From b693dcc9dca5e2ee3f54dab42be3caef177f657c Mon Sep 17 00:00:00 2001
From: Erik Groener <erik.groener@aareon.nl>
Date: Tue, 23 Aug 2016 13:07:23 +0000
Subject: [PATCH] FSN#37514 PENTEST PINE: 4.2.6 fac_usr_graph.asp toont SQL
 statement

svn path=/Website/trunk/; revision=30388
---
 APPL/FAC/fac_usrgraph.inc | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/APPL/FAC/fac_usrgraph.inc b/APPL/FAC/fac_usrgraph.inc
index fad1bc07a2..0907522137 100644
--- a/APPL/FAC/fac_usrgraph.inc
+++ b/APPL/FAC/fac_usrgraph.inc
@@ -99,7 +99,7 @@ function getGraphInit(usrgraph_key, fclt_key, params)
                         , limiet      : limiet_arr
                         , fac_options : fac_option
                         , sql_orderby : oRs("fac_usrgraph_orderby").Value || ""
-                        , sql : sql_select
+                        , sql         : sql_select
                         };
     oRs.Close();
     return userGraphInit;
@@ -272,6 +272,10 @@ function fac_graph_generate (usrgraph_key, fclt_key, params)
     if (fac_graph_type(usrgraph_key) == 1 || fac_graph_type(usrgraph_key) == 3 || fac_graph_type(usrgraph_key) == 4)
        var graphColors = getGraphColors(graphInit);
 
+    // De sql-componenten moeten er nu uit: anders zijn ze zichtbaar in de grafiek html/js.
+    delete graphInit.sql_orderby;
+    delete graphInit.sql;
+
     if (graphData.teller > 0)
     {
 %>