admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FSN#37517 PENTEST PINE 4.7.1: CSRF token vaker gebruiken

Browse Source 
svn path=/Website/trunk/; revision=30428
This commit is contained in:
Erik Groener
2016-08-25 13:24:32 +00:00
parent 8b3776fce4
commit 0aea35d8e3
28 changed files with 110 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
APPL/ALG/alg_district_search.asp
View File

@@ -43,7 +43,7 @@ var authparams = alg.checkAutorisation();
<body id="searchbody">
<div id="search">
<form name="u2" target="workFrame" action="alg_district_search_list.asp" method="get">
<% BLOCK_START("searchtable", L("lcl_filterblok"));%>
<% BLOCK_START("searchtable", L("lcl_filterblok"));%>
<tr>
<td class="searchkolom1">
<table><!-- x rijen, 2 kolommen: label + veld -->
@@ -61,13 +61,15 @@ var authparams = alg.checkAutorisation();
<td class="searchkolom2">
</td><!-- end column 1 -->
</tr>
<% BLOCK_END();
var buttons = [ {title: L("lcl_search"), action: "doSubmit()", id: "bSearch" },
{title: L("lcl_obj_advanced"), action: "myModal()", id: "bAdvanced" } ];
CreateButtons(buttons, { entersubmit: true }); %>
</form>
<% BLOCK_END();
var buttons = [ {title: L("lcl_search"), action: "doSubmit()", id: "bSearch" },
{title: L("lcl_obj_advanced"), action: "myModal()", id: "bAdvanced" } ];
CreateButtons(buttons, { entersubmit: true });
IFACE.FORM_END();
%>
</form>
</div> <!-- search -->
<div id="result">
<iframe width="100%" height="100%"
src="../Shared/empty.asp"

8
APPL/ALG/alg_district_search_list.asp
View File

@@ -4,9 +4,9 @@
$Id$
File: alg_district_search_list.asp
Description:
Parameters:
Context:
Description:
Parameters:
Context:
Note:
*/ %>
@@ -24,6 +24,8 @@ var showall = getQParamInt("showall", 0) == 1;
var reg_key = getQParamInt("regiokey", -1); // Regio
var dis_key = getQParamInt("districtkey", -1); // District
protectRequest.validateToken();
district_list ( "*",
{ outputmode: outputmode,
showall: showall,

1
APPL/ALG/alg_gebouw_search.asp
View File

@@ -118,6 +118,7 @@ var this_alg = alg.func_enabled(gebouw_key);
var buttons = [ {title: L("lcl_search"), action: "doSubmit()", id: "bSearch" },
{title: L("lcl_obj_advanced"), action: "myModal()", id: "bAdvanced" } ];
CreateButtons(buttons, { entersubmit: true });
IFACE.FORM_END();
%>
</form>
</div> <!-- search -->

2
APPL/ALG/alg_gebouw_search_list.asp
View File

@@ -32,6 +32,8 @@ var srtgebouw_key = getQParamInt("srt", -1); // Gebouwfunctie
var verantw_key = getQParamInt("verantw", -1); // Gebouw verantwoordelijke
var expalgincl = getQParamInt("expAlgIncl", 0) == 1; // Ook vervallen gebouwen
protectRequest.validateToken();
gebouw_list ( "*",
{ outputmode: outputmode,
showall: showall,

11
APPL/ALG/alg_locatie_search.asp
View File

@@ -44,7 +44,7 @@ var authparams = alg.checkAutorisation();
<body id="searchbody">
<div id="search">
<form name="u2" target="workFrame" action="alg_locatie_search_list.asp" method="get">
<% BLOCK_START("searchtable", L("lcl_filterblok"));%>
<% BLOCK_START("searchtable", L("lcl_filterblok"));%>
<tr>
<td class="searchkolom1">
<table><!-- x rijen, 2 kolommen: label + veld -->
@@ -63,11 +63,12 @@ var authparams = alg.checkAutorisation();
<td class="searchkolom2">
</td><!-- end column 1 -->
</tr>
<% BLOCK_END();
<% BLOCK_END();
var buttons = [ {title: L("lcl_search"), action: "doSubmit()", id: "bSearch" },
{title: L("lcl_obj_advanced"), action: "myModal()", id: "bAdvanced" } ];
CreateButtons(buttons, { entersubmit: true });
var buttons = [ {title: L("lcl_search"), action: "doSubmit()", id: "bSearch" },
{title: L("lcl_obj_advanced"), action: "myModal()", id: "bAdvanced" } ];
CreateButtons(buttons, { entersubmit: true });
IFACE.FORM_END();
%>
</form>
</div> <!-- search -->

10
APPL/ALG/alg_locatie_search_list.asp
View File

@@ -3,10 +3,10 @@
$Revision$
$Id$
File:
Description:
Parameters:
Context:
File:
Description:
Parameters:
Context:
Note:
*/ %>
@@ -26,6 +26,8 @@ var reg_key = getQParamInt("regiokey", -1); // Regio
var dis_key = getQParamInt("districtkey", -1); // District
var loc_key = getQParamInt("locatiekey", -1); // Locatie
protectRequest.validateToken();
locatie_list ( "*",
{ outputmode: outputmode,
showall: showall,

11
APPL/ALG/alg_regio_search.asp
View File

@@ -29,7 +29,7 @@ var authparams = alg.checkAutorisation();
<body id="searchbody">
<div id="search">
<form name="u2" target="workFrame" action="alg_regio_search_list.asp" method="get">
<% BLOCK_START("searchtable", L("lcl_filterblok"));%>
<% BLOCK_START("searchtable", L("lcl_filterblok"));%>
<tr>
<td class="searchkolom1">
<table><!-- x rijen, 2 kolommen: label + veld -->
@@ -49,10 +49,11 @@ var authparams = alg.checkAutorisation();
</td><!-- end column 1 -->
</tr>
<% BLOCK_END(); %>
<%
var buttons = [{title: L("lcl_search"), action: "document.forms.u2.submit();", id: "bSearch" }];
CreateButtons(buttons, { entersubmit: true });
<% BLOCK_END();
var buttons = [{title: L("lcl_search"), action: "document.forms.u2.submit();", id: "bSearch" }];
CreateButtons(buttons, { entersubmit: true });
IFACE.FORM_END();
%>
</form>
</div> <!-- search -->

2
APPL/ALG/alg_regio_search_list.asp
View File

@@ -23,6 +23,8 @@ var outputmode = getQParamInt("outputmode", 0) // 0 = screen, 1 = print, 2 = ex
var showall = getQParamInt("showall", 0) == 1;
var reg_key = getQParamInt("regiokey", -1) // Regio
protectRequest.validateToken();
regio_list ( "*",
{ outputmode: outputmode,
showall: showall,

15
APPL/ALG/alg_ruimte_search.asp
View File

@@ -51,7 +51,7 @@ var authparams = alg.checkAutorisation();
<body id="searchbody">
<div id="search">
<form name="u2" target="workFrame" action="alg_ruimte_search_list.asp" method="get">
<% BLOCK_START("searchtable", L("lcl_filterblok"));%>
<% BLOCK_START("searchtable", L("lcl_filterblok"));%>
<tr>
<td class="searchkolom1">
<table><!-- x rijen, 2 kolommen: label + veld -->
@@ -96,7 +96,7 @@ var authparams = alg.checkAutorisation();
label: L("lcl_estate_ruimte_man_sort"),
emptyOption: ""
});
sql= "SELECT 1 FROM prs_ruimteafdeling WHERE prs_ruimteafdeling_verwijder is null AND ROWNUM = 1";
oRs = Oracle.Execute(sql);
var anyruimteafd = !oRs.eof;
@@ -110,15 +110,16 @@ var authparams = alg.checkAutorisation();
whenEmpty: L("lcl_search_generic"),
filtercode: "AR"
});
}
}
%> </table>
</td><!-- end column 1 -->
</tr>
<% BLOCK_END();
<% BLOCK_END();
var buttons = [ {title: L("lcl_search"), action: "doSubmit()", id: "bSearch" },
{title: L("lcl_obj_advanced"), action: "myModal()", id: "bAdvanced" } ];
CreateButtons(buttons, { entersubmit: true });
var buttons = [ {title: L("lcl_search"), action: "doSubmit()", id: "bSearch" },
{title: L("lcl_obj_advanced"), action: "myModal()", id: "bAdvanced" } ];
CreateButtons(buttons, { entersubmit: true });
IFACE.FORM_END();
%>
</form>
</div> <!-- search -->

2
APPL/ALG/alg_ruimte_search_list.asp
View File

@@ -34,6 +34,8 @@ var area_use = getQParamInt("srt", null); // Ruimtefunctie
var dept = getQParamInt("dept", -1); // Afdeling
var chkgeb = getQParamInt("chkgeb", 0) == 1; //Controleer tegen de vervallenstatus van het gebouw (vertrouw lvl_key/geb_key niet)
protectRequest.validateToken();
ruimte_list ( "*",
{ outputmode: outputmode,
showall: showall,

2
APPL/ALG/alg_ruimtefunctie_search.asp
View File

@@ -76,8 +76,10 @@ var authparams = alg.checkAutorisation();
</td><!-- end column 1 -->
</tr>
<% BLOCK_END();
var buttons = [ {title: L("lcl_search"), action: "doSubmit()", id: "bSearch"} ];
CreateButtons(buttons, { entersubmit: true});
IFACE.FORM_END();
%>
</form>
</div> <!-- search -->

28
APPL/ALG/alg_search.asp
View File

@@ -49,8 +49,8 @@ var authparams = alg.checkAutorisation();
</head>
<body id="searchbody">
<div id="search">
<% BLOCK_START("searchtable", L("lcl_filterblok"));%>
<form name="u2" id="algform" target="workFrame" action="dynamischbepaald" method="get">
<% BLOCK_START("searchtable", L("lcl_filterblok"));%>
<tr>
<td class="searchkolom1">
<table>
@@ -68,21 +68,23 @@ var authparams = alg.checkAutorisation();
%>
</table>
</td><!-- end column 1 -->
<td class="searchkolom2"><input type="hidden" name="noref" value="1"><input type="hidden" name="chkgeb" value="1">
<td class="searchkolom2"><input type="hidden" name="noref" value="1"><input type="hidden" name="chkgeb" value="1">
</td><!-- end column 1 -->
</tr>
</form>
<% BLOCK_END();
<% BLOCK_END();
var buttons = [
{title: L("lcl_menu_alg_locatie"), action: "doSubmit('L')"},
{title: L("lcl_menu_alg_gebouw"), action: "doSubmit('G')"},
{title: L("lcl_menu_alg_verdieping"), action: "doSubmit('V')"},
{title: L("lcl_menu_alg_ruimte"), action: "doSubmit('R')"},
{title: L("lcl_menu_alg_terreinsector"), action: "doSubmit('T')"}
];
CreateButtons(buttons, { entersubmit: true });
%></div> <!-- search -->
var buttons = [
{title: L("lcl_menu_alg_locatie"), action: "doSubmit('L')"},
{title: L("lcl_menu_alg_gebouw"), action: "doSubmit('G')"},
{title: L("lcl_menu_alg_verdieping"), action: "doSubmit('V')"},
{title: L("lcl_menu_alg_ruimte"), action: "doSubmit('R')"},
{title: L("lcl_menu_alg_terreinsector"), action: "doSubmit('T')"}
];
CreateButtons(buttons, { entersubmit: true });
IFACE.FORM_END();
%>
</form>
</div> <!-- search -->
<div id="result">
<iframe width="100%" height="100%"

1
APPL/ALG/alg_show_district.asp
View File

@@ -95,6 +95,7 @@ oRs.Close();
reado : true,
flexcolumns : S("alg_flexcolumns"),
this_alg : this_alg });
IFACE.FORM_END();
%>
</form>
</div>

1
APPL/ALG/alg_show_gebouw.asp
View File

@@ -217,6 +217,7 @@ oRs.Close();
flexcolumns : S("alg_flexcolumns"),
this_alg : this_alg
});
IFACE.FORM_END();
%>
</form>
</div>

2
APPL/ALG/alg_show_locatie.asp
View File

@@ -164,7 +164,7 @@ oRs.Close();
reado : true,
flexcolumns : S("alg_flexcolumns"),
this_alg : this_alg });
IFACE.FORM_END();
%>
</form>
</div>

1
APPL/ALG/alg_show_regio.asp
View File

@@ -90,6 +90,7 @@ var regio_deleted = regio_exists && !!regio_data.deleted;
eindlevel: 0, // Regio
readonly: true });
BLOCK_END();
IFACE.FORM_END();
%>
</form>
</div>

1
APPL/ALG/alg_show_ruimte.asp
View File

@@ -154,6 +154,7 @@ if (!room_data.cadcontours.length)
flexcolumns : S("alg_flexcolumns"),
this_alg : this_alg
});
IFACE.FORM_END();
%>
</form>
</div>

2
APPL/ALG/alg_show_terreinsector.asp
View File

@@ -148,7 +148,7 @@ oRs.Close();
flexcolumns : S("alg_flexcolumns"),
this_alg : this_alg
});
IFACE.FORM_END();
%>
</form>
</div> <!-- edit -->

9
APPL/ALG/alg_show_verdieping.asp
View File

@@ -104,14 +104,14 @@ oRs.Close();
oRs = Oracle.Execute(sql);
ROFIELDTR("fld", L("lcl_mld_dienst_niveau"), oRs("mld_dienstniveau_omschr").value);
oRs.Close();
}
}
BLOCK_END();
BLOCK_START("algLoc2", "&nbsp;");
var calcopp = alg.calc_algm2(flr_key, onrgoedlvl);
var calcopp = alg.calc_algm2(flr_key, onrgoedlvl);
ROFIELDTR("fld", L("lcl_estate_ruimte_bruto_vloeropp") + L("lcl_estate_calc_vloeropp"), calcopp.oppbruto, {suppressEmpty: true});
ROFIELDTR("fld", L("lcl_estate_ruimte_opp_alt1") + L("lcl_estate_calc_vloeropp"), calcopp.oppalt1, {suppressEmpty: true});
ROFIELDTR("fld", L("lcl_estate_ruimte_opp_alt2") + L("lcl_estate_calc_vloeropp"), calcopp.oppalt2, {suppressEmpty: true});
ROFIELDTR("fld", L("lcl_estate_ruimte_opp_alt2") + L("lcl_estate_calc_vloeropp"), calcopp.oppalt2, {suppressEmpty: true});
BLOCK_END();
generateFlexKenmerkBlock ({
@@ -121,6 +121,7 @@ oRs.Close();
flexcolumns : S("alg_flexcolumns"),
this_alg : this_alg
});
IFACE.FORM_END();
%>
</form>
</div>

1
APPL/ALG/alg_show_wp.asp
View File

@@ -113,6 +113,7 @@ var wp_typ_str = (wp_type == 1 ? L("lcl_wptype_1") : L("lcl_wptype_0"));
%>
</table>
<% BLOCK_END();
IFACE.FORM_END();
%>
</form>
</div>

9
APPL/ALG/alg_srtruimte_search.asp
View File

@@ -44,8 +44,8 @@ FCLTHeader.Generate();
<body id="searchbody">
<div id="search">
<% BLOCK_START("searchtable", L("lcl_filterblok"));%>
<form name="u2" target="workFrame" action="alg_srtruimte_search_list.asp" method="get">
<% BLOCK_START("searchtable", L("lcl_filterblok"));%>
<tr>
<td class="searchkolom1">
<table><!-- x rijen, 2 kolommen: label + veld -->
@@ -63,10 +63,11 @@ FCLTHeader.Generate();
</table>
</td><!-- end column 2 -->
</tr>
<% BLOCK_END();
<% BLOCK_END();
var buttons = [ {title: L("lcl_search"), action: "doSubmit()", id: "bSearch" } ];
CreateButtons(buttons, { entersubmit: true});
var buttons = [ {title: L("lcl_search"), action: "doSubmit()", id: "bSearch" } ];
CreateButtons(buttons, { entersubmit: true});
IFACE.FORM_END();
%>
</form>
</div> <!-- search -->

2
APPL/ALG/alg_srtruimte_search_list.asp
View File

@@ -14,6 +14,8 @@
<!-- #include file="../Shared/resultset_table_v2.inc" -->
<%
protectRequest.validateToken();
var searchtext = getQParam("searchtext", null);
//var fkdmodule = getQParamSafe("fkdmodule", -1);

13
APPL/ALG/alg_terreinsector_search.asp
View File

@@ -45,7 +45,7 @@ var authparams = alg.checkAutorisation();
<body id="searchbody">
<div id="search">
<form name="u2" target="workFrame" action="alg_terreinsector_search_list.asp" method="get">
<% BLOCK_START("searchtable", L("lcl_filterblok"));%>
<% BLOCK_START("searchtable", L("lcl_filterblok"));%>
<tr>
<td class="searchkolom1">
<table><!-- x rijen, 2 kolommen: label + veld -->
@@ -85,11 +85,12 @@ var authparams = alg.checkAutorisation();
</table>
</td><!-- end column 1 -->
</tr>
<% BLOCK_END(); %>
<%
var buttons = [ {title: L("lcl_search"), action: "doSubmit()", id: "bSearch" },
{title: L("lcl_obj_advanced"), action: "myModal()", id:"bAdvanced" } ];
CreateButtons(buttons, { entersubmit: true });
<% BLOCK_END();
var buttons = [ {title: L("lcl_search"), action: "doSubmit()", id: "bSearch" },
{title: L("lcl_obj_advanced"), action: "myModal()", id:"bAdvanced" } ];
CreateButtons(buttons, { entersubmit: true });
IFACE.FORM_END();
%>
</form>
</div> <!-- search -->

2
APPL/ALG/alg_terreinsector_search_list.asp
View File

@@ -28,6 +28,8 @@ var loc_key = getQParamInt("locatiekey", -1); // Locatie
var ter_code = getQParam("descr", null);
var ter_func = getQParamInt("srt", -1);
protectRequest.validateToken();
terrein_list ( "*",
{ outputmode: outputmode,
showall: showall,

11
APPL/ALG/alg_verdieping_search.asp
View File

@@ -47,7 +47,7 @@ var authparams = alg.checkAutorisation();
<body id="searchbody">
<div id="search">
<form name="u2" target="workFrame" action="alg_verdieping_search_list.asp" method="get">
<% BLOCK_START("searchtable", L("lcl_filterblok"));%>
<% BLOCK_START("searchtable", L("lcl_filterblok"));%>
<td valign=top>
<table>
<% // <!-- Locatie, gebouw en verdieping -->
@@ -64,11 +64,12 @@ var authparams = alg.checkAutorisation();
</td>
</tr>
</table>
<% BLOCK_END();
<% BLOCK_END();
var buttons = [ {title: L("lcl_search"), action: "doSubmit();", id: "bSearch" },
{title: L("lcl_obj_advanced"), action: "myModal()", id: "bAdvanced" } ];
CreateButtons(buttons, { entersubmit: true });
var buttons = [ {title: L("lcl_search"), action: "doSubmit();", id: "bSearch" },
{title: L("lcl_obj_advanced"), action: "myModal()", id: "bAdvanced" } ];
CreateButtons(buttons, { entersubmit: true });
IFACE.FORM_END();
%>
</form>
</div> <!-- search -->

1
APPL/ALG/alg_verdieping_search_list.asp
View File

@@ -29,6 +29,7 @@ var bld_key = getQParamInt("gebouwkey", -1); // Gebouw
var lvl_key = getQParamInt("verdiepingkey", -1); // Verdieping
var chkgeb = getQParamInt("chkgeb", 0) == 1; //Controleer tegen de vervallenstatus van het gebouw (vertrouw geb_key niet)
protectRequest.validateToken();
verdiepingen_list ( "*",
{ outputmode: outputmode,

9
APPL/ALG/alg_werkplek_search.asp
View File

@@ -40,7 +40,7 @@ var authparams = alg.checkAutorisation();
<body id="searchbody">
<div id="search">
<form name="u2" target="workFrame" action="alg_werkplek_search_list.asp" method="get">
<% BLOCK_START("searchtable", L("lcl_filterblok"));%>
<% BLOCK_START("searchtable", L("lcl_filterblok"));%>
<tr>
<td class="searchkolom1">
<table><!-- x rijen, 2 kolommen: label + veld -->
@@ -69,10 +69,11 @@ var authparams = alg.checkAutorisation();
</table>
</td><!-- end column 1 -->
</tr>
<% BLOCK_END();
<% BLOCK_END();
var buttons = [ {title: L("lcl_search"), action: "document.forms.u2.submit();", id: "bSearch" } ];
CreateButtons(buttons, { entersubmit: true });
var buttons = [ {title: L("lcl_search"), action: "document.forms.u2.submit();", id: "bSearch" } ];
CreateButtons(buttons, { entersubmit: true });
IFACE.FORM_END();
%>
</form>
</div> <!-- search -->

10
APPL/ALG/alg_werkplek_search_list.asp
View File

@@ -3,10 +3,10 @@
$Revision$
$Id$
File:
Description:
Parameters:
Context:
File:
Description:
Parameters:
Context:
Note:
*/ %>
@@ -29,6 +29,8 @@ var room_key = getQParamInt("ruimtekey", -1); // ruimte
var wp_descr = getQParam("descr", null);
var tiny = getQParamInt("tiny", 0) == 1;
protectRequest.validateToken();
werkplek_list ( "*",
{ outputmode: outputmode,
showall: showall,