FSN#22720 FOX#24 Cross Site Request Forgery voorkomen

svn path=/Website/trunk/; revision=17138
2013-03-12 07:52:17 +00:00
parent 0555b81e96
commit cb16adba2f
2 changed files with 9 additions and 3 deletions
--- a/APPL/BEZ/bez_delete.asp
+++ b/APPL/BEZ/bez_delete.asp
@@ -20,6 +20,7 @@ DOCTYPE_Disable = 1;
 <!-- #include file="../Shared/json2.js" -->

 <%
+protectRequest.validateToken();
 var level = getFParam('level');
 var message = "";
 if (level == "B")
--- a/APPL/BEZ/bez_show_afspraak.asp
+++ b/APPL/BEZ/bez_show_afspraak.asp
@@ -104,12 +104,17 @@ var urlMail = "../shared/queuemail.asp?pcode=BEZMAI&defemail_key="+oRs("bez_afsp
        function bez_delete()
        {
          if (confirm(L("lcl_bez_confirm_delete_afspraak")))
+          {
+           var data = { level: "A",
+                        afspr_key: <%=afspr_key%>,
+                        urole: "<%=urole%>"
+                      };
+           <% protectRequest.dataToken("data"); %>
            $.post("bez_delete.asp",
-                    { level: "A",
-                      afspr_key: <%=afspr_key%>,
-                      urole: "<%=urole%>" },
+                    data,
                    FcltCallbackClose,
                    "json");
+          }
        }
        function bez_mail()
        {