Ignore:
Timestamp:
2014-03-13T14:34:48+13:00 (10 years ago)
Author:
ak19
Message:

First security commit. 1. Introducing the new securitools.h and .cpp files, which port the functions necessary to implement security in Greenstone from OWASP-ESAPI for Java, since OWASP's C++ version is largely not yet implemented, even though their code compiles. The newly added runtime-src/packages/security which contains OWASP ESAPI for C++ will therefore be removed again shortly. 2. receptionist.cpp now sets various web-encoded variants for each cgiarg macro, such as HTML entity encoded, attr encoded, javascript encoded (and css encoded variants). These are now used in the macro files based on which variant is suited to the context. 3. This commit further contains the minimum changes to protect the c, d, and p cgi variables.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • main/trunk/greenstone2/macros/chinese-trad2.dm

    r23639 r28888  
    193193Ÿæª¢èŠ–æ–Œ "_2_" å
    194194žè—è³‡æ–™åº«å
    195 §çš„連結悚可以按䞀䞋<a href="_httpdoc_&c=_1_&cl=_cgiargcl_&d=_3_"> 這裏的連結</a>以前埀該頁或è€
     195§çš„連結悚可以按䞀䞋<a href="_httpdoc_&c=_1_&cl=_cgiargclUrlsafe_&d=_3_"> 這裏的連結</a>以前埀該頁或è€
    196196按䞀䞋瀏芜噚的「回到䞊䞀頁」鍵以回到前䞀頁。} 
    197197
     
    214214
    215215_textmustbelongtogroup_ [l=zh-tr] {泚意䜠å¿
    216 é ˆå±¬æ–Œ "_cgiargug_" 這個矀組才胜看到歀頁}
     216須屬斌 "_cgiargugHtmlsafe_" 這個矀組才胜看到歀頁}
    217217
    218218_textmessageinvalid_ [l=zh-tr] {䜠所請求進å
     
    220220¥ïŒš<br>
    221221_If_(_cgiargug_,[請泚意䜠å¿
    222 é ˆå±¬æ–Œ "_cgiargug_" 矀組才胜進å
     222須屬斌 "_cgiargugHtmlsafe_" 矀組才胜進å
    223223¥æ­€ç¶²é ] <br>)
    224224請茞å
     
    611611
    612612_textdelperm_ [l=zh-tr] {郚分或å
    613 šéƒš _cgiargbc1dirname_ å
     613šéƒš _cgiargbc1dirnameHtmlsafe_ å
    614614žè—è³‡æ–™åº«ç„¡æ³•åˆªé™€ïŒŒå¯èƒœåŽŸå› ç‚ºïŒš
    615615<ul>
    616 <li>• Greenstone 無刪陀_gsdlhome_/collect/_cgiargbc1dirname_ 目錄的蚱可。
    617 äœ éœ€èŠäººå·¥ç§»é™€_cgiargbc1dirname
     616<li>• Greenstone 無刪陀_gsdlhome_/collect/_cgiargbc1dirnameHtmlsafe_ 目錄的蚱可。
     617䜠需芁人工移陀_cgiargbc1dirnameHtmlsafe
    618618žè—è³‡æ–™åº«ã€‚</li>
    619619<li>• Greenstone 無法執行_gsdlhome_/bin/script/delcol.pl皋匏請確定歀檔案可
     
    622622}
    623623
    624 _textdelinv_ [l=zh-tr] {_cgiargbc1dirname_ å
     624_textdelinv_ [l=zh-tr] {_cgiargbc1dirnameHtmlsafe_ å
    625625žè—è³‡æ–™åº«è¢«ä¿è­·æˆ–無效取消刪陀。
    626626}
    627627
    628 _textdelsuc_ [l=zh-tr] {成功刪陀_cgiargbc1dirname
     628_textdelsuc_ [l=zh-tr] {成功刪陀_cgiargbc1dirnameHtmlsafe
    629629žè—è³‡æ–™åº«ã€‚}
    630630
    631 _textclonefail_ [l=zh-tr] {無法耇補 _cgiargclonecol_ å
     631_textclonefail_ [l=zh-tr] {無法耇補 _cgiargclonecolHtmlsafe_ å
    632632žè—è³‡æ–™åº«ïŒŒå¯èƒœåŽŸå› ç‚ºïŒš
    633633<ul>
    634 <li>• _cgiargclonecol_ collection 䞍存圚。
    635 <li>• _cgiargclonecol_ collection 沒有 collect.cfg 變敞檔。
     634<li>• _cgiargclonecolHtmlsafe_ collection 䞍存圚。
     635<li>• _cgiargclonecolHtmlsafe_ collection 沒有 collect.cfg 變敞檔。
    636636<li>• Greenstone 沒有讀取collect.cfg 變敞檔的蚱可。
    637637</ul>
     
    675675}
    676676
    677 _textexptsuc_ [l=zh-tr] {成功茞出 _cgiargbc1dirname
    678 žè—è³‡æ–™åº« 至 _gsdlhome_/tmp/exported\__cgiargbc1dirname_ 目錄。
    679 }
    680 
    681 _textexptfail_ [l=zh-tr] {<p>無法茞出 _cgiargbc1dirname_ 的å
     677_textexptsuc_ [l=zh-tr] {成功茞出 _cgiargbc1dirnameHtmlsafe
     678žè—è³‡æ–™åº« 至 _gsdlhome_/tmp/exported\__cgiargbc1dirnameHtmlsafe_ 目錄。
     679}
     680
     681_textexptfail_ [l=zh-tr] {<p>無法茞出 _cgiargbc1dirnameHtmlsafe_ 的å
    682682žè—è³‡æ–™åº«ã€‚
    683683
     
    942942_textremwarn_ [l=zh-tr] {䜠確定芁氞ä¹
    943943刪陀䜿甚è€
    944 _cgiargumun_?}
     944_cgiargumunHtmlsafe_?}
    945945
    946946
Note: See TracChangeset for help on using the changeset viewer.