Changeset 26539 for main/trunk/greenstone2
- Timestamp:
- 2012-11-28T18:35:47+13:00 (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone2/runtime-src/src/recpt/cgiutils.cpp
r22942 r26539 329 329 } 330 330 331 // Ensure dangerous tags and chars in cgi-args are URL encoded, to prevent obvious XSS attempts 332 // (e.g. c=<script>alert("hacked")</script>) and log poisoning (apache writes unrecognised URLs 333 // into log. If the user entered c=garbage <?php ...> in the URL, it gets written out into the 334 // apache log and that log file can be included in a local file inclusion (LFI) or 335 // remote file include (RFI) attack. 336 // This function encodes <>, &, ", ', / which are scripting chars or chars which can be used to 337 // break out of an html/XML/javascript context. 338 void safe_cgi_arg (text_t &argstr) { 339 text_t::iterator in = argstr.begin(); 340 text_t out = ""; 341 text_t::iterator end = argstr.end(); 342 343 while (in != end) { 344 if (*in == '<') out += "%3C"; 345 else if (*in == '>') out += "%3E"; 346 else if (*in == '&') out += "%26"; 347 else if (*in == '\"') out += "%22"; 348 else if (*in == '\'') out += "%27"; 349 else if (*in == '/') out += "%2F"; 350 else { // append whatever char is in *in, but as a char, not int 351 //out += *in; // appends as int 352 out += " "; // append placeholder character 353 out[out.size()-1] = *in; // now set location containing placeholder to what's in *in 354 } 355 ++in; 356 } 357 358 argstr.erase (argstr.begin(), end); 359 argstr += out; 360 } 331 361 332 362 // split up the cgi arguments … … 347 377 // convert %xx and + to their appropriate equivalents 348 378 decode_cgi_arg (value); 379 380 safe_cgi_arg(value); // mitigate obvious cross-site scripting hacks in URL cgi-params 381 349 382 value.setencoding(1); // other encoding 350 383 // store this key=value pair
Note:
See TracChangeset
for help on using the changeset viewer.