source: main/trunk/greenstone2/macros/browse.dm@ 28888

Last change on this file since 28888 was 28888, checked in by ak19, 10 years ago

First security commit. 1. Introducing the new securitools.h and .cpp files, which port the functions necessary to implement security in Greenstone from OWASP-ESAPI for Java, since OWASP's C++ version is largely not yet implemented, even though their code compiles. The newly added runtime-src/packages/security which contains OWASP ESAPI for C++ will therefore be removed again shortly. 2. receptionist.cpp now sets various web-encoded variants for each cgiarg macro, such as HTML entity encoded, attr encoded, javascript encoded (and css encoded variants). These are now used in the macro files based on which variant is suited to the context. 3. This commit further contains the minimum changes to protect the c, d, and p cgi variables.
  • Property svn:executable set to *
  • Property svn:keywords set to Author Date Id Revision
File size: 2.2 KB
Line 
1# this file must be UTF-8 encoded
2
3package browse
4
5#######################################################################
6# headers
7# these are overridden so we can put an onLoad event handler
8# in the <body> tag of this page - for mgpp, form search pages
9#######################################################################
10
11#copied from prefs
12
13_header_ {_cgihead_
14_htmlhead_(onLoad="ccont(0)")_startspacer__pagebanner_
15}
16
17
18_content_{
19
20
21
22 _optnavigationbar_
23
24 _browseinterface_
25
26<div class="divbar">&nbsp;</div>
27
28 _classifications_
29
30
31 <div id="mydiv"></div>
32 <div><layer id="mylayer"top=350 left=280 width="100%"></layer></div>
33
34}
35
36
37_runtimebrowsescript_{}
38
39_browseinterface_{
40
41<form name=BrowseForm method=get action="_gwcgi_">
42
43<input type=hidden name="a" value="br">
44<input type=hidden name="e" value="_decodedcompressedoptions_">
45 <p>
46 _textfilterby_ _anyallselect_ _textwords_<br>
47 _filterbox_<br>
48
49 <font size=-1><i>(_textleaveblank_)</i></font><p>
50
51 _textsortby_ _browsebox1_, _textalsoshowing_ _browsebox2_ _textwith_
52 _docnum_ _textdocsperpage_
53 <span align = right> _browsebutton_ </span><p>
54</form>
55
56}
57
58_browsebutton_{<input type=submit value=_browsebuttontext_ align=right>}
59
60_docnum_{
61<select name="bnu">
62 <option _If_("_cgiargbnu_" eq "5", selected)>5
63 <option _If_("_cgiargbnu_" eq "10", selected)>10
64 <option _If_("_cgiargbnu_" eq "20", selected)>20
65 <option _If_("_cgiargbnu_" eq "50", selected)>50
66 <option value="-1" _If_("_cgiargbnu_" eq "-1", selected)>max
67</select>
68}
69
70_filterbox_{<input type=text name="bft" value="_cgiargbftAttrsafe_" size=60>}
71
72
73_anyallselect_{
74<select name="bt">
75 <option value="0"_If_(_cgiargbt_,, selected)>_textany_
76 <option value="1"_If_(_cgiargbt_, selected)>_textall_
77</select>
78}
79
80_classifications_{
81}
82
83_pagescriptextra_ {
84var tbl = new Array()
85
86function ccont(current)\{
87 if(document.getElementById) \{
88 document.getElementById("mydiv").innerHTML = tbl[current];
89 \}
90 else if(document.all)\{
91 mydiv.innerHTML=tbl[current]
92 \}
93 else if(document.layers)\{
94 document.mylayer.document.write(tbl[current])
95 document.mylayer.document.close()
96 \}
97
98\}
99
100_runtimebrowsescript_
101
102}
103
104
105
106
107
108
109
110
111
112
113
114
115
Note: See TracBrowser for help on using the repository browser.