admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FSN#26297 XSS voorkomen

Browse Source 
Ook (CAD) nog enkele SQL Injections

svn path=/Website/trunk/; revision=17627
This commit is contained in:
Jos Groot Lipman
2013-04-16 07:24:20 +00:00
parent 0089db238b
commit a0af97b862
8 changed files with 23 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
APPL/CAD/rap_alg2.asp
View File

@@ -82,8 +82,6 @@ else
</head>
<body class="tabpage">
<form name='u2' target='print_preview_composer' method=post
action='<%=Request.ServerVariables("SCRIPT_NAME")%>?<%=Request.ServerVariables("QUERY_STRING")%>&print'>
<%
var rst = new ResultsetTable({ keyColumn: "alg_terreinsector_key",
sql: sql,
@@ -101,7 +99,6 @@ else
var cnt = rst.processResultset();
%>
</form>
</body>
</html>

4
APPL/CAD/rap_ins.asp
View File

@@ -18,7 +18,7 @@
var floorKey = getQParam("vKey", -1);
var highlight_arr = getQParamIntArray("highlight", []); // Comma-separated room_key_list (terrains). Optional
var discs = getQParam("discs", "-1");
var discs = getQParamIntArray("discs", []);
var obj = getQParam("obj", null); // Aangewezen object
var outputmode = getQParam("outputmode", 0);
@@ -30,7 +30,7 @@ if (floorKey != -1)
{ urole: "bo",
embedded: 1,
fgraph: 1,
disc_key: discs,
disc_key: discs.length?discs.join(","):null,
ins_key_arr: obj?[obj]:null,
flr_key: floorKey,
room_key_arr: highlight_arr.length > 0 && highlight_arr.join(",").indexOf("-1") == -1? highlight_arr : null,

4
APPL/CAD/rap_ins2.asp
View File

@@ -18,7 +18,7 @@
var locKey = getQParam("vKey", "");
var highlight_arr = getQParamIntArray("highlight", []); // Comma-separated room_key_list (terrains). Optional
var discs = getQParam("discs", "-1");
var discs = getQParamIntArray("discs", []);
var outputmode = getQParam("outputmode", 0);
var showall = getQParam("showall", 0) == 1;
@@ -29,7 +29,7 @@ if (locKey != -1)
{ urole: "bo",
embedded: 1,
fgraph: 1,
disc_key: discs,
disc_key: discs.length?discs.join(","):null,
loc_key: locKey,
room_key_arr: highlight_arr.length > 0 && highlight_arr.join(",").indexOf("-1") == -1? highlight_arr : null,
// TODO nagaan of we dit nu wel of niet wensen: disc_key: discs,

5
APPL/CAD/rap_insXY.asp
View File

@@ -14,7 +14,7 @@
<!-- #include file="../SlnkDWF/DWFProperties.inc" -->
<!-- #include file="FGII.inc" -->
<%
var discs = getQParam("discs", "-1");
var discs = getQParamIntArray("discs", []);
var highlight_arr = getQParamIntArray("highlight", []); // Comma-separated room_key_list (terrains). Optional
var floorKey = getQParam("vKey", "");
@@ -58,8 +58,6 @@ else
</head>
<body class="tabpage">
<form name='u2' target='print_preview_composer' method=post
action='<%=Request.ServerVariables("SCRIPT_NAME")%>?<%=Request.ServerVariables("QUERY_STRING")%>&print'>
<%
function foundRuimte(oRs)
@@ -92,6 +90,5 @@ else
var cnt = rst.processResultset();
%>
</form>
</body>
</html>

4
APPL/FAC/fac_usrrap_list.asp
View File

@@ -103,11 +103,11 @@ if (!standAlone) {
<script type="text/javascript">
function rap_print()
{
window.open("fac_usrrap_list.asp?outputmode=1&<%=(Request.QueryString().Count>0? Request.ServerVariables("QUERY_STRING"):"")%>");
window.open("fac_usrrap_list.asp?outputmode=1<%=safe.jsstring(transitQS())%>");
}
function rap_excel()
{
window.open("fac_usrrap_list.asp?outputmode=2&<%=(Request.ServerVariables("QUERY_STRING").Count>0? Request.ServerVariables("QUERY_STRING"):"")%>");
window.open("fac_usrrap_list.asp?outputmode=2<%=safe.jsstring(transitQS())%>");
}
</script>
<% } %>

2
APPL/FAC/facilitor.inc
View File

@@ -91,7 +91,7 @@ if (device.test(device.isDesktop)) { // normale desktop interface
<noscript><h1>JavaScript moet ingeschakeld zijn. Facilitor zal niet werken.</h1></noscript>
</head>
<frameset frameborder="no" border="0">
<frame name="fclttop" id="fclttop" src="appl/fac/Facilitor.asp?<%=Request.ServerVariables("QUERY_STRING")%>" frameborder="0" marginwidth="0" noresize>
<frame name="fclttop" id="fclttop" src="appl/fac/Facilitor.asp?x=1<%=transitQS()%>" frameborder="0" marginwidth="0" noresize>
</frameset>
</html>
<%

9
APPL/Shared/Shared.inc
View File

@@ -462,6 +462,15 @@ function buildTransitParam(lijst, params)
return result;
}
// Op een XSS veilige manier de complete QueryString door kunnen geven
function transitQS()
{
var lijst = [];
for (var i = 1; i <= Request.QueryString.count; i++)
lijst.push(Request.QueryString.key(i))
return buildTransitParam(lijst);
}
function padout(number) { return (number < 10) ? "0" + number : number; }
// This function should only be used to format display,

12
APPL/Shared/resultset_table_v2.inc
View File

@@ -534,7 +534,7 @@ function __rsProcessResultset()
// var bmadvanced = $("#bmadvanced")[0].checked;
$("#showbookmark").hide();
var data = { path: "<%=safe.jsstring(String(Request.ServerVariables("SCRIPT_NAME")))%>",
query: "outputmode=" + (<%=this.advancedprint?3:outputmode%>) + "&<%=safe.jsstring(String(Request.ServerVariables("QUERY_STRING")))%>",
query: "outputmode=" + (<%=this.advancedprint?3:outputmode%>) + "<%=safe.jsstring(transitQS())%>",
naam: bmtitel
};
<% protectRequest.dataToken("data"); %>
@@ -577,7 +577,7 @@ function __rsProcessResultset()
<% }
else
{ %>
window.open("<%=Request.ServerVariables("SCRIPT_NAME")%>?outputmode=" + poutputmode + "&<%=safe.jsstring(String(Request.ServerVariables("QUERY_STRING")))%>");
window.open("<%=Request.ServerVariables("SCRIPT_NAME")%>?outputmode=" + poutputmode + "<%=safe.jsstring(transitQS())%>");
<% } %>
}
</script>
@@ -831,9 +831,9 @@ function __rsProcessResultset()
a_element = "<a href='"
+ (inline // Voor inline details moet niet gehele window vervangen worden omdat je dan ook de hoofd regels kwijt bent (dan alleen de <td> cell vervangen)
? "javascript:loadInlineDetails(\""
+ safe.jsstring(Request.ServerVariables("SCRIPT_NAME") + "?showall=1&" + Request.ServerVariables("QUERY_STRING"))
+ safe.jsstring(Request.ServerVariables("SCRIPT_NAME") + "?showall=1" + transitQS())
+ "\");"
: safe.jsstring(Request.ServerVariables("SCRIPT_NAME") + "?showall=1&" + Request.ServerVariables("QUERY_STRING")) + "' target='_self")
: safe.jsstring(Request.ServerVariables("SCRIPT_NAME") + "?showall=1&" + transitQS()) + "' target='_self")
+ "'>";
}
a_element += L("lcl_qp_maxrows1") + S("qp_maxrows") + L("lcl_qp_maxrows2")+"</a>";
@@ -898,9 +898,9 @@ function __rsProcessResultset()
a_element = "<a href='"
+ (inline // Voor inline details moet niet gehele window vervangen worden omdat je dan ook de hoofd regels kwijt bent (dan alleen de <td> cell vervangen)
? "javascript:loadInlineDetails(\""
+ safe.jsstring(Request.ServerVariables("SCRIPT_NAME") + "?showall=1&" + Request.ServerVariables("QUERY_STRING"))
+ safe.jsstring(Request.ServerVariables("SCRIPT_NAME") + "?showall=1&" + transitQS())
+ "\");"
: safe.jsstring(Request.ServerVariables("SCRIPT_NAME") + "?showall=1&" + Request.ServerVariables("QUERY_STRING")) + "' target='_self")
: safe.jsstring(Request.ServerVariables("SCRIPT_NAME") + "?showall=1&" + transitQS()) + "' target='_self")
+ "'>";
}
a_element += L("lcl_qp_maxrows1") + S("qp_maxrows") + L("lcl_qp_maxrows2")+"</a>";