root/main/trunk/greenstone2/macros/about.dm @ 32220

Revision 28888, 2.3 KB (checked in by ak19, 6 years ago)

First security commit. 1. Introducing the new securitools.h and .cpp files, which port the functions necessary to implement security in Greenstone from OWASP-ESAPI for Java, since OWASP's C++ version is largely not yet implemented, even though their code compiles. The newly added runtime-src/packages/security which contains OWASP ESAPI for C++ will therefore be removed again shortly. 2. receptionist.cpp now sets various web-encoded variants for each cgiarg macro, such as HTML entity encoded, attr encoded, javascript encoded (and css encoded variants). These are now used in the macro files based on which variant is suited to the context. 3. This commit further contains the minimum changes to protect the c, d, and p cgi variables.

  • Property svn:executable set to *
  • Property svn:keywords set to Author Date Id Revision
Line 
1# this file must be UTF-8 encoded
2package about
3
4#######################################################################
5# Icons
6#######################################################################
7
8# _imagethispage_ set in nav_css/nav_ns4 macro files
9
10# don't want link to 'about' page
11_imagecollection_ {_If_("_iconcollection_" ne "",
12    <img class="icon" src="_iconcollection_" alt="_collectionname_" title="_collectionname_">,_imagecollectionv_)}
13_imagecollection_ [v=1] {_imagecollectionv_}
14_imagecollectionv_ {<p class="collectiontitle">_collectionname_</p>}
15#######################################################################
16# about page content
17#######################################################################
18
19_pagetitle_ {_collectionname_}
20
21_content_ {
22_optnavigationbar_
23
24<div class="document">
25_If_("_cgiargqt_" ne "1",
26     _If_("_cgiargu_" ne "1",_aboutqueryform_)
27    )         
28_If_(_Global:collectionextra_,<p>_textabout_)
29_textsubcollections_
30
31<div class="section">
32<h3>_help:textsimplehelpheading_</h3>
33_help:simplehelp_
34</div>
35
36</div>
37}
38
39
40# _aboutqueryform_ is reset to "" in the server if the collection isn't
41# searchable or if the search form is a fielded form (and therefore too
42# big to fit)
43_aboutqueryform_ {
44<div class="queryform">
45_query:queryform_
46</div>
47
48<div class="divbar">&nbsp;</div>
49}
50
51_textabout_ {
52<div class="section">
53<h3>_textabcol_</h3>
54_Global:collectionextra_
55</div>
56}
57
58# set from within server
59_textsubcollections_ {}
60
61_aboutCollage_ {}
62_classifier_ {}
63_collageempty_ {There is no collage classifier defined for this collection!}
64_collageapplet_ {
65
66 <p>
67 <center>
68
69 <applet CODEBASE="_httpprefix_/bin/java" code="org.nzdl.gsdl.GsdlCollageApplet.GsdlCollageApplet.class"
70         archive="GsdlCollageApplet.jar" width="445" height="250">
71 
72     <param name="gwcgi" value="_gwcgi_">
73         <param name="collection" value="_cgiargcAttrsafe_">
74         <param name="classifier" value="CL_classifier_.1">
75       
76         <param name="hrefMustHave" value="cl=CL_classifier_.1">
77         <param name="imageMustNotHave" value="hl=%x=%gt=%gc=%.pr">
78
79     <param name="imageType" value=".jpg%.png"> 
80     <param name="verbosity" value="5">
81     <param name="maxDepth" value="3">
82     <param name="refreshDelay" value="1500">
83     <param name="isJava2" value="auto">
84
85 </applet>
86
87 </center>
88 <p>
89}
Note: See TracBrowser for help on using the browser.