admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FSN#22720 FOX#24 Cross Site Request Forgery voorkomen

Browse Source 
svn path=/Website/trunk/; revision=17122
This commit is contained in:
Erik Groener
2013-03-11 12:05:08 +00:00
parent 758d8a0bb1
commit a65b40708e
19 changed files with 211 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
APPL/ALG/alg_delete.asp
View File

@@ -18,6 +18,7 @@ DOCTYPE_Disable = 1;
<!--#include file="../Shared/common.inc"-->
<!--#include file="../Shared/json2.js" -->
<%
protectRequest.validateToken();
var level = getFParam("level");
var dis_key_arr = getFParamIntArray("key");

18
APPL/ALG/alg_district_list.inc
View File

@@ -57,11 +57,19 @@ function fnrowData(oRs)
{
var disKeyString = getKeyString(rowArray);
if (isMulti || confirm(L("lcl_alg_del_txt_district")))
$.post("alg_delete.asp",
{ key: disKeyString,
level: "D" },
FcltCallbackRefresh,
"json");
{
var data = { key: disKeyString,
level: "D"
};
<% protectRequest.dataToken("data"); %>
$.ajax({ type: 'POST',
url: "../ALG/alg_delete.asp",
data: data,
success: FcltCallbackRefresh,
dataType: "json",
async: false
});
}
}
</script>
<%

18
APPL/ALG/alg_gebouw_list.inc
View File

@@ -57,11 +57,19 @@ function doDelete(rowArray, isMulti)
{
var bldKeyString = getKeyString(rowArray);
if (isMulti || confirm(L("lcl_alg_del_txt_gebouw")))
$.post("alg_delete.asp",
{ key: bldKeyString,
level: "G" },
FcltCallbackRefresh,
"json");
{
var data = { key: bldKeyString,
level: "G"
};
<% protectRequest.dataToken("data"); %>
$.ajax({ type: 'POST',
url: "../ALG/alg_delete.asp",
data: data,
success: FcltCallbackRefresh,
dataType: "json",
async: false
});
}
}
</script>
<%

18
APPL/ALG/alg_locatie_list.inc
View File

@@ -64,11 +64,19 @@ function fnrowData(oRs)
{
var locKeyString = getKeyString(rowArray);
if (isMulti || confirm(L("lcl_alg_del_txt_locatie")))
$.post("alg_delete.asp",
{ key: locKeyString,
level: "L" },
FcltCallbackRefresh,
"json");
{
var data = { key: locKeyString,
level: "L"
};
<% protectRequest.dataToken("data"); %>
$.ajax({ type: 'POST',
url: "../ALG/alg_delete.asp",
data: data,
success: FcltCallbackRefresh,
dataType: "json",
async: false
});
}
}
</script>
<%

18
APPL/ALG/alg_regio_list.inc
View File

@@ -52,11 +52,19 @@ function fnrowData(oRs)
{
var regKeyString = getKeyString(rowArray);
if (isMulti || confirm(L("lcl_alg_del_txt_regio")))
$.post("alg_delete.asp",
{ key: regKeyString,
level: "RE" },
FcltCallbackRefresh,
"json");
{
var data = { key: regKeyString,
level: "RE"
};
<% protectRequest.dataToken("data"); %>
$.ajax({ type: 'POST',
url: "../ALG/alg_delete.asp",
data: data,
success: FcltCallbackRefresh,
dataType: "json",
async: false
});
}
}
</script>
<%

18
APPL/ALG/alg_ruimte_list.inc
View File

@@ -80,11 +80,19 @@ function ruimte_list(pautfunction, params)
$(row).addClass('dirty');
var room_key = row.getAttribute("ROWKEY");
if (isMulti || confirm(L("lcl_alg_del_txt_ruimte")))
$.post("alg_delete.asp",
{ key: room_key,
level: "R" },
FcltCallbackRefresh,
"json");
{
var data = { key: room_key,
level: "R"
};
<% protectRequest.dataToken("data"); %>
$.ajax({ type: 'POST',
url: "../ALG/alg_delete.asp",
data: data,
success: FcltCallbackRefresh,
dataType: "json",
async: false
});
}
}
</script>
</head>

3
APPL/ALG/alg_ruimtefunctie_delete.asp
View File

@@ -6,7 +6,7 @@
File: alg_ruimtefunctie_delete.asp
Description: Verwijderen ruimtefunctie locatie/gebouw relatie
Parameters:
Parameters:
key Strin van ruimtefunctie locatie/gebouw keys (required)
Context: Vanuit show-schermen en of vanuit overzichten
Result: JSON object
@@ -18,6 +18,7 @@ DOCTYPE_Disable = 1;
<!--#include file="../Shared/common.inc"-->
<!--#include file="../Shared/json2.js" -->
<%
protectRequest.validateToken();
var autfunction = "WEB_ALGMAN";

16
APPL/ALG/alg_ruimtefunctie_list.inc
View File

@@ -56,10 +56,18 @@ function ruimtefunctie_list(pautfunction, params)
$(row).addClass('dirty');
var srtruimte_lg_key = row.getAttribute("ROWKEY");
if (isMulti || confirm(L("lcl_alg_del_txt_ruimtefunctie")))
$.post("alg_ruimtefunctie_delete.asp",
{ key: srtruimte_lg_key },
FcltCallbackRefresh,
"json");
{
var data = { key: srtruimte_lg_key
};
<% protectRequest.dataToken("data"); %>
$.ajax({ type: 'POST',
url: "../ALG/alg_ruimtefunctie_delete.asp",
data: data,
success: FcltCallbackRefresh,
dataType: "json",
async: false
});
}
}
</script>
</head>

18
APPL/ALG/alg_show_district.asp
View File

@@ -48,11 +48,19 @@ oRs.Close();
function dis_delete()
{
if (confirm(L("lcl_alg_del_txt_district")))
$.post("alg_delete.asp",
{ key: <%=dis_key%>,
level: "D" },
FcltCallbackClose,
"json");
{
var data = { key: <%=dis_key%>,
level: "D"
};
<% protectRequest.dataToken("data"); %>
$.ajax({ type: 'POST',
url: "../ALG/alg_delete.asp",
data: data,
success: FcltCallbackClose,
dataType: "json",
async: false
});
}
}
</script>
</head>

16
APPL/ALG/alg_show_gebouw.asp
View File

@@ -71,11 +71,17 @@ oRs.Close();
{
if (confirm(L("lcl_alg_del_txt_gebouw")))
{
$.post("alg_delete.asp",
{ key: <%=bld_key%>,
level: "G" },
FcltCallbackClose,
"json");
var data = { key: <%=bld_key%>,
level: "G"
};
<% protectRequest.dataToken("data"); %>
$.ajax({ type: 'POST',
url: "../ALG/alg_delete.asp",
data: data,
success: FcltCallbackClose,
dataType: "json",
async: false
});
}
}
</script>

16
APPL/ALG/alg_show_locatie.asp
View File

@@ -73,11 +73,17 @@ oRs.Close();
{
if (confirm(L("lcl_alg_del_txt_locatie")))
{
$.post("alg_delete.asp",
{ key: <%=loc_key%>,
level: "L" },
FcltCallbackClose,
"json");
var data = { key: <%=loc_key%>,
level: "L"
};
<% protectRequest.dataToken("data"); %>
$.ajax({ type: 'POST',
url: "../ALG/alg_delete.asp",
data: data,
success: FcltCallbackClose,
dataType: "json",
async: false
});
}
}
</script>

16
APPL/ALG/alg_show_regio.asp
View File

@@ -50,11 +50,17 @@ oRs.Close();
{
if (confirm(L("lcl_alg_del_txt_regio")))
{
$.post("alg_delete.asp",
{ key: <%=regio_key%>,
level: "RE" },
FcltCallbackClose,
"json");
var data = { key: <%=regio_key%>,
level: "RE"
};
<% protectRequest.dataToken("data"); %>
$.ajax({ type: 'POST',
url: "../ALG/alg_delete.asp",
data: data,
success: FcltCallbackClose,
dataType: "json",
async: false
});
}
}
</script>

16
APPL/ALG/alg_show_ruimte.asp
View File

@@ -90,11 +90,17 @@ oRs.Close();
{
if (confirm(L("lcl_alg_del_txt_ruimte")))
{
$.post("alg_delete.asp",
{ key: <%=room_key%>,
level: "R" },
FcltCallbackClose,
"json");
var data = { key: <%=room_key%>,
level: "R"
};
<% protectRequest.dataToken("data"); %>
$.ajax({ type: 'POST',
url: "../ALG/alg_delete.asp",
data: data,
success: FcltCallbackClose,
dataType: "json",
async: false
});
}
}
function openFG()

17
APPL/ALG/alg_show_terreinsector.asp
View File

@@ -89,12 +89,17 @@ oRs.Close();
{
if (confirm(L("lcl_alg_del_txt_terreinsector")))
{
var ter_key = <%=ter_key%>
$.post("alg_delete.asp",
{ key: <%=ter_key%>,
level: "T" },
FcltCallbackClose,
"json");
var data = { key: <%=ter_key%>,
level: "T"
};
<% protectRequest.dataToken("data"); %>
$.ajax({ type: 'POST',
url: "../ALG/alg_delete.asp",
data: data,
success: FcltCallbackClose,
dataType: "json",
async: false
});
}
}
</script>

16
APPL/ALG/alg_show_verdieping.asp
View File

@@ -54,11 +54,17 @@ oRs.Close();
{
if (confirm(L("lcl_alg_del_txt_verdieping")))
{
$.post("alg_delete.asp",
{ key: <%=flr_key%>,
level: "V" },
FcltCallbackClose,
"json");
var data = { key: <%=flr_key%>,
level: "V"
};
<% protectRequest.dataToken("data"); %>
$.ajax({ type: 'POST',
url: "../ALG/alg_delete.asp",
data: data,
success: FcltCallbackClose,
dataType: "json",
async: false
});
}
}
</script>

18
APPL/ALG/alg_show_wp.asp
View File

@@ -60,11 +60,19 @@ var wp_typ_str = (wp_type == 1 ? L("lcl_wptype_1") : L("lcl_wptype_0"));
{
var wp_key = <%=wp_key%>;
if (confirm(L("lcl_alg_del_txt_werkplek")))
$.post("alg_delete.asp",
{ key: <%=wp_key%>,
level: "W" },
FcltCallbackClose,
"json");
{
var data = { key: <%=wp_key%>,
level: "W"
};
<% protectRequest.dataToken("data"); %>
$.ajax({ type: 'POST',
url: "../ALG/alg_delete.asp",
data: data,
success: FcltCallbackClose,
dataType: "json",
async: false
});
}
}
</script>
</head>

18
APPL/ALG/alg_terreinsector_list.inc
View File

@@ -51,11 +51,19 @@ function fnrowData(oRs)
{
var terKeyString = getKeyString(rowArray);
if (isMulti || confirm(L("lcl_alg_del_txt_terreinsector")))
$.post("alg_delete.asp",
{ key: terKeyString,
level: "T" },
FcltCallbackRefresh,
"json");
{
var data = { key: terKeyString,
level: "T"
};
<% protectRequest.dataToken("data"); %>
$.ajax({ type: 'POST',
url: "../ALG/alg_delete.asp",
data: data,
success: FcltCallbackRefresh,
dataType: "json",
async: false
});
}
}
</script>
<%

18
APPL/ALG/alg_verdieping_list.inc
View File

@@ -57,11 +57,19 @@ function fnrowData(oRs)
{
var flrKeyString = getKeyString(rowArray);
if (isMulti || confirm(L("lcl_alg_del_txt_verdieping")))
$.post("alg_delete.asp",
{ key: flrKeyString,
level: "V" },
FcltCallbackRefresh,
"json");
{
var data = { key: flrKeyString,
level: "V"
};
<% protectRequest.dataToken("data"); %>
$.ajax({ type: 'POST',
url: "../ALG/alg_delete.asp",
data: data,
success: FcltCallbackRefresh,
dataType: "json",
async: false
});
}
}
</script>

18
APPL/ALG/alg_werkplek_list.inc
View File

@@ -56,11 +56,19 @@ FCLTHeader.Requires({ plugins:["jQuery"],
{
var wpKeyString = getKeyString(rowArray);
if (isMulti || confirm(L("lcl_alg_del_txt_werkplek")))
$.post("alg_delete.asp",
{ key: wpKeyString,
level: "W" },
FcltCallbackRefresh,
"json");
{
var data = { key: wpKeyString,
level: "W"
};
<% protectRequest.dataToken("data"); %>
$.ajax({ type: 'POST',
url: "../ALG/alg_delete.asp",
data: data,
success: FcltCallbackRefresh,
dataType: "json",
async: false
});
}
}
function doAddWP(room_key) // als impliciet==0