AAFM#34758 queuemail XSS opgelost en grootte vermelden bij bijlagen
svn path=/Website/trunk/; revision=28555
This commit is contained in:
Jos Groot Lipman
@@ -32,13 +32,12 @@ var defaultemail = getQParam("defemail","");
|
||||
var defemail_type = getQParam("defemail_type", "P");
|
||||
var defemail_key = getQParamInt("defemail_key", -1);
|
||||
|
||||
var pcode = getQParam("pcode", "");
|
||||
var pmodule = getQParam("pmodule", "");
|
||||
var pniveau = getQParam("pniveau", "");
|
||||
var pcode = getQParamSafe("pcode", "");
|
||||
var pmodule = getQParamSafe("pmodule", "");
|
||||
var pniveau = getQParamSafe("pniveau", "");
|
||||
var pkey = getQParamInt("key", -1);
|
||||
var subject = getQParam("subject", "");
|
||||
var mailfrom = getQParamInt("mailfrom", 0) == 1;
|
||||
var emails = getQParam("emails", "");
|
||||
var xkey = getQParamInt("xkey", -1);
|
||||
var pshowcompany = getQParamInt("pshowcompany", 0) == 1;
|
||||
|
||||
@@ -55,7 +54,7 @@ switch (pmodule)
|
||||
}
|
||||
|
||||
function bestandenlijst(pmodule, pniveau, pkey)
|
||||
{
|
||||
{ // flexfiles.inc/flexProps() niet bruikbaar omdat die niet over kenmerken heen kan zoeken
|
||||
var bestandlijst = [];
|
||||
if (pmodule && pniveau)
|
||||
{
|
||||
@@ -67,15 +66,16 @@ function bestandenlijst(pmodule, pniveau, pkey)
|
||||
{
|
||||
var f1 = fso.GetFolder(vAttachPath);
|
||||
var vmap = new Enumerator(f1.subFolders);
|
||||
for (; !vmap.atEnd(); vmap.moveNext())
|
||||
for (; !vmap.atEnd(); vmap.moveNext()) // Doorloop alle kenmerken
|
||||
{
|
||||
var f2 = fso.GetFolder(vAttachPath + "/" + vmap.item().Name);
|
||||
var vfile = new Enumerator(f2.files);
|
||||
for (; !vfile.atEnd(); vfile.moveNext())
|
||||
for (; !vfile.atEnd(); vfile.moveNext()) // Doorloop alle bestanden per kenmerk
|
||||
{
|
||||
bestandlijst.push( { folder: vSubfolder,
|
||||
file: { kenmerkkey: vmap.item().Name,
|
||||
bestandnaam: vfile.item().Name
|
||||
bestandnaam: vfile.item().Name,
|
||||
size: vfile.item().Size
|
||||
}
|
||||
}
|
||||
);
|
||||
@@ -206,13 +206,6 @@ function bestandenlijstALL(pmodule, pniveau, pkey)
|
||||
if (pcode == "ORDMAI")
|
||||
var save_note_url = "../mld/opdr_edit_note_save.asp?opdr_key=" + pkey;
|
||||
%>
|
||||
if ($("#notes").length)
|
||||
{
|
||||
var vnotes = $("#notes").val();
|
||||
if (vnotes.length > 4000)
|
||||
$("#notes").val(vnotes.substring(0,4000));
|
||||
}
|
||||
|
||||
var data = { note: $("#notes").val() };
|
||||
<% protectRequest.dataToken("data"); %>
|
||||
$.post("<%=save_note_url%>",
|
||||
@@ -369,12 +362,13 @@ function bestandenlijstALL(pmodule, pniveau, pkey)
|
||||
var label = (i==0 ? "<label>" + L("lcl_appendixes") + ":</label>" : " ");
|
||||
var fid = "kmnr"+i;
|
||||
var fnaam = checklist[i].file.bestandnaam;
|
||||
var sz = (Math.ceil(checklist[i].file.size / 1024));
|
||||
%>
|
||||
<tr>
|
||||
<td><%=label%></td>
|
||||
<td>
|
||||
<% CHECKBOX("fldafr", fid, false) %>
|
||||
<label for="<%=fid%>"><%=safe.html(fnaam)%></label>
|
||||
<label for="<%=fid%>"><%="{0} ({1} kB)".format(safe.html(fnaam), sz)%></label>
|
||||
</td>
|
||||
</tr>
|
||||
<%
|
||||
|
||||
Reference in New Issue
Block a user