FIX #3067 control of dir param

maarch_entreprise/trunk/index.php

@@ -72,6 +72,12 @@ if (isset($_SESSION['config']['corepath'])) {
 
 $core->load_lang();
 
+if (isset($_REQUEST['dir']) && !empty($_REQUEST['dir'])) {    
+    $_REQUEST['dir'] = str_replace("\\", "", $_REQUEST['dir']);
+    $_REQUEST['dir'] = str_replace("/", "", $_REQUEST['dir']);
+    $_REQUEST['dir'] = str_replace("..", "", $_REQUEST['dir']);
+}
+
 include 'apps/maarch_entreprise/tools/maarchIVS/MaarchIVS.php';
 $started = MaarchIVS::start(__DIR__ . '/xml/IVS/requests_definitions.xml', 'xml');
 $valid = MaarchIVS::run('silent');

maarch_entreprise/trunk/tools/maarchIVS/handler/JsonConfigurationHandler.php

@@ -130,7 +130,7 @@ class JsonConfigurationHandler
             }
 
             // Wrong method
-            if ($requestDefinition->method  != $method) {
+            if (!in_array($method, explode('|', $requestDefinition->method))) {
                 continue;
             }  
 

maarch_entreprise/trunk/tools/maarchIVS/handler/XmlConfigurationHandler.php

@@ -68,8 +68,8 @@ class XmlConfigurationHandler
     public function getValidationRules($method, $path, $parameters=array())
     {
         $validationRules = array();
-    
-        $requestDefinitionElements = $this->configurationXPath->query("//requestDefinition[@method='$method' and contains('$path', @path)]");
+        $query = "//requestDefinition[contains(@method, '$method') and contains('$path', @path)]";
+        $requestDefinitionElements = $this->configurationXPath->query($query);
 
         foreach ($requestDefinitionElements as $requestDefinitionElement) {
             if (!$requestDefinitionElement->hasAttribute('validationRule')) {