Changeset 28888 for main/trunk/greenstone2/macros/english2.dm

Timestamp:

2014-03-13T14:34:48+13:00 (10 years ago)

Author:

ak19

Message:

First security commit. 1. Introducing the new securitools.h and .cpp files, which port the functions necessary to implement security in Greenstone from OWASP-ESAPI for Java, since OWASP's C++ version is largely not yet implemented, even though their code compiles. The newly added runtime-src/packages/security which contains OWASP ESAPI for C++ will therefore be removed again shortly. 2. receptionist.cpp now sets various web-encoded variants for each cgiarg macro, such as HTML entity encoded, attr encoded, javascript encoded (and css encoded variants). These are now used in the macro files based on which variant is suited to the context. 3. This commit further contains the minimum changes to protect the c, d, and p cgi variables.

File:

• main/trunk/greenstone2/macros/english2.dm (modified) (6 diffs)

main/trunk/greenstone2/macros/english2.dm

@@ -169 +169 @@
     collection (it links to the "_2_" collection).
     If you wish to view this link in the "_2_" collection you can 
-    <a href="_httpdoc_&amp;c=_1_&amp;cl=_cgiargcl_&amp;d=_3_">go forward</a> to this page; 
+    <a href="_httpdoc_&amp;c=_1_&amp;cl=_cgiargclUrlsafe_&amp;d=_3_">go forward</a> to this page; 
     otherwise use your browsers "back" button to return to the previous document.
 }
@@ -189 +189 @@
 _textpassword_ {password}
 
-_textmustbelongtogroup_ {Note that you must belong to the "_cgiargug_" group to access this page}
+_textmustbelongtogroup_ {Note that you must belong to the "_cgiargugHtmlsafe_" group to access this page}
 
 _textmessageinvalid_ {The page you have requested requires you to sign in.<br>
@@ -531 +531 @@
 
 _textdelperm_ {
-Some or all of the _cgiargbc1dirname_ collection could not be
+Some or all of the _cgiargbc1dirnameHtmlsafe_ collection could not be
 deleted. Possible causes are:
 <ul>
-<li> Greenstone does not have permission to delete the _gsdlhome_/collect/_cgiargbc1dirname_
+<li> Greenstone does not have permission to delete the _gsdlhome_/collect/_cgiargbc1dirnameHtmlsafe_
 directory.<br>
-You may need to remove this directory manually to complete the removal of the _cgiargbc1dirname_
+You may need to remove this directory manually to complete the removal of the _cgiargbc1dirnameHtmlsafe_
 collection from this computer.</li>
 <li>Greenstone can not run the program _gsdlhome_/bin/script/delcol.pl. Make sure that this file is readable and executable.</li>
@@ -543 +543 @@
 
 _textdelinv_ {
-The _cgiargbc1dirname_ collection is protected or invalid. Deletion was cancelled.
-}
-
-_textdelsuc_ {The _cgiargbc1dirname_ collection was successfully deleted.}
+The _cgiargbc1dirnameHtmlsafe_ collection is protected or invalid. Deletion was cancelled.
+}
+
+_textdelsuc_ {The _cgiargbc1dirnameHtmlsafe_ collection was successfully deleted.}
 
 _textclonefail_ {
-The _cgiargclonecol_ collection cound not be cloned. Possible causes are:
+The _cgiargclonecolHtmlsafe_ collection cound not be cloned. Possible causes are:
 <ul>
-<li> The _cgiargclonecol_ collection doesn't exist
-<li> The _cgiargclonecol_ collection has no collect.cfg configuration file
+<li> The _cgiargclonecolHtmlsafe_ collection doesn't exist
+<li> The _cgiargclonecolHtmlsafe_ collection has no collect.cfg configuration file
 <li> Greenstone does not have permission to read the collect.cfg configuration file
 </ul>
@@ -594 +594 @@
 
 _textexptsuc_ {
-The _cgiargbc1dirname_ collection was successfully exported to the
-_gsdlhome_/tmp/exported\__cgiargbc1dirname_ directory.
+The _cgiargbc1dirnameHtmlsafe_ collection was successfully exported to the
+_gsdlhome_/tmp/exported\__cgiargbc1dirnameHtmlsafe_ directory.
 }
 
 _textexptfail_ {
-<p>Failed to export the _cgiargbc1dirname_ collection.
+<p>Failed to export the _cgiargbc1dirnameHtmlsafe_ collection.
 
 <p>This is likely to be because Greenstone was installed without the
@@ -850 +850 @@
 
 _textdeleteuser_ {Delete a user}
-_textremwarn_ {Do you really want to permanently remove user <b>_cgiargumun_</b>?}
+_textremwarn_ {Do you really want to permanently remove user <b>_cgiargumunHtmlsafe_</b>?}