Revert "Fix some CWE errors"

This reverts commit 897dca4.
contributte · Jul 17, 2020 · 104c9c2 · 104c9c2
1 parent fa8bb99
commit 104c9c2
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 29 deletions.
diff --git a/samples/wsdlclient12.php b/samples/wsdlclient12.php
@@ -198,7 +198,7 @@ function GetListSearchParams() {
 } elseif ($method == 'CartCreate') {
 	$result = $client->call('CartCreate', array('body' => GetCartCreateParams()));
 } else {
-	echo $client->sanitize("Unsupported method $method");
+	echo "Unsupported method $method";
 	exit;
 }
 // Check for a fault

diff --git a/samples/wsdlclient4.php b/samples/wsdlclient4.php
@@ -20,17 +20,15 @@
 $proxyport = isset($_POST['proxyport']) ? $_POST['proxyport'] : '';
 $proxyusername = isset($_POST['proxyusername']) ? $_POST['proxyusername'] : '';
 $proxypassword = isset($_POST['proxypassword']) ? $_POST['proxypassword'] : '';
-$client = new soapclient('http://www.scottnichol.com/samples/round2_base_server.php?wsdl&debug=1', true,
-						$proxyhost, $proxyport, $proxyusername, $proxypassword);
 /*
  *	When no method has been specified, give the user a choice
  */
 if ($method == '') {
 	echo '<form name="MethodForm" method="POST">';
-	echo '<input type="hidden" name="proxyhost" value="' . $client->sanitize($proxyhost) .'">';
-	echo '<input type="hidden" name="proxyport" value="' . $client->sanitize($proxyport) .'">';
-	echo '<input type="hidden" name="proxyusername" value="' . $client->sanitize($proxyusername) .'">';
-	echo '<input type="hidden" name="proxypassword" value="' . $client->sanitize($proxypassword) .'">';
+	echo '<input type="hidden" name="proxyhost" value="' . $proxyhost .'">';
+	echo '<input type="hidden" name="proxyport" value="' . $proxyport .'">';
+	echo '<input type="hidden" name="proxyusername" value="' . $proxyusername .'">';
+	echo '<input type="hidden" name="proxypassword" value="' . $proxypassword .'">';
 	echo 'Method: <select name="method">';
 	echo '<option>echoString</option>';
 	echo '<option>echoStringArray</option>';
@@ -135,15 +133,17 @@
 		$params = array('inputBase64' => null);
 	}
 } else {
-	echo $client->sanitize('Sorry, I do not know about method ' . $method);
+	echo 'Sorry, I do not know about method ' . $method;
 	exit();
 }
+$client = new soapclient('http://www.scottnichol.com/samples/round2_base_server.php?wsdl&debug=1', true,
+						$proxyhost, $proxyport, $proxyusername, $proxypassword);
 $err = $client->getError();
 if ($err) {
-	echo '<h2>Constructor error</h2><pre>' . $client->sanitize($err) . '</pre>';
+	echo '<h2>Constructor error</h2><pre>' . $err . '</pre>';
 }
 $client->useHTTPPersistentConnection();
-echo '<h2>Execute ' . $client->sanitize($method) . '</h2>';
+echo '<h2>Execute ' . $method . '</h2>';
 $result = $client->call($method, $params);
 // Check for a fault
 if ($client->fault) {
@@ -162,7 +162,7 @@
 		print_r((!is_bool($result)) ? $result : ($result ? 'true' : 'false'));
 		echo '</pre>';
 		// And execute again to test persistent connection
-		echo '<h2>Execute ' . $client->sanitize($method) . ' again to test persistent connection (see debug)</h2>';
+		echo '<h2>Execute ' . $method . ' again to test persistent connection (see debug)</h2>';
 		$client->debug("*** execute again to test persistent connection ***");
 		$result = $client->call($method, $params);
 		// And again...

diff --git a/src/nusoap.php b/src/nusoap.php
@@ -349,7 +349,7 @@ function &getDebugAsXMLComment()
         while (strpos($this->debug_str, '--')) {
             $this->debug_str = str_replace('--', '- -', $this->debug_str);
         }
-        $ret = "<!--\n" . $this->sanitize($this->debug_str) . "\n-->";
+        $ret = "<!--\n" . $this->debug_str . "\n-->";
         return $ret;
     }
 
@@ -908,15 +908,11 @@ function getmicrotime()
     function varDump($data)
     {
         ob_start();
-        var_dump($this->sanitize($data));
+        var_dump($data);
         $ret_val = ob_get_contents();
         ob_end_clean();
         return $ret_val;
     }
-
-    function sanitize($value) {
-        return htmlspecialchars(strip_tags($value), ENT_COMPAT, 'utf-8');
-    }
 
     /**
      * represents the object as a string
@@ -2718,13 +2714,13 @@ function setCredentials($username, $password, $authtype = 'basic', $digestReques
                 $A1 = $username . ':' . (isset($digestRequest['realm']) ? $digestRequest['realm'] : '') . ':' . $password;
 
                 // H(A1) = MD5(A1)
-                $HA1 = password_hash($A1, PASSWORD_DEFAULT);
+                $HA1 = md5($A1);
 
                 // A2 = Method ":" digest-uri-value
                 $A2 = $this->request_method . ':' . $this->digest_uri;
 
                 // H(A2)
-                $HA2 = password_hash($A2, PASSWORD_DEFAULT);
+                $HA2 = md5($A2);
 
                 // KD(secret, data) = H(concat(secret, ":", data))
                 // if qop == auth:
@@ -2746,7 +2742,7 @@ function setCredentials($username, $password, $authtype = 'basic', $digestReques
                     $unhashedDigest = $HA1 . ':' . $nonce . ':' . $HA2;
                 }
 
-                $hashedDigest = password_hash($unhashedDigest, PASSWORD_DEFAULT);
+                $hashedDigest = md5($unhashedDigest);
 
                 $opaque = '';
                 if (isset($digestRequest['opaque'])) {
@@ -3875,7 +3871,7 @@ function service($data)
             } else {
                 $this->debug("In service, there is no WSDL");
                 header("Content-Type: text/html; charset=ISO-8859-1\r\n");
-                print $this->sanitize("This service does not provide WSDL");
+                print "This service does not provide WSDL";
             }
         } elseif ($this->wsdl) {
             $this->debug("In service, return Web description");
@@ -4181,7 +4177,34 @@ function invoke_method()
         $this->appendDebug($this->varDump($this->methodparams));
         $this->debug("in invoke_method, calling '$this->methodname'");
         if (!function_exists('call_user_func_array')) {
-            $this->debug('call_user_func_array not exists');
+            if ($class == '') {
+                $this->debug('in invoke_method, calling function using eval()');
+                $funcCall = "\$this->methodreturn = $this->methodname(";
+            } else {
+                if ($delim == '..') {
+                    $this->debug('in invoke_method, calling class method using eval()');
+                    $funcCall = "\$this->methodreturn = " . $class . "::" . $method . "(";
+                } else {
+                    $this->debug('in invoke_method, calling instance method using eval()');
+                    // generate unique instance name
+                    $instname = "\$inst_" . time();
+                    $funcCall = $instname . " = new " . $class . "(); ";
+                    $funcCall .= "\$this->methodreturn = " . $instname . "->" . $method . "(";
+                }
+            }
+            if ($this->methodparams) {
+                foreach ($this->methodparams as $param) {
+                    if (is_array($param) || is_object($param)) {
+                        $this->fault('SOAP-ENV:Client', 'NuSOAP does not handle complexType parameters correctly when using eval; call_user_func_array must be available');
+                        return;
+                    }
+                    $funcCall .= "\"$param\",";
+                }
+                $funcCall = substr($funcCall, 0, -1);
+            }
+            $funcCall .= ');';
+            $this->debug('in invoke_method, function call: ' . $funcCall);
+            @eval($funcCall);
         } else {
             if ($class == '') {
                 $this->debug('in invoke_method, calling function using call_user_func_array()');
@@ -8410,7 +8433,7 @@ function __construct($cache_dir='.', $cache_lifetime=0) {
      * @access private
      */
     function createFilename($wsdl) {
-        return $this->cache_dir.'/wsdlcache-' . password_hash($wsdl, PASSWORD_DEFAULT);
+        return $this->cache_dir.'/wsdlcache-' . md5($wsdl);
     }
 
     /**
@@ -8478,11 +8501,11 @@ function obtainMutex($filename, $mode) {
             $this->debug("Lock for $filename already exists");
             return false;
         }
-        $this->fplock[password_hash($filename, PASSWORD_DEFAULT)] = fopen($filename.".lock", "w");
+        $this->fplock[md5($filename)] = fopen($filename.".lock", "w");
         if ($mode == "r") {
-            return flock($this->fplock[password_hash($filename, PASSWORD_DEFAULT)], LOCK_SH);
+            return flock($this->fplock[md5($filename)], LOCK_SH);
         } else {
-            return flock($this->fplock[password_hash($filename, PASSWORD_DEFAULT)], LOCK_EX);
+            return flock($this->fplock[md5($filename)], LOCK_EX);
         }
     }
 
@@ -8522,9 +8545,9 @@ function put($wsdl_instance) {
      * @access private
      */
     function releaseMutex($filename) {
-        $ret = flock($this->fplock[password_hash($filename, PASSWORD_DEFAULT)], LOCK_UN);
-        fclose($this->fplock[password_hash($filename, PASSWORD_DEFAULT)]);
-        unset($this->fplock[password_hash($filename, PASSWORD_DEFAULT)]);
+        $ret = flock($this->fplock[md5($filename)], LOCK_UN);
+        fclose($this->fplock[md5($filename)]);
+        unset($this->fplock[md5($filename)]);
         if (! $ret) {
             $this->debug("Not able to release lock for $filename");
         }