admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FSN#39950 PENTEST Reflected XSS in cal_id parameter

Browse Source 
svn path=/Website/branches/v2016.3/; revision=33215
This commit is contained in:
Jos Groot Lipman
2017-03-22 14:31:33 +00:00
parent b15773882d
commit 13e3e13ea6
1 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
APPL/Shared/loadCalendar.asp
View File

@@ -21,12 +21,15 @@ DOCTYPE_Disable = true;
<%
// Maak een kalender
var cal_id = getFParam("cal_id");
var label = getFParam("label", "");
// De functie FCLTcalendar verwacht dat alle parameters htmlsafe zijn
// Bij wijze van uitzondering forceren we dat hier
var cal_id = safe.htmlattr(getFParam("cal_id"));
var label = safe.htmlattr(getFParam("label", ""));
var datum = getFParamDate("datum", new Date);
var onChange = getFParam("onChange", "");
var onChangeDate = getFParam("onChangeDate", "");
var onChangeTime = getFParam("onChangeTime", "");
var onChange = safe.htmlattr(getFParam("onChange", ""));
var onChangeDate = safe.htmlattr(getFParam("onChangeDate", ""));
var onChangeTime = safe.htmlattr(getFParam("onChangeTime", ""));
var volgnr = getFParamInt("volgnr", -1);
var calendars = getFParamInt("calendars", -1);
var readonly = (getFParamInt("readonly", 0) == 1);
@@ -40,7 +43,7 @@ var maxPast = getFParamInt("maxPast", -1);
var minFuture = getFParamInt("minFuture", -1);
var minDate = getFParamDate("minDate", null);
var maxDate = getFParamDate("maxDate", null);
var addClass = getFParam("addClass", "");
var addClass = safe.htmlattr(getFParam("addClass", ""));
var hidden = (getFParamInt("hidden", 0) == 1);
params = { datum: datum };