Changeset 28888 for main/trunk/greenstone2/macros/bengali.dm

Timestamp:

2014-03-13T14:34:48+13:00 (10 years ago)

Author:

ak19

Message:

First security commit. 1. Introducing the new securitools.h and .cpp files, which port the functions necessary to implement security in Greenstone from OWASP-ESAPI for Java, since OWASP's C++ version is largely not yet implemented, even though their code compiles. The newly added runtime-src/packages/security which contains OWASP ESAPI for C++ will therefore be removed again shortly. 2. receptionist.cpp now sets various web-encoded variants for each cgiarg macro, such as HTML entity encoded, attr encoded, javascript encoded (and css encoded variants). These are now used in the macro files based on which variant is suited to the context. 3. This commit further contains the minimum changes to protect the c, d, and p cgi variables.

File:

• main/trunk/greenstone2/macros/bengali.dm (modified) (3 diffs)

main/trunk/greenstone2/macros/bengali.dm

@@ -53 +53 @@
 _textdescrpref_ [l=bn] {àŠªàŠ›àŠšà§àŠŠà§‡àŠ° àŠªà§ƒàŠ·à§àŠ àŠŸ}  
 _textdescrlogin_ [l=bn] {àŠ²àŠ—àŠ‡àŠš àŠªà§ƒàŠ·à§àŠ àŠŸ}  
-_textdescrlogout_ [l=bn] {_cgiargun_ àŠ¹àŠ¿àŠžà§‡àŠ¬à§‡ àŠ²àŠ—àŠ†àŠ‰àŠŸ àŠ¹à§Ÿà§‡àŠ›à§‡}  
+_textdescrlogout_ [l=bn] {_cgiargunHtmlsafe_ àŠ¹àŠ¿àŠžà§‡àŠ¬à§‡ àŠ²àŠ—àŠ†àŠ‰àŠŸ àŠ¹à§Ÿà§‡àŠ›à§‡}  
 
 _textdescrgreenstone_ [l=bn] {àŠšàŠ¿àŠ‰àŠœàŠ¿àŠ²à§àŠ¯àŠŸàŠšà§àŠ¡ àŠ¡àŠ¿àŠœàŠ¿àŠŸàŠŸàŠ² àŠ²àŠŸàŠ‡àŠ¬à§àŠ°à§‡àŠ°à§€ àŠžàŠ«àŠŸà§àŠ“à§Ÿà§àŠ¯àŠŸàŠ°}  
@@ -210 +210 @@
 _linktextPREFERENCES_ [l=bn] {àŠªàŠ›àŠšà§àŠŠ}
 _linktextLOGIN_ [l=bn] {àŠ²àŠ—àŠ‡àŠš}  
-_linktextLOGGEDIN_ [l=bn] {(_cgiargun_ àŠ¹àŠ¿àŠžà§‡àŠ¬à§‡ àŠ²àŠ—àŠ‡àŠš àŠ¹à§Ÿà§‡àŠ›à§‡)}  
+_linktextLOGGEDIN_ [l=bn] {(_cgiargunHtmlsafe_ àŠ¹àŠ¿àŠžà§‡àŠ¬à§‡ àŠ²àŠ—àŠ‡àŠš àŠ¹à§Ÿà§‡àŠ›à§‡)}  
 _linktextLOGOUT_ [l=bn] {àŠ²àŠ—àŠ†àŠ‰àŠŸ}  
 
@@ -369 +369 @@
 # 'No matches for query: querystring', depending on whether or not there were
 # any matches
-_textquerytitle_ [l=bn] {_If_(_thislast_àŠ«àŠ²àŠŸàŠ«àŠ² _thisfirst_ - _thislast_ àŠªà§àŠ°àŠ¶à§àŠšà§‡àŠ° àŠœàŠšà§àŠ¯ _cgiargq_,àŠªà§àŠ°àŠ¶à§àŠšà§‡àŠ° àŠžàŠŸàŠ¥à§‡ àŠ•à§‹àŠš àŠ•àŠ¿àŠ›à§ àŠ®àŠ¿àŠ²à§‡àŠ›à§‡ àŠšàŠŸàŠƒ _cgiargq_)}
+_textquerytitle_ [l=bn] {_If_(_thislast_àŠ«àŠ²àŠŸàŠ«àŠ² _thisfirst_ - _thislast_ àŠªà§àŠ°àŠ¶à§àŠšà§‡àŠ° àŠœàŠšà§àŠ¯ _cgiargqHtmlsafe_,àŠªà§àŠ°àŠ¶à§àŠšà§‡àŠ° àŠžàŠŸàŠ¥à§‡ àŠ•à§‹àŠš àŠ•àŠ¿àŠ›à§ àŠ®àŠ¿àŠ²à§‡àŠ›à§‡ àŠšàŠŸàŠƒ _cgiargqHtmlsafe_)}
 _textnoquerytitle_ [l=bn] {àŠªà§ƒàŠ·à§àŠ àŠŸ àŠ
 àŠšà§àŠžàŠšà§àŠ§àŠŸàŠš àŠ•àŠ°à§àŠš}