FSN#22720 FOX#24 Cross Site Request Forgery voorkomen

svn path=/Website/trunk/; revision=17235
2013-03-18 13:35:12 +00:00
parent 109c216cc8
commit 73c4dd4a1c
4 changed files with 4 additions and 1 deletions
--- a/APPL/FAC/fac_locale_data.asp
+++ b/APPL/FAC/fac_locale_data.asp
@@ -52,6 +52,7 @@ var maxlen = oRs(0).Value;
    FCLTHeader.Generate();

    if (submitting) {
+        protectRequest.validateToken();
        for (i in lcl.languages)
        {
            if (i != db_lang)
--- a/APPL/FAC/fac_locale_dialect.asp
+++ b/APPL/FAC/fac_locale_dialect.asp
@@ -60,6 +60,7 @@ var term_omschrijving = oRs("descr").Value;
    FCLTHeader.Generate();

    if (submitting) {
+        protectRequest.validateToken();
        // de aanwezige teksten
        var sql = "SELECT fli.fac_localeitems_key,"
                + "       fli.fac_localeitems_lcl,"
--- a/APPL/FAC/fac_locale_edit_std.asp
+++ b/APPL/FAC/fac_locale_edit_std.asp
@@ -36,6 +36,7 @@ maxlen = 2000; // fac_locale_xsl_cust
    FCLTHeader.Generate();

    if (submitting) {
+        protectRequest.validateToken();
        for (l in S("language_toggles"))
        {
            var tekst = getFParam("lcl_cust_" + S("language_toggles")[l], "");
--- a/APPL/FAC/job_save.asp
+++ b/APPL/FAC/job_save.asp
@@ -19,7 +19,7 @@
 <!--#include file="../Shared/calendar.inc" -->

 <%
-
+protectRequest.validateToken();
 FCLTHeader.Requires({ plugins:["suggest"] });
 var urole = "fo"; // todo complete auth aanmaken voor de job schermen.