FSN#29124 Security scan: voorkom meer ORA-errors

svn path=/Website/branches/v5.4.1/; revision=21062

APPL/CAD/rap_insXY.asp

@@ -16,7 +16,7 @@
 <%
 var discs = getQParamIntArray("discs", []);
 var highlight_arr  = getQParamIntArray("highlight", []); // Comma-separated room_key_list (terrains). Optional
-var floorKey = getQParamInt("vKey", "");
+var floorKey = getQParamInt("vKey", -1);
 
 var outputmode = getQParamInt("outputmode", 0);
 var showall = getQParamInt("showall", 0) == 1;
@@ -30,7 +30,7 @@ if (dwfPath)
 // ==========================
 //
 // ==========================
-if (floorKey !="" && discs != "")
+if (floorKey > 0 && discs.length)
 {
   var sql = "SELECT ins_deel_key, ins_deel_omschrijving, ins_deel_dwgX, ins_deel_dwgY, "
           + "  alg_ruimte_nr, cadlabel, " + lcl.xsqla('isd.ins_srtdeel_omschrijving', 'isd.ins_srtdeel_key')

APPL/FAC/fac_locale_list.asp

@@ -23,7 +23,7 @@ FCLTHeader.Requires({js: []});
 var autfunction = "WEB_PRSSYS";
 var authparams = user.checkAutorisation(autfunction);
 
-var vDialect = getQParam("sDialect", "");
+var vDialect_key = getQParamInt("sDialect", -1);
 var vTaal = getQParam("sTaal", "");
 var vSearchString = getQParam("sString", "");
 var vSearchGroep = getQParam("sGroep", "");
@@ -40,7 +40,7 @@ if (vSearchGroep == "lang")
 {
   rst_keyColumn = "fac_locale_default";
   rst_nameColumn = L("lcl_lcl_default");
-  if (vTaal != "-1")
+  if (vTaal)
   {
     vWhere = " WHERE fac_locale_lang = " + safe.quoted_sql_upper(vTaal);
   }
@@ -87,9 +87,9 @@ else
 {
   rst_keyColumn = "fac_localeitems_dialect_id";
   rst_nameColumn = L("lcl_lcl_naam");
-  if (vDialect != "-1")
+  if (vDialect_key > 0)
   {
-    vWhere = " AND l.fac_locale_dialect_key = " + vDialect;
+    vWhere = " AND l.fac_locale_dialect_key = " + vDialect_key;
   }
   sqlo = "SELECT distinct l.fac_locale_dialect_key"
        + "     , "+ lcl.xsql('d.ins_srtdiscipline_omschrijving','d.ins_srtdiscipline_key') +" fac_label"
@@ -188,7 +188,7 @@ else
       else
       {
         var dialect_id   = oRs("fac_localeitems_dialect_id").value;
-        var dialect_key  = vDialect; // de parameter
+        var dialect_key  = vDialect_key; // de parameter
         var dialect_lang = oRs("fac_locale_lang").value;
 
         if (dialect_id   == null) dialect_id   = -1;

APPL/FIN/fin_flexkenmerk.inc

@@ -90,7 +90,7 @@ function generateFlexKenmerkCode(params)
           + " k.fin_kenmerk_regexp                  kenmerk_regexp"
           + " FROM fin_kenmerk k"
           + " WHERE k.fin_kenmerk_verwijder IS NULL"
-          + "   AND k.fin_kenmerk_type LIKE '" + kenmerk_niveau + "'"
+          + "   AND k.fin_kenmerk_type = " + safe.quoted_sql(kenmerk_niveau)
           + (kenmerk_niveau == "R"
             ? " AND k.fin_kenmerk_kenmerktype NOT IN ('F', 'M', 'E')"
             : "")

APPL/Shared/Shared.inc

@@ -169,7 +169,7 @@ function hasFParam(pName)
 function _get_Param(pColl, pName, defVal)
 {
     var rq = pColl(pName);
-    if (rq.count > 0)
+    if (rq.count > 0 && rq(1) !== "")
         return rq(1);
     else
     {

APPL/Shared/Suggest/SuggestReferentie.asp

@@ -287,9 +287,11 @@ if (ikBenVerantwoordelijke || mld_write)
          + "    AND TRUNC(f.fin_factuur_datum, 'DD') > SYSDATE - " + S("mld_reference_days");
   }
 
-  sql += " ORDER BY datum DESC, refname";
+  if (sql)
+    sql += " ORDER BY datum DESC, refname";
 }
-else
+
+if (!sql)
   sql = "SELECT 'x' FROM DUAL WHERE 1 = 2";
 
 WriteResult2(sql,

APPL/Shared/load_lcl.asp

@@ -37,6 +37,10 @@ LCL_Disable = 1; // wij zijn veel slimmer
         __DoLog("Menuoptie naar {0} hoort niet met een slash te beginnen".format(pad), "#0ff");
         pad = pad.substring(1); // die er af
     }
+    if (!pad || pad.match(/[^a-z0-9\.\_\/]/)) // paranoia
+    {
+        INTERNAL_ERROR_BAD_PAD;
+    }
 
     var sql = "SELECT fac_locale_xsl_key,"
             + "       COALESCE(fac_locale_xsl_cust, fac_locale_xsl_tekst) fac_locale_xsl_tekst"