FMHN#86100 Onveilige parameter in Print.asp tijdens Pentest FMHN

svn path=/Website/branches/v2024.3/; revision=67036
2024-11-14 12:15:37 +00:00
parent c3f529438f
commit 2960cb4ee7
4 changed files with 9 additions and 7 deletions
--- a/APPL/SlnkDwf/Print.asp
+++ b/APPL/SlnkDwf/Print.asp
@@ -6,6 +6,7 @@
    File:               Print.asp
 */
 %>
+<!-- #INCLUDE FILE="../shared/common.inc" -->
 <!-- #INCLUDE FILE="./SLNKDWF.inc" -->
 <%
    var paperSizeX  = parseFloat(_getParam("paperSizeX", 165));
@@ -97,7 +98,7 @@ function onepage(psx, sx, sy, cx, cy, scl)
            %><td>
                <img alt=""
                    style="<%=mustrotate?"height":"width"%>:<%=toJsNumber(psx / tiles)%>mm; border:0; padding:0; margin:0;"
-                    src="<%=url%>"></td>
+                    src="<%=safe.htmlattr(url)%>"></td>
          <%
          }
          Response.Write("</tr>");
--- a/APPL/SlnkDwf/ShowDWF.asp
+++ b/APPL/SlnkDwf/ShowDWF.asp
@@ -16,16 +16,17 @@
    if (absFile=="")
        absFile = Server.MapPath(_getParam("relfile"));
 %>
+<!-- #INCLUDE FILE="../shared/common.inc" -->
 <!--#include file="./Slnk2IMG.inc" -->
 <script>
 function init()
 {
    MMap.Reset();
-    MMap.SetDWF("<%=absFile.replace(/\\/g,'\\\\')%>");
+    MMap.SetDWF("<%=safe.jsstring(absFile.replace(/\\/g,'\\\\'))%>");
    MMap.Refresh(true);   // Do zoom extents
 }
 </script>
-<title><%=absFile%></title>
+<title><%=safe.html(absFile)%></title>
 </head>

 <body id='docBody' onLoad='javascript:init();'>
--- a/APPL/SlnkDwf/SlnkDWF.inc
+++ b/APPL/SlnkDwf/SlnkDWF.inc
@@ -30,8 +30,8 @@ function SLNKDWFError(msg)
    Response.Clear;
 %>
    <html>
-    <body onLoad='FcltMgr.alert("SLNKDWF Error:\n" + myError.innerHTML);'>
-        <div id="myError" style="display:none"><%=msg%></div>
+    <body onLoad='alert("SLNKDWF Error:\n" + myError.innerHTML);'>
+        <div id="myError" style="display:none"><%=safe.html(msg)%></div>
    </body>
    </html>
 <%
--- a/APPL/SlnkDwf/ToonIMG.asp
+++ b/APPL/SlnkDwf/ToonIMG.asp
@@ -23,7 +23,7 @@ var minDLL_VERSION_MINOR = "16"
 // Version check
 try
 {
-    var _oAbout = Server.CreateObject('SLNKDWF.About');
+    var _oAbout = Server.CreateObject('SLNKDwWF.About');
    var dllMinor = _oAbout.VersionMinor
    var dllMajor = _oAbout.VersionMajor
    var dllPath = _oAbout.DLLPath;
@@ -52,7 +52,7 @@ var ShowLabelMenu  = getQParamInt("ShowLabelMenu", 0) == 1;
 <% if (user.checkAutorisation("WEB_PRSSYS", true)) { %>
        function SLNKAbout()
        {
-            var version = "SLNKDWF <%=dllMajor+"."+dllMinor%>"
+            var version = "SLNKDWF <%=safe.jsstring(dllMajor+"."+dllMinor)%>"
                        + "\n\n(c) 2005-" + new Date().getFullYear() + " Aareon Nederland B.V.";
            if (gSLNKEvent && gSLNKEvent.success)
            {