Context Navigation

users.dm@ 28888

Last change on this file since 28888 was 28888, checked in by ak19, 10 years ago
First security commit. 1. Introducing the new securitools.h and .cpp files, which port the functions necessary to implement security in Greenstone from OWASP-ESAPI for Java, since OWASP's C++ version is largely not yet implemented, even though their code compiles. The newly added runtime-src/packages/security which contains OWASP ESAPI for C++ will therefore be removed again shortly. 2. receptionist.cpp now sets various web-encoded variants for each cgiarg macro, such as HTML entity encoded, attr encoded, javascript encoded (and css encoded variants). These are now used in the macro files based on which variant is suited to the context. 3. This commit further contains the minimum changes to protect the c, d, and p cgi variables.
Property svn:executable set to ``* Property svn:keywords set to `Author Date Id Revision`
File size: 4.9 KB

Line
1	# this file must be UTF-8 encoded
2
3	package userslistusers
4
5	_header_ {
6	<html>
7	<head>
8	<title>_textlocu_</title>
9	</head>
10	<body bgcolor="#ffffff" text="#000000" link="#006666"
11	alink="#cc9900" vlink="#666633">
12	}
13
14	_content_ {}
15
16	_contentstart_ {
17	<h2>_textlocu_</h2>
18
19
20	<table border=0 cellspacing=1 cellpadding=3 width=100%>
21	<tr>
22	<th bgcolor="\#d0d0d0">_textuser_</th>
23	<th bgcolor="\#d0d0d0">_textas_</th>
24	<th bgcolor="\#d0d0d0">_textgroups_</th>
25	<th bgcolor="\#d0d0d0">_textcomment_</th>
26	<th> </th>
27	</tr>
28	}
29
30	_contentend_ {
31	</table>
32	}
33
34	_footer_ {
35	</body>
36	</html>
37	}
38
39
40
41	package usersedituser
42
43	_header_ {
44	<html>
45	<head>
46	<title>_If_("_cgiarguma_" eq "edituser",_textedituser_,_textadduser_)</title>
47	</head>
48	<body bgcolor="#ffffff" text="#000000" link="#006666"
49	alink="#cc9900" vlink="#666633">
50	}
51
52	_content_ {
53	<h2>_If_("_cgiarguma_" eq "edituser",_textedituser_,_textadduser_)</h2>
54
55
56	_users:messagestatus_
57
58	<form name="edituser" method="post" action="_gwcgi_">
59	<input type=hidden name="e" value="_decodedcompressedoptions_">
60	<input type=hidden name="a" value="um">
61	<input type=hidden name="uma" value="_cgiargumaAttrsafe_">
62
63	<table border=0>
64	<tr><td>_authen:textusername_</td><td><input type="text" name="umun" value="_users:usersargun_" size=15></td>
65	<td><font color=gray>_textaboutusername_</font></td>
66	</tr>
67	<tr><td>_authen:textpassword_</td><td><input type="text" name="umpw" value="_users:usersargpw_" size=9></td>
68	<td><font color=gray>_textaboutpassword_
69	_If_("_cgiarguma_" eq "edituser",_textoldpass_)
70	</font></td></tr>
71	<tr><td>_userslistusers:textas_</td><td>
72	<select name="umus">
73	<option value="enabled">_textenabled_
74	<option value="disabled"_If_("_users:usersargus_" ne "enabled", selected)>_textdisabled_
75	</select>
76	</td></tr>
77	<tr><td>_userslistusers:textgroups_</td><td colspan=2><input type="text" name="umug" value="_users:usersargug_" size=50></td></tr>
78	<tr><td></td><td></td>
79	<td><font color=gray>_textaboutgroups_</font><br/><font color=gray>_textavailablegroups_</font></td></tr>
80	<tr><td>_userslistusers:textcomment_</td><td colspan=2><input type="text" name="umc" value="_users:usersargc_" size=50></td></tr>
81	<tr><td></td><td colspan=2><input type="submit" name=beu value="submit">
82	<input type="submit" name=uma value="cancel"></td></tr>
83	</table>
84	</form>
85	}
86
87	_footer_ {
88	</body>
89	</html>
90	}
91
92
93
94
95	package usersdeleteuser
96
97	_header_ {
98	<html>
99	<head>
100	<title>_textdeleteuser_</title>
101	</head>
102	<body bgcolor="#ffffff" text="#000000" link="#006666"
103	alink="#cc9900" vlink="#666633">
104	}
105
106	_content_ {
107
108	<p>
109	<table border=0>
110	<tr><td>
111	<form name="deleteuser" method="post" action="_gwcgi_">
112	<input type=hidden name="e" value="_decodedcompressedoptions_">
113	<input type=hidden name="a" value="um">
114	<input type=hidden name="uma" value="_cgiargumaAttrsafe_">
115	<input type=hidden name="umun" value="_cgiargumunAttrsafe_">
116	<font color=red>_textremwarn_</font>
117	<input type="submit" name=cm value="no">
118	<input type="submit" name=cm value="yes">
119	</form>
120	</td></tr>
121	</table>
122	}
123
124	_footer_ {
125	</body>
126	</html>
127	}
128
129
130
131	package userschangepasswd
132
133	_header_ {
134	<html>
135	<head>
136	<title>_textchangepw_</title>
137	</head>
138	<body bgcolor="#ffffff" text="#000000" link="#006666"
139	alink="#cc9900" vlink="#666633">
140	}
141
142	_content_ {
143	<h2>_textchangepw_</h2>
144	<p><font color=gray>_usersedituser:textaboutpassword_</font>
145
146	<p>_users:messagestatus_
147
148	<p>
149	<form name="changepasswd" method="post" action="_gwcgi_">
150	<input type=hidden name="e" value="_decodedcompressedoptions_">
151	<input type=hidden name="a" value="um">
152	<input type=hidden name="uma" value="_cgiargumaAttrsafe_">
153	<table border=0>
154	<tr><td align=right>_textoldpw_</td><td><input type="password" name="umpw" size=9></td></tr>
155	<tr><td align=right>_textnewpw_</td><td><input type="password" name="umnpw1" size=9></td></tr>
156	<tr><td align=right>_textretype_</td><td><input type="password" name="umnpw2" size=9></td></tr>
157	<tr><td></td><td><input type="submit" name=bcp value="submit"></td></tr>
158	</table>
159	</table>
160	</form>
161
162	}
163
164
165	package userschangepasswdok
166
167	_header_ {
168	<html>
169	<head>
170	<title>_userschangepasswd:textchangepw_</title>
171	</head>
172	<body bgcolor="#ffffff" text="#000000" link="#006666"
173	alink="#cc9900" vlink="#666633">
174	}
175
176	_content_ {
177	<h2>_userschangepasswd:textchangepw_</h2>
178
179	<p>_textsuccess_
180	}
181
182
183
184	package users
185
186	_messageinvalidusername_ {<font color=red>_textinvalidusername_</font>}
187	_messageinvalidpassword_ {<font color=red>_textinvalidpassword_</font>}
188	_messageemptypassword_ {<font color=red>_textemptypassword_</font>}
189	_messageuserexists_ {<font color=red>_textuserexists_</font>}
190
191	_messageusernameempty_ {<font color=red>_textusernameempty_</font>}
192	_messagepasswordempty_ {<font color=red>_textpasswordempty_</font>}
193	_messagenewpass1empty_ {<font color=red>_textnewpass1empty_</font>}
194	_messagenewpass2empty_ {_messagenewpass1empty_}
195	_messagenewpassmismatch_ {<font color=red>_textnewpassmismatch_</font>}
196	_messagenewinvalidpassword_ {<font color=red>_textnewinvalidpassword_</font>}
197	_messagefailed_ {<font color=red>_textfailed_</font>}

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format