DwZone Forum Welcome to the DwZone-it Forum     FAQ   Search   Memberlist   Usergroups       Register -->   Login   Recordset Paging   DwZone Forum Index -> Recordset Paging . Moderators: Administrators, Moderators  Mark all topics read Hint: For improved responsiveness, use Internet Explorer 4 (or above) with Javascript enabled, choose 'Dynamic' from the View dropdown and hit 'Set Options' to save your changes. Search for  View  Normal Expanded Dynamic Dynamic Memory Threaded Threaded Expanded Threaded Dynamic    Per page  102550    Messages Since  Last Visit Last Day Last Week Last Month Last 6 Months Last Year All Messages 21 to 23 of 23 (Total: 23) First |  Prev |  Next |  Last    Subject Author Date      Which sql command to use for PHP    SteBaWeb   5:16 7 Feb 2015      Re: Which sql command to use for PHP    Gianluigi   10:41 7 Feb 2015       Cross Site Scripting Errors when running the code thru a Fortify Scan    Crystal   10:08 24 Nov 2014     The include file "dwzPaging.asp" has several vulnerabilities found during scanning by our IA Dept. They will not let me deploy the code until I fix it. The problem is that the retStr and qString pass unvalidated data. I have replaced some of the code with the following. I don't know if this will pass but if anyone has an idea on how to validate the query string that is passed, I would really appreciate it. It looks like the key is the query string. private function GetQueryStringWithPage() validretStr = "/MY PATH GOES HERE.asp" retStr = request.ServerVariables("PATH_INFO") If retStr <> validretStr Then Response.Redirect("Invalid_Search.asp") Else retStr = request.ServerVariables("PATH_INFO") end if qString = "" Dim validkey validkey = "EventType" for each validkey in request.QueryString if not StartWith(validkey, "dwzpage" & instance) then if qString <> "" then qString = qString & "&" end if qString = qString & Server.URLEncode(validkey) & "=" & Server.URLEncode(Request.QueryString(validkey)) end if next retStr = retStr & "?" if qString <> "" then retStr = retStr & qString & "&" end if GetQueryStringWithPage = retStr end function Crystal       Last Visit: Friday 26 Apr, 2024 8:09 am First |  Prev |  Next |  Last    Login Username:  Password:   Log me on automatically each visit:   Read Message   Unread message Read message [popular]   Unread message [popular] Read message [locked]   Unread message [locked] All times are GMT-2 Jump to:  Select a forum    Php Extensions --------------------  » Advanced Form Controls  » Advanced Image Gallery  » Advanced Mail  » Advanced Search  » Ajax DataGrid  » Ajax loader  » Boolean Update  » Dynamic Captcha Image  » Dynamic Chart  » Dynamic Image  » Form Validator  » Google Maps  » HTML to PDF  » Import/Export Tools  » Multi Column Combo  » Multiple file upload  » Multiple Record  » Other extensions  » PayPal IPN  » Query Manager and Recordset Wizard  » Recordset Paging  » Server Side Validation  » Shopping Cart  » Site Search Engine  » TreeView  » Two tables manager  » Upload and resize  » WYSIWYG Html Editor  Asp Extensions --------------------  » Advanced Form Controls  » Advanced Image Gallery  » Advanced Search  » Advanced Mail  » Ajax DataGrid  » Ajax loader  » Asp TreeView  » Asp Upload and Resize  » Boolean Update  » Dynamic Captcha Image  » Dynamic Chart  » Dynamic Image  » Form Validator  » Google Maps  » HTML to PDF  » Import/Export Tools  » Multi Column Combo  » Multiple file upload  » Multiple Record  » Other extensions  » PayPal IPN  » Query Manager and Recordset Wizard  » Recordset Paging  » Routing Map24  » Server Side Validation  » Shopping Cart  » Site Search Engine  » Two tables manager  » WYSIWYG Html Editor