiger_workflow/deletetask.php
===================================================================
--- modules/com_vtiger_workflow/deletetask.php	(revisión: 7011)
+++ modules/com_vtiger_workflow/deletetask.php	(copia de trabajo)
@@ -18,7 +18,7 @@
 		$util = new VTWorkflowUtils();
 		$module = new VTWorkflowApplication("deltetask");
 		$mod = return_module_language($current_language, $module->name);
-
+		$request = vtlib_purify($request);  // this cleans all values of the array
 		if(!$util->checkAdminAccess()){
 			$errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NOT_ADMIN']);
 			$util->redirectTo($errorUrl, $mod['LBL_ERROR_NOT_ADMIN']);
Index: modules/com_vtiger_workflow/saveworkflow.php
===================================================================
--- modules/com_vtiger_workflow/saveworkflow.php	(revisión: 7011)
+++ modules/com_vtiger_workflow/saveworkflow.php	(copia de trabajo)
@@ -19,7 +19,7 @@
 		$util = new VTWorkflowUtils();
 		$module = new VTWorkflowApplication("saveworkflow");
 		$mod = return_module_language($current_language, $module->name);
-
+		$request = vtlib_purify($request);  // this cleans all values of the array
 		if(!$util->checkAdminAccess()){
 			$errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NOT_ADMIN']);
 			$util->redirectTo($errorUrl, $mod['LBL_ERROR_NOT_ADMIN']);
Index: modules/com_vtiger_workflow/savetemplate.php
===================================================================
--- modules/com_vtiger_workflow/savetemplate.php	(revisión: 7011)
+++ modules/com_vtiger_workflow/savetemplate.php	(copia de trabajo)
@@ -20,7 +20,7 @@
 	$util = new VTWorkflowUtils();
 	$module = new VTWorkflowApplication("savetemplate");
 	$mod = return_module_language($current_language, $module->name);
-	
+	$request = vtlib_purify($request);  // this cleans all values of the array
 	if(!$util->checkAdminAccess()){
 		$errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NOT_ADMIN']);
 		$util->redirectTo($errorUrl, $mod['LBL_ERROR_NOT_ADMIN']);