From 1cd5a87a5cc7af4be335e0b8fa44fc8d14ddbf53 Mon Sep 17 00:00:00 2001 From: ja Date: Wed, 22 Sep 2021 11:22:06 +0200 Subject: [PATCH] Weitere Absicherung gegen ScriptExploits --- Customers/CustomsAviso.aspx | 4 ++-- Customers/CustomsAviso.aspx.vb | 24 ++++++++++++------------ 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/Customers/CustomsAviso.aspx b/Customers/CustomsAviso.aspx index 9911d5a..212b723 100644 --- a/Customers/CustomsAviso.aspx +++ b/Customers/CustomsAviso.aspx @@ -65,11 +65,11 @@
-

Auftrags-Suche

+

<%=Server.HtmlEncode("Auftrags-Suche")%>

- Filter zurücksetzen + <%=Server.HtmlEncode("Filter zurücksetzen") %>
diff --git a/Customers/CustomsAviso.aspx.vb b/Customers/CustomsAviso.aspx.vb index abe9949..20e3040 100644 --- a/Customers/CustomsAviso.aspx.vb +++ b/Customers/CustomsAviso.aspx.vb @@ -160,28 +160,28 @@ Partial Class Kundenbereich_Default dt = Nothing If txt_Absender.Text IsNot "" Then txt_Absender.ValidateRequestMode = UI.ValidateRequestMode.Enabled - Absender = Server.HtmlEncode(txt_Absender.Text) + Absender = txt_Absender.Text ElseIf txt_Empfaenger.Text IsNot "" Then txt_Empfaenger.ValidateRequestMode = UI.ValidateRequestMode.Enabled - Empfaenger = Server.HtmlEncode(txt_Empfaenger.Text) + Empfaenger = txt_Empfaenger.Text ElseIf txt_KdNrAuftrag.Text IsNot "" Then txt_KdNrAuftrag.ValidateRequestMode = UI.ValidateRequestMode.Enabled - KDNAFNR = Server.HtmlEncode(txt_KdNrAuftrag.Text) + KDNAFNR = txt_KdNrAuftrag.Text ElseIf txt_LKWNr.Text IsNot "" Then txt_LKWNr.ValidateRequestMode = UI.ValidateRequestMode.Enabled - LKWNR = Server.HtmlEncode(txt_LKWNr.Text) + LKWNR = txt_LKWNr.Text ElseIf txt_Absender_M.Text IsNot "" Then txt_Absender_M.ValidateRequestMode = UI.ValidateRequestMode.Enabled - Absender = Server.HtmlEncode(txt_Absender_M.Text) + Absender = txt_Absender_M.Text ElseIf txt_Empfaenger_M.Text IsNot "" Then txt_Empfaenger_M.ValidateRequestMode = UI.ValidateRequestMode.Enabled - Empfaenger = Server.HtmlEncode(txt_Empfaenger_M.Text) + Empfaenger = txt_Empfaenger_M.Text ElseIf txt_KdNrAuftrag_M.Text IsNot "" Then txt_KdNrAuftrag_M.ValidateRequestMode = UI.ValidateRequestMode.Enabled - KDNAFNR = Server.HtmlEncode(txt_KdNrAuftrag_M.Text) + KDNAFNR = txt_KdNrAuftrag_M.Text ElseIf txt_LKWNr_M.Text IsNot "" Then txt_LKWNr_M.ValidateRequestMode = UI.ValidateRequestMode.Enabled - LKWNR = Server.HtmlEncode(txt_LKWNr_M.Text) + LKWNR = txt_LKWNr_M.Text End If If rbt_Alle.Selected = True Or rbt_Alle_M.Selected = True Then @@ -198,8 +198,8 @@ Partial Class Kundenbereich_Default pickdate2.Text = Date.Parse(Now().Day.ToString + "." + Now().Month.ToString + "." + Now().Year.ToString).ToString Else Try - datevon = Date.Parse(pickdate1.Text) - datebis = Date.Parse(pickdate2.Text) + datevon = Date.Parse(Server.HtmlEncode(pickdate1.Text)) + datebis = Date.Parse(Server.HtmlEncode(pickdate2.Text)) Catch ex As Exception MsgBox(ex.StackTrace, MsgBoxStyle.Exclamation) End Try @@ -219,9 +219,9 @@ Partial Class Kundenbereich_Default pickdate2.Text = Date.Parse(Now().Day.ToString + "." + Now().Month.ToString + "." + Now().Year.ToString).ToString Else Try - datevon = Date.Parse(pickdate1.Text) + datevon = Date.Parse(Server.HtmlEncode(pickdate1.Text)) 'MsgBox(pickdate1.Text) - datebis = Date.Parse(pickdate2.Text) + datebis = Date.Parse(Server.HtmlEncode(pickdate2.Text)) ' MsgBox(pickdate2.Text) dt = VERAG_PROG_ALLGEMEIN.cAviso.GET_KDLIST_WEB(Art, Kdnrtext, {1}, datevon, datebis, Absender, Empfaenger, LKWNR, KDNAFNR) Catch ex As Exception