edv/VERAG_Homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Weitere Absicherung gegen ScriptExploits

Browse Source
This commit is contained in:
ja
2021-09-22 11:22:06 +02:00
parent 71c8d5b798
commit 1cd5a87a5c
2 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Customers/CustomsAviso.aspx
View File

@@ -65,11 +65,11 @@
<div>
<div style="height:0.936768149882904vh"></div>
<div class="col-12" style="margin-left:2px">
<h2>Auftrags-Suche</h2>
<h2><%=Server.HtmlEncode("Auftrags-Suche")%></h2>
</div>
<div style="margin-left:6px">
<div class="col-12" style="text-align:end">
<asp:LinkButton ID="btn_resetForm" runat="server" onclick="btn_resetForm_Click">Filter zurücksetzen</asp:LinkButton>
<asp:LinkButton ID="btn_resetForm" runat="server" onclick="btn_resetForm_Click"><%=Server.HtmlEncode("Filter zurücksetzen") %></asp:LinkButton>
</div>
<div style="height:0.936768149882904vh"></div>
<div class="col-12" style="margin-left:8px" >

24
Customers/CustomsAviso.aspx.vb
View File

@@ -160,28 +160,28 @@ Partial Class Kundenbereich_Default
dt = Nothing
If txt_Absender.Text IsNot "" Then
txt_Absender.ValidateRequestMode = UI.ValidateRequestMode.Enabled
Absender = Server.HtmlEncode(txt_Absender.Text)
Absender = txt_Absender.Text
ElseIf txt_Empfaenger.Text IsNot "" Then
txt_Empfaenger.ValidateRequestMode = UI.ValidateRequestMode.Enabled
Empfaenger = Server.HtmlEncode(txt_Empfaenger.Text)
Empfaenger = txt_Empfaenger.Text
ElseIf txt_KdNrAuftrag.Text IsNot "" Then
txt_KdNrAuftrag.ValidateRequestMode = UI.ValidateRequestMode.Enabled
KDNAFNR = Server.HtmlEncode(txt_KdNrAuftrag.Text)
KDNAFNR = txt_KdNrAuftrag.Text
ElseIf txt_LKWNr.Text IsNot "" Then
txt_LKWNr.ValidateRequestMode = UI.ValidateRequestMode.Enabled
LKWNR = Server.HtmlEncode(txt_LKWNr.Text)
LKWNR = txt_LKWNr.Text
ElseIf txt_Absender_M.Text IsNot "" Then
txt_Absender_M.ValidateRequestMode = UI.ValidateRequestMode.Enabled
Absender = Server.HtmlEncode(txt_Absender_M.Text)
Absender = txt_Absender_M.Text
ElseIf txt_Empfaenger_M.Text IsNot "" Then
txt_Empfaenger_M.ValidateRequestMode = UI.ValidateRequestMode.Enabled
Empfaenger = Server.HtmlEncode(txt_Empfaenger_M.Text)
Empfaenger = txt_Empfaenger_M.Text
ElseIf txt_KdNrAuftrag_M.Text IsNot "" Then
txt_KdNrAuftrag_M.ValidateRequestMode = UI.ValidateRequestMode.Enabled
KDNAFNR = Server.HtmlEncode(txt_KdNrAuftrag_M.Text)
KDNAFNR = txt_KdNrAuftrag_M.Text
ElseIf txt_LKWNr_M.Text IsNot "" Then
txt_LKWNr_M.ValidateRequestMode = UI.ValidateRequestMode.Enabled
LKWNR = Server.HtmlEncode(txt_LKWNr_M.Text)
LKWNR = txt_LKWNr_M.Text
End If
If rbt_Alle.Selected = True Or rbt_Alle_M.Selected = True Then
@@ -198,8 +198,8 @@ Partial Class Kundenbereich_Default
pickdate2.Text = Date.Parse(Now().Day.ToString + "." + Now().Month.ToString + "." + Now().Year.ToString).ToString
Else
Try
datevon = Date.Parse(pickdate1.Text)
datebis = Date.Parse(pickdate2.Text)
datevon = Date.Parse(Server.HtmlEncode(pickdate1.Text))
datebis = Date.Parse(Server.HtmlEncode(pickdate2.Text))
Catch ex As Exception
MsgBox(ex.StackTrace, MsgBoxStyle.Exclamation)
End Try
@@ -219,9 +219,9 @@ Partial Class Kundenbereich_Default
pickdate2.Text = Date.Parse(Now().Day.ToString + "." + Now().Month.ToString + "." + Now().Year.ToString).ToString
Else
Try
datevon = Date.Parse(pickdate1.Text)
datevon = Date.Parse(Server.HtmlEncode(pickdate1.Text))
'MsgBox(pickdate1.Text)
datebis = Date.Parse(pickdate2.Text)
datebis = Date.Parse(Server.HtmlEncode(pickdate2.Text))
' MsgBox(pickdate2.Text)
dt = VERAG_PROG_ALLGEMEIN.cAviso.GET_KDLIST_WEB(Art, Kdnrtext, {1}, datevon, datebis, Absender, Empfaenger, LKWNR, KDNAFNR)
Catch ex As Exception