Context Navigation

← Previous Change
Next Change →

mongolian2.dm

Timestamp:

2014-03-13T14:34:48+13:00 (10 years ago)

Author:

ak19

Message:

First security commit. 1. Introducing the new securitools.h and .cpp files, which port the functions necessary to implement security in Greenstone from OWASP-ESAPI for Java, since OWASP's C++ version is largely not yet implemented, even though their code compiles. The newly added runtime-src/packages/security which contains OWASP ESAPI for C++ will therefore be removed again shortly. 2. receptionist.cpp now sets various web-encoded variants for each cgiarg macro, such as HTML entity encoded, attr encoded, javascript encoded (and css encoded variants). These are now used in the macro files based on which variant is suited to the context. 3. This commit further contains the minimum changes to protect the c, d, and p cgi variables.

File:

: 1 edited

main/trunk/greenstone2/macros/mongolian2.dm (modified) (7 diffs)

Legend:

: Unmodified
: Added
: Removed

main/trunk/greenstone2/macros/mongolian2.dm

-              r18430
+              r28888
 ÑÐ³ Ñ
 Ò¯ÑÐ²ÑÐ» ÑÐ°
 <a href="_httpdoc_&c=_1_&cl=_cgiargcl_&d=_3_">ÑÐ³ Ñ
+<a href="_httpdoc_&c=_1_&cl=_cgiargclUrlsafe_&d=_3_">ÑÐ³ Ñ
 ÑÑÐŽÐ°Ñ</a> ÑÑÑ ÐŸÑÐœÐŸ ÑÑ;
 ÑÑÐ²ÑÐ» Ð±ÑÐ°ÑÐ·ÐµÑ ÐŽÑÑÑÑ
 …
 _textmustbelongtogroup_ [l=mn] {ÐÐœÑ Ñ
 ÑÑÐŽÑÐ°ÐœÐŽ ÐœÑÐ²ÑÑÑÑ
 ÐžÐ¹Ðœ ÑÑÐ»ÐŽ ÑÐ° "_cgiargug_" Ð±Ò¯Ð»Ð³ÐžÐ¹ÐœÑ
+ÐžÐ¹Ðœ ÑÑÐ»ÐŽ ÑÐ° "_cgiargugHtmlsafe_" Ð±Ò¯Ð»Ð³ÐžÐ¹ÐœÑ
  Ð±Ð°Ð¹Ñ
  ÑÑÑÐŸÐ¹ Ð³ÑÐŽÐ³ÐžÐ¹Ð³ Ð°ÐœÑ
 …
 _textviewbildsummary_ [l=mn] {Ð¢Ð° ÑÐœÑÑ
 Ò¯Ò¯ ÑÑÐ³Ð»ÑÑÐ»Ð³ÑÐ³ Ò¯Ò¯ÑÐ³ÑÑÑÐœ ÑÐ°Ð»Ð°Ð°ÑÑ
  ÐŒÑÐŽÑÑÐ»Ð»ÐžÐ¹Ð³<a href="_httppagex_(bsummary)&c=_cgiargbc1dirname_" target=_top>Ò¯Ð·ÑÐ¶ Ð±ÐŸÐ»ÐœÐŸ</a>}
+ ÐŒÑÐŽÑÑÐ»Ð»ÐžÐ¹Ð³<a href="_httppagex_(bsummary)&c=_cgiargbc1dirnameUrlsafe_" target=_top>Ò¯Ð·ÑÐ¶ Ð±ÐŸÐ»ÐœÐŸ</a>}
 _textview_ [l=mn] {ÐŠÑÐ³Ð»ÑÑÐ»Ð³Ð° Ò¯Ð·ÑÑ
+}
 …
 _textdelperm_ [l=mn] {ÐÐ°ÑÐžÐŒ Ð±ÑÑÑ Ð±Ò¯Ñ
  _cgiargbc1dirname_ ÑÑÐ³Ð»ÑÑÐ»Ð³ÑÐ³ Ð°ÑÐžÐ»Ð³Ð°Ñ
+ _cgiargbc1dirnameHtmlsafe_ ÑÑÐ³Ð»ÑÑÐ»Ð³ÑÐ³ Ð°ÑÐžÐ»Ð³Ð°Ñ
 Ð±ÐŸÐ»ÐŸÐŒÐ¶Ð³Ò¯Ð¹ Ð±Ð°Ð¹ÐœÐ°. ÐšÐ°Ð»ÑÐ³Ð°Ð°Ðœ ÐœÑ:
 <ul>                                                                                                                                                                                                                                       <li> Greenstone ÐœÑ <li>Greenstone ÑÑÑ
 Ð°Ð¹Ðœ _gsdlhome_/collect/_cgiargbc1dirname_
+Ð°Ð¹Ðœ _gsdlhome_/collect/_cgiargbc1dirnameHtmlsafe_
 ÐŽÐžÑÐµÐºÑÐŸÑÑÐ³ ÑÑÑÐ³Ð°Ñ
  ÑÑÑ
 Ð³Ð³Ò¯Ð¹ Ð±Ð°Ð¹ÐœÐ°.<br>
 _cgiargbc1dirname_ ÑÑÐ³Ð»ÑÑÐ»Ð³ÑÐ³ ÑÐœÑ ÐºÐŸÐŒÐ¿ÑÑÑÐµÑÑÑÑ Ð°ÑÐžÐ»Ð³Ð°Ñ
+_cgiargbc1dirnameHtmlsafe_ ÑÑÐ³Ð»ÑÑÐ»Ð³ÑÐ³ ÑÐœÑ ÐºÐŸÐŒÐ¿ÑÑÑÐµÑÑÑÑ Ð°ÑÐžÐ»Ð³Ð°Ñ
  Ò¯Ð¹Ð»ÐŽÐ»ÐžÐ¹Ð³ Ð±Ò¯ÑÑÐœ Ñ
 ÐžÐ¹Ñ
 …
 </ul>}
 _textdelinv_ [l=mn] {_cgiargbc1dirname_ ÑÑÐ³Ð»ÑÑÐ»Ð³Ð° ÐœÑ Ñ
+_textdelinv_ [l=mn] {_cgiargbc1dirnameHtmlsafe_ ÑÑÐ³Ð»ÑÑÐ»Ð³Ð° ÐœÑ Ñ
 Ð°ÐŒÐ³Ð°Ð°Ð»Ð°Ð³ÐŽÑÐ°Ðœ, ÑÑÐ²ÑÐ» Ñ
 Ò¯ÑÐžÐœÐ³Ò¯Ð¹ Ð±Ð°Ð¹ÐœÐ°. Ð£ÑÑÐ³Ð°ÑÐ°ÐœÐ³Ò¯Ð¹.}
 _textdelsuc_ [l=mn] {_cgiargbc1dirname_ ÑÑÐ³Ð»ÑÑÐ»Ð³ÑÐ³ Ð°ÐŒÐ¶ÐžÐ»ÑÑÐ°Ð¹ ÑÑÑÐ³Ð°Ð»Ð°Ð°.}
 _textclonefail_ [l=mn] {_cgiargclonecol_ ÑÑÐ³Ð»ÑÑÐ»Ð³Ð° Ñ
+_textdelsuc_ [l=mn] {_cgiargbc1dirnameHtmlsafe_ ÑÑÐ³Ð»ÑÑÐ»Ð³ÑÐ³ Ð°ÐŒÐ¶ÐžÐ»ÑÑÐ°Ð¹ ÑÑÑÐ³Ð°Ð»Ð°Ð°.}
+_textclonefail_ [l=mn] {_cgiargclonecolHtmlsafe_ ÑÑÐ³Ð»ÑÑÐ»Ð³Ð° Ñ
 ÑÐ²ÐžÐ»Ð°Ð³ÐŽÑÐ°ÐœÐ³Ò¯Ð¹. ÐšÐ°Ð»ÑÐ³Ð°Ð°Ðœ ÐœÑ:
 <ul>
 <li>_cgiargclonecol_ ÑÑÐ³Ð»ÑÑÐ»Ð³Ð° Ð±Ð°Ð¹Ñ
+<li>_cgiargclonecolHtmlsafe_ ÑÑÐ³Ð»ÑÑÐ»Ð³Ð° Ð±Ð°Ð¹Ñ
 Ð³Ò¯Ð¹ Ð±Ð°Ð¹ÐœÐ°.
 <li>_cgiargclonecol_ ÑÑÐ³Ð»ÑÑÐ»Ð³Ð°ÐœÐŽ collect.cfg Ð³ÑÐŽÑÐ³ Ó©Ó©ÑÑÐ»Ó©Ð»Ñ Ñ
+<li>_cgiargclonecolHtmlsafe_ ÑÑÐ³Ð»ÑÑÐ»Ð³Ð°ÐœÐŽ collect.cfg Ð³ÑÐŽÑÐ³ Ó©Ó©ÑÑÐ»Ó©Ð»Ñ Ñ
 ÐžÐ¹Ñ
  ÑÐ°Ð¹Ð» Ð°Ð»Ð³Ð° Ð±Ð°Ð¹ÐœÐ°.
 …
 ÐžÐ¹Ð³ ÑÐ°ÐœÐŽ Ð·Ó©Ð²Ð»Ó©Ð¶ Ð±Ð°Ð¹ÐœÐ°.}
 _textexptsuc_ [l=mn] {_cgiargbc1dirname_ ÑÑÐ³Ð»ÑÑÐ»Ð³ÑÐ³ _gsdlhome_/tmp/exported\__cgiargbc1dirname_ ÐŽÐžÑÐµÐºÑÐŸÑ Ð»ÑÑ
+_textexptsuc_ [l=mn] {_cgiargbc1dirnameHtmlsafe_ ÑÑÐ³Ð»ÑÑÐ»Ð³ÑÐ³ _gsdlhome_/tmp/exported\__cgiargbc1dirnameHtmlsafe_ ÐŽÐžÑÐµÐºÑÐŸÑ Ð»ÑÑ
 Ð°ÐŒÐ¶ÐžÐ»ÑÑÐ°Ð¹ ÐŸÑÑÑÐ»Ð»Ð°Ð°.}
 _textexptfail_ [l=mn] {<p>_cgiargbc1dirname_ ÑÑÐ³Ð»ÑÑÐ»Ð³ÑÐ³ Ð±ÐžÑÐžÑ
+_textexptfail_ [l=mn] {<p>_cgiargbc1dirnameHtmlsafe_ ÑÑÐ³Ð»ÑÑÐ»Ð³ÑÐ³ Ð±ÐžÑÐžÑ
 ÑÑÑ Ð±ÑÐ»ÐŽÑÑ
  Ò¯Ð¹Ð» ÑÐ²Ñ Ð°ÐŒÐ¶ÐžÐ»ÑÐ³Ò¯Ð¹ Ð±ÐŸÐ»Ð»ÐŸÐŸ.
 …
 _textdeleteuser_ [l=mn] {Ð¥ÑÑÑÐ³Ð»ÑÐ³ÑÐžÐ¹Ð³ ÑÑÑÐ³Ð°Ñ
+}
 _textremwarn_ [l=mn] {Ð¢Ð° <b>_cgiargumun_</b> Ñ
+_textremwarn_ [l=mn] {Ð¢Ð° <b>_cgiargumunHtmlsafe_</b> Ñ
 ÑÑÑÐ³Ð»ÑÐ³ÑÐžÐ¹Ð³ Ð°ÑÐžÐ»Ð³Ð°Ñ
 ÑÐ³ Ñ

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 28888 for main/trunk/greenstone2/macros/mongolian2.dm

Legend:

main/trunk/greenstone2/macros/mongolian2.dm

Download in other formats: