diff --git a/APPL/BES/opdr_delivery.asp b/APPL/BES/opdr_delivery.asp index c28c9e6b91..c82e62e363 100644 --- a/APPL/BES/opdr_delivery.asp +++ b/APPL/BES/opdr_delivery.asp @@ -171,7 +171,7 @@ user.auth_required_or_abort(this_bestelopdr.canDeliver); oRs = Oracle.Execute(sql); count = 0; - BLOCK_START("besdelivery", L("lcl_bes_delvery_h_pref") + S("bes_bestelopdr_prefix") + ordernr_id + L("lcl_bes_delvery_h_suf")); + BLOCK_START("besdelivery", L("lcl_bes_delvery_h_pref") + S("bes_bestelopdr_prefix") + safe.html(ordernr_id) + L("lcl_bes_delvery_h_suf")); ROFIELDTR("fld", L("lcl_bes_Supplier"), oRs("prs_bedrijf_naam").value); RWTEXTAREATR("notsat", "fldremark", diff --git a/APPL/CNT/cnt_split.asp b/APPL/CNT/cnt_split.asp index c935549ca1..dcb6819d4c 100644 --- a/APPL/CNT/cnt_split.asp +++ b/APPL/CNT/cnt_split.asp @@ -115,7 +115,7 @@ var kosten = oRs("kosten").value;
method="post"> <% - BLOCK_START("cntSplit", L("lcl_cnt_newversion_make") + internr); + BLOCK_START("cntSplit", L("lcl_cnt_newversion_make") + safe.html(internr)); var defaultdatum = new Date; // vandaag FCLTcalendar( "splitdate", diff --git a/APPL/FAC/fac_locale_data.asp b/APPL/FAC/fac_locale_data.asp index 62c0623b79..d10c877e5c 100644 --- a/APPL/FAC/fac_locale_data.asp +++ b/APPL/FAC/fac_locale_data.asp @@ -124,7 +124,7 @@ var maxlen = oRs(0).Value; <% - BLOCK_START("mldReject", lbl); + BLOCK_START("mldReject", safe.html(lbl)); //kolomkeydata var talen_arr = []; diff --git a/APPL/FAC/fac_locale_dialect.asp b/APPL/FAC/fac_locale_dialect.asp index f84dac21fa..f3a1c3b067 100644 --- a/APPL/FAC/fac_locale_dialect.asp +++ b/APPL/FAC/fac_locale_dialect.asp @@ -24,7 +24,7 @@ var autfunction = "WEB_PRSSYS"; var authparams = user.checkAutorisation(autfunction); var submitting = getQParamInt("submit", 0) == 1; -var lang = getQParam("lang", "NL"); // TODO: popup als niet meegegeven +var lang = getQParamSafe("lang", "NL"); // TODO: popup als niet meegegeven var dialect_key = getQParamInt("dialect_key"); var dialect_id = getQParam("dialect_id"); diff --git a/APPL/FAC/fac_user_info.asp b/APPL/FAC/fac_user_info.asp index 0b3b8cae3d..579270394d 100644 --- a/APPL/FAC/fac_user_info.asp +++ b/APPL/FAC/fac_user_info.asp @@ -177,13 +177,13 @@ oRs.Close(); $(document).ready(function () { FcltMgr.setTitle("<%=itsme ? L("lcl_prs_person_mijndata") : safe.jsstring(thisUser.naam())%>"); }); - + function edit_photo(img) { var url = "<%=protectQS.create("../../appl/shared/BijlagenForm.asp?module=SML&key="+prs_key)%>"; FcltMgr.openModalDetail(url, L("lcl_prs_upload_foto"), { callback: FcltMgr.reload } ); - } + }
<% if (prs_deleted == 1) @@ -330,7 +330,7 @@ oRs.Close(); var oRs = Oracle.Execute (sql); while (!oRs.eof) { - BLOCK_START("prsSubst", L("lcl_prs_substitutesblock") + ": " + oRs("fac_groep_omschrijving").Value); + BLOCK_START("prsSubst", L("lcl_prs_substitutesblock") + ": " + safe.html(oRs("fac_groep_omschrijving").Value)); var sql = "SELECT p.prs_perslid_key" + ", " + S("prs_pers_string") + " prs_perslid_naam" + " FROM fac_gebruikersgroep fgg" diff --git a/APPL/INS/ins_deelkoppeling.asp b/APPL/INS/ins_deelkoppeling.asp index e53fd32401..a9db707f35 100644 --- a/APPL/INS/ins_deelkoppeling.asp +++ b/APPL/INS/ins_deelkoppeling.asp @@ -130,7 +130,7 @@ else <% if (ins_van_key_arr.length == 1) - BLOCK_START("ins_ruimteafdeling", safe.htmlattr(ins_srtname + " " + ins_name)); + BLOCK_START("ins_ruimteafdeling", safe.html(ins_srtname + " " + ins_name)); else BLOCK_START("ins_ruimteafdeling", L("lcl_alg_geselecteerde_ruimten") + ": " + ins_van_key_arr.length); diff --git a/APPL/MLD/mld_show_melding.asp b/APPL/MLD/mld_show_melding.asp index 2ead5c1157..d396e2b59b 100644 --- a/APPL/MLD/mld_show_melding.asp +++ b/APPL/MLD/mld_show_melding.asp @@ -388,7 +388,7 @@ function parentButton() %>
<% // div.leftcontainer, de rest staat rechts - BLOCK_START("mldInfo", L("lcl_complain") + " "+ (mld_melding.prefix != null? mld_melding.prefix : "") + mld_key + (mld_melding.mld_onderwerp ? ": " + mld_melding.mld_onderwerp + "" : "")); + BLOCK_START("mldInfo", L("lcl_complain") + " "+ (mld_melding.prefix != null? mld_melding.prefix : "") + mld_key + (mld_melding.mld_onderwerp ? ": " + safe.html(mld_melding.mld_onderwerp) + "" : "")); if (mld_melding.behandel_key) { FCLTpersoonselector("sBehandel", "sgBehandelaar", diff --git a/APPL/PDA/order.asp b/APPL/PDA/order.asp index 0f35868087..3c543cb600 100644 --- a/APPL/PDA/order.asp +++ b/APPL/PDA/order.asp @@ -284,7 +284,7 @@ else <% - BLOCK_START({collapsed: true, title: mld_opdr.opdr_type_omschr}); + BLOCK_START({collapsed: true, title: safe.html(mld_opdr.opdr_type_omschr)}); FCLTuitvoerendeselector("uitvoerende", "sgUitv", { uitvoerendekey: mld_opdr.uitvoerende_key, diff --git a/APPL/PDA/reservering.asp b/APPL/PDA/reservering.asp index 356a8518c9..6cca358eee 100644 --- a/APPL/PDA/reservering.asp +++ b/APPL/PDA/reservering.asp @@ -411,7 +411,7 @@ else if (rsv_ruimte_key == -1) { // Nieuw. Datum en tijd heb je al in vorige schermen gekozen - BLOCK_START({collapsed: true, title: rsv.activity}); + BLOCK_START({collapsed: true, title: safe.html(rsv.activity) }); ROFIELD("fld", L("lcl_place") , rsv.ruimtenr.replace(/\n/,"
")); ROFIELD("fld", L("lcl_date"), toDateTimeString(rsv.ruimte_van) + "-" + toTimeString(rsv.ruimte_tot)); %>