Ignore:
Timestamp:
2014-03-13T14:34:48+13:00 (10 years ago)
Author:
ak19
Message:

First security commit. 1. Introducing the new securitools.h and .cpp files, which port the functions necessary to implement security in Greenstone from OWASP-ESAPI for Java, since OWASP's C++ version is largely not yet implemented, even though their code compiles. The newly added runtime-src/packages/security which contains OWASP ESAPI for C++ will therefore be removed again shortly. 2. receptionist.cpp now sets various web-encoded variants for each cgiarg macro, such as HTML entity encoded, attr encoded, javascript encoded (and css encoded variants). These are now used in the macro files based on which variant is suited to the context. 3. This commit further contains the minimum changes to protect the c, d, and p cgi variables.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • main/trunk/greenstone2/macros/arabic2.dm

    r28538 r28888  
    320320وعة "_2_" يÙ
    321321كنك
    322     <a href="_httpdoc_&c=_1_&cl=_cgiargcl_&d=_3_">التقدÙ
     322    <a href="_httpdoc_&c=_1_&cl=_cgiargclUrlsafe_&d=_3_">التقدÙ
    323323</a> إلى هذه الصفحة;
    324324    أو استخدÙ
     
    353353ن Ù
    354354جÙ
    355 ÙˆØ¹Ø© "_cgiargug_" كي تدخل لهذه الصفحة}
     355وعة "_cgiargugHtmlsafe_" كي تدخل لهذه الصفحة}
    356356
    357357_textmessageinvalid_ [l=ar] {الصفحة التي طلؚت عرضها تتطلؚ Ù
     
    10651065_textdelperm_ [l=ar] {ؚعض أو كل Ù
    10661066جÙ
    1067 ÙˆØ¹Ø© _cgiargbc1dirname_ لا يÙ
     1067وعة _cgiargbc1dirnameHtmlsafe_ لا يÙ
    10681068كن Ù
    10691069حوها، رؚÙ
     
    10721072<li>أن ؚرناÙ
    10731073ج Greenstone لا يسÙ
    1074 Ø­ ؚإزالة _gsdlhome_/collect/_cgiargbc1dirname_
     1074Ø­ ؚإزالة _gsdlhome_/collect/_cgiargbc1dirnameHtmlsafe_
    10751075<br>قاÙ
    10761076وس.
     
    10791079وس يدوياً لكي تكÙ
    10801080ل عÙ
    1081 Ù„ية إزالة _cgiargbc1dirname_
     1081لية إزالة _cgiargbc1dirnameHtmlsafe_
    10821082Ù
    10831083جÙ
     
    10961096_textdelinv_ [l=ar] {الÙ
    10971097جÙ
    1098 ÙˆØ¹Ø© _cgiargbc1dirname_ Ù
     1098وعة _cgiargbc1dirnameHtmlsafe_ Ù
    10991099Ø­Ù
    11001100ية Ù
     
    11051105 Ø­Ø°Ù Ù
    11061106جÙ
    1107 ÙˆØ¹Ø© _cgiargbc1dirname_ ؚنجاح.}
     1107وعة _cgiargbc1dirnameHtmlsafe_ ؚنجاح.}
    11081108
    11091109_textclonefail_ [l=ar] {الÙ
    11101110جÙ
    1111 ÙˆØ¹Ø© _cgiargclonecol_ لا يÙ
     1111وعة _cgiargclonecolHtmlsafe_ لا يÙ
    11121112كن استنساخها. وأسؚاؚ ذلك قد تكون:
    11131113<ul>
    11141114<li> الÙ
    11151115جÙ
    1116 ÙˆØ¹Ø© _cgiargclonecol_ غير Ù
     1116وعة _cgiargclonecolHtmlsafe_ غير Ù
    11171117وجودة
    11181118<li> الÙ
    11191119جÙ
    1120 ÙˆØ¹Ø© _cgiargclonecol_ ليس لها Ù
     1120وعة _cgiargclonecolHtmlsafe_ ليس لها Ù
    11211121لف الخصا؊ص collect.cfg
    11221122<li> ؚرناÙ
     
    12001200 ØªØµØ¯ÙŠØ± الÙ
    12011201جÙ
    1202 ÙˆØ¹Ø© _cgiargbc1dirname_ ؚنجاح إلى دليل
    1203 _gsdlhome_/tmp/exported\__cgiargbc1dirname_ .}
     1202وعة _cgiargbc1dirnameHtmlsafe_ ؚنجاح إلى دليل
     1203_gsdlhome_/tmp/exported\__cgiargbc1dirnameHtmlsafe_ .}
    12041204
    12051205_textexptfail_ [l=ar] {<p>ف؎ل في تصدير Ù
    12061206جÙ
    1207 ÙˆØ¹Ø© _cgiargbc1dirname_
     1207وعة _cgiargbc1dirnameHtmlsafe_
    12081208 
    12091209 <p>رؚÙ
     
    17611761_textremwarn_ [l=ar] {هل تريد حذف هذا الÙ
    17621762ستخدÙ
    1763  Ù†Ù‡Ø§ØŠÙŠØ§Ù‹ <b>_cgiargumun_</b>?}
     1763 Ù†Ù‡Ø§ØŠÙŠØ§Ù‹ <b>_cgiargumunHtmlsafe_</b>?}
    17641764
    17651765
Note: See TracChangeset for help on using the changeset viewer.