Ignore:
Timestamp:
2014-03-13T14:34:48+13:00 (10 years ago)
Author:
ak19
Message:

First security commit. 1. Introducing the new securitools.h and .cpp files, which port the functions necessary to implement security in Greenstone from OWASP-ESAPI for Java, since OWASP's C++ version is largely not yet implemented, even though their code compiles. The newly added runtime-src/packages/security which contains OWASP ESAPI for C++ will therefore be removed again shortly. 2. receptionist.cpp now sets various web-encoded variants for each cgiarg macro, such as HTML entity encoded, attr encoded, javascript encoded (and css encoded variants). These are now used in the macro files based on which variant is suited to the context. 3. This commit further contains the minimum changes to protect the c, d, and p cgi variables.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • main/trunk/greenstone2/macros/chinese2.dm

    r23687 r28888  
    152152_foundintcontent_ [l=zh] {<h3>连接到收藏“_2_”</h3>
    153153
    154 <p>悚选择的铟接是到收藏“_collectionname_”的䞀䞪倖郚铟接它是连接到收藏“_2_”。劂果悚想查看圚收藏“_2_”的这䞪铟接悚可以<a href="_httpdoc_&c=_1_&cl=_cgiargcl_&d=_3_">前进</a> 到这䞪页面吊则甚悚的浏览噚的“返回”按钮退回到之前的文件。} 
     154<p>悚选择的铟接是到收藏“_collectionname_”的䞀䞪倖郚铟接它是连接到收藏“_2_”。劂果悚想查看圚收藏“_2_”的这䞪铟接悚可以<a href="_httpdoc_&c=_1_&cl=_cgiargclUrlsafe_&d=_3_">前进</a> 到这䞪页面吊则甚悚的浏览噚的“返回”按钮退回到之前的文件。} 
    155155
    156156
     
    171171
    172172_textmustbelongtogroup_ [l=zh] {泚意悚å¿
    173 é¡»æ˜¯å±žäºŽâ€œ_cgiargug_”组才胜访问歀页面} 
     173须是属于“_cgiargugHtmlsafe_”组才胜访问歀页面} 
    174174
    175175_textmessageinvalid_ [l=zh] {<br>)
     
    479479
    480480
    481 _textdelperm_ [l=zh] {收藏_cgiargbc1dirname_的郚仜或è€
     481_textdelperm_ [l=zh] {收藏_cgiargbc1dirnameHtmlsafe_的郚仜或è€
    482482å
    483483šéƒšäžèƒœè¢«åˆ é™€ã€‚原因可胜有
    484484<ul>
    485 <li>绿宝石系统没有权限来删陀_gsdlhome_/collect/_cgiargbc1dirname_目圕。<br>
    486 æ‚šå¯èƒœéœ€èŠæ‰‹åŠšç§»é™€è¿™äžªç›®åœ•æ¥å®Œæˆæ”¶è—_cgiargbc1dirname_从这郚电脑䞭的移陀。</li>
     485<li>绿宝石系统没有权限来删陀_gsdlhome_/collect/_cgiargbc1dirnameHtmlsafe_目圕。<br>
     486悚可胜需芁手劚移陀这䞪目圕来完成收藏_cgiargbc1dirnameHtmlsafe_从这郚电脑䞭的移陀。</li>
    487487<li>绿宝石系统䞍胜运行皋序_gsdlhome_/bin/script/delcol.pl。请确定这䞪档案是可读取和可执行的。</li>
    488488</ul>} 
    489489
    490 _textdelinv_ [l=zh] {收藏_cgiargbc1dirname_是被保技的或è€
     490_textdelinv_ [l=zh] {收藏_cgiargbc1dirnameHtmlsafe_是被保技的或è€
    491491无效的。删陀已被取消。} 
    492492
    493 _textdelsuc_ [l=zh] {_cgiargbc1dirname_ 收藏已经被成功地删陀。} 
    494 
    495 _textclonefail_ [l=zh] {收藏_cgiargclonecol_䞍胜被倍制的。原因可胜有
     493_textdelsuc_ [l=zh] {_cgiargbc1dirnameHtmlsafe_ 收藏已经被成功地删陀。} 
     494
     495_textclonefail_ [l=zh] {收藏_cgiargclonecolHtmlsafe_䞍胜被倍制的。原因可胜有
    496496<ul>
    497 <li>歀收藏_cgiargclonecol_䞍存圚
    498 <li>歀收藏_cgiargclonecol_没有é
     497<li>歀收藏_cgiargclonecolHtmlsafe_䞍存圚
     498<li>歀收藏_cgiargclonecolHtmlsafe_没有é
    499499çœ®æ¡£æ¡ˆcollect.cfg
    500500<li>绿宝石系统没有权限来读取é
     
    531531。} 
    532532
    533 _textexptsuc_ [l=zh] {收藏_cgiargbc1dirname_已被成功地富出到_gsdlhome_/tmp/exported\__cgiargbc1dirname_目圕䞋。} 
    534 
    535 _textexptfail_ [l=zh] {<p>富出銆藏_cgiargbc1dirname_倱莥。
     533_textexptsuc_ [l=zh] {收藏_cgiargbc1dirnameHtmlsafe_已被成功地富出到_gsdlhome_/tmp/exported\__cgiargbc1dirnameHtmlsafe_目圕䞋。} 
     534
     535_textexptfail_ [l=zh] {<p>富出銆藏_cgiargbc1dirnameHtmlsafe_倱莥。
    536536
    537537<p>这埈可胜是因䞺绿宝石圚安è£
     
    752752_textdeleteuser_ [l=zh] {删陀䞀䞪甚户} 
    753753_textremwarn_ [l=zh] {悚真的想氞ä¹
    754 åœ°ç§»é™€ç”šæˆ·<b>_cgiargumun_</b>吗} 
     754地移陀甚户<b>_cgiargumunHtmlsafe_</b>吗} 
    755755
    756756
Note: See TracChangeset for help on using the changeset viewer.