FSN#29385 Concrete Reflective XSS uit de pentest

svn path=/Website/branches/v5.4.1/; revision=21386
2014-04-23 17:33:01 +00:00
parent 961e583a3c
commit 8f5fb67942
7 changed files with 10 additions and 10 deletions
--- a/APPL/ALG/alg_ruimte.asp
+++ b/APPL/ALG/alg_ruimte.asp
@@ -58,7 +58,7 @@ else
    addString = (loc_key > 0? "&loc_key=" + loc_key : "")
              + (geb_key > 0? "&geb_key=" + geb_key : "")
              + (ver_key > 0? "&ver_key=" + ver_key : "")
-              + (cad_ruimte_nr?"&cad_ruimte_nr="+cad_ruimte_nr:"");
+              + (cad_ruimte_nr?"&cad_ruimte_nr="+safe.url(cad_ruimte_nr):"");
  }
 }
 %>
--- a/APPL/API/api.inc
+++ b/APPL/API/api.inc
@@ -64,7 +64,7 @@ API_func.prototype.error = function (msg)
    else
    {
        Response.Status = "500 Internal server error";
-        Response.Write(msg);
+        Response.Write(safe.html(msg));
    }
    Response.End;
 }
--- a/APPL/BES/ModalForm.asp
+++ b/APPL/BES/ModalForm.asp
@@ -8,7 +8,7 @@

 <html>
  <head>
-    <title><%=titleString%></title>
+    <title><%=safe.html(titleString)%></title>
    <script>
        function closeModal(retval)
        {
--- a/APPL/CAD/cad_contour_search_list.asp
+++ b/APPL/CAD/cad_contour_search_list.asp
@@ -26,7 +26,7 @@ var showall = getQParamInt("showall", 0) == 1;
 var loc_key = getQParamInt("locatiekey", -1); // Locatie
 var bld_key = getQParamInt("gebouwkey", -1); // Gebouw
 var flr_key = getQParamInt("verdiepingkey", -1); // verdieping
-var bttype = getQParam("bttype", "");
+var bttype = getQParamSafe("bttype", "");
 var concept = getQParamInt("concept", 0) == 1;


--- a/APPL/CARE/cak_rapport.asp
+++ b/APPL/CARE/cak_rapport.asp
@@ -8,7 +8,7 @@

 */ %>
 <%
-DOCTYPE_Disable = 1;
+JSON_Result = true;
 %>
 <!-- #include file="../Shared/common.inc" -->
 <!-- #include file="../../appl/shared/json2.js" -->
@@ -18,7 +18,7 @@ var autfunction = "WEB_USRRAP";
 var authparams = user.checkAutorisation(autfunction);

  var cak_periode = getQParam("cak_periode");
-  var message = "U heeft periode " + cak_periode + " gezet";
+  var message = "U heeft periode " + safe.html(cak_periode) + " gezet";
  if (cak_periode != "")
  {
    sql = " UPDATE fac_usrdata "
--- a/APPL/FAC/fac_bookmark.asp
+++ b/APPL/FAC/fac_bookmark.asp
@@ -29,7 +29,7 @@ var bkm_title = "";
    <script type="text/javascript" >
 <%    if (bkm_id != "")
      { %>
-        FcltMgr.setTitle("<%=bkm_title%>", {hot: false});
+        FcltMgr.setTitle("<%=safe.jsstring(bkm_title)%>", {hot: false});
 <%    } %>

      function bkmClose(params)
@@ -49,7 +49,7 @@ var bkm_title = "";
          if (params.close)
            FcltMgr.closeDetail(window, {close: true})
          if (!params.keepForm)
-            $("#bkmFrame")[0].src = "fac_show_bookmark.asp?bkm_id=<%=bkm_id%>";
+            $("#bkmFrame")[0].src = "fac_show_bookmark.asp?bkm_id=<%=safe.jsstring(bkm_id)%>";
 <%      } %>
      }
    </script>
--- a/APPL/FAC/fac_locale_edit_std.asp
+++ b/APPL/FAC/fac_locale_edit_std.asp
@@ -59,9 +59,9 @@ maxlen = 2000; // fac_locale_xsl_cust

  </head>
  <body class="modal" id="localebody">
-      <form id="lclform" name="lclform" action="fac_locale_edit_std.asp?submit=1&lcl_label=<%=lcl_label%>" method="post">
+      <form id="lclform" name="lclform" action="fac_locale_edit_std.asp?submit=1&lcl_label=<%=safe.htmlattr(lcl_label)%>" method="post">
 <%
-        BLOCK_START("lcl_locale_std", L("lcl_lcl_xsl_label") + ": " + lcl_label);
+        BLOCK_START("lcl_locale_std", L("lcl_lcl_xsl_label") + ": " + safe.html(lcl_label));

        //kolomkeydata
        var talen_arr = [];