Ignore:
Timestamp:
2014-03-14T17:13:56+13:00 (10 years ago)
Author:
ak19
Message:
  1. The cgiargq query variable is now no longer escaped in the 3 simply or large forms that use it. fqv and other js escaped fields are unchanged, since the jssafe now ensures that backslashes are escaped for macro files, so these resolve correctly in query.dm. 2. securitytools.cpp and .h updated to additionally escape back slashes for macro files when javascript escaping. This is done by default, since jssafe variants of cgiargs are all that are used, and they're used in macro files. 3. Encoded versions of decodedcompressedoptions are now used in all macro files. They're always used in attributes, so the attrsafe version which is set in receptionist.cpp is used.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • main/trunk/greenstone2/macros/collect.dm

    r28888 r28898  
    5252_introcontent_ {
    5353<form name="collectorform" method=post action="_gwcgi_">
    54 <input type=hidden name="e" value="_decodedcompressedoptions_">
     54<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    5555
    5656<center>
     
    143143_existingcontent_ {
    144144<form name="collectorform" method=post action="_gwcgi_">
    145 <input type=hidden name="e" value="_decodedcompressedoptions_">
     145<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    146146<input type=hidden name="p" value="_cgiargpAttrsafe_">
    147147<input type=hidden name="bc1dodelete" value="0">
     
    246246_infocontent_ {
    247247<form name="collectorform" method=post action="_gwcgi_">
    248 <input type=hidden name="e" value="_decodedcompressedoptions_">
     248<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    249249<input type=hidden name="p" value="_cgiargpAttrsafe_">
    250250<input type=hidden name="bc1infochanged" value="0">
     
    370370_srcecontent_ {
    371371<form name="collectorform" method=post action="_gwcgi_">
    372 <input type=hidden name="e" value="_decodedcompressedoptions_">
     372<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    373373<input type=hidden name="p" value="_cgiargpAttrsafe_">
    374374<input type=hidden name="bc1fromsrce" value="0">
     
    423423_confcontent_ {
    424424<form name="collectorform" method=post action="_gwcgi_">
    425 <input type=hidden name="e" value="_decodedcompressedoptions_">
     425<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    426426<input type=hidden name="p" value="_cgiargpAttrsafe_">
    427427<input type=hidden name="bc1cfgchanged" value="_cgiargbc1cfgchangedAttrsafe_">
     
    475475
    476476<form name="collectorform" method=post action="_gwcgi_">
    477 <input type=hidden name="e" value="_decodedcompressedoptions_">
     477<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    478478<input type=hidden name="p" value="_cgiargpAttrsafe_">
    479479
     
    528528_bildframe1content_ {
    529529<form name="collectorform" method=post action="_gwcgi_">
    530 <input type=hidden name="e" value="_decodedcompressedoptions_">
     530<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    531531<input type=hidden name="p" value="bildcancel">
    532532
     
    571571_bildcancelcontent_ {
    572572<form name="collectorform" method=post action="_gwcgi_">
    573 <input type=hidden name="e" value="_decodedcompressedoptions_">
     573<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    574574<input type=hidden name="p" value="_cgiargpAttrsafe_">
    575575
     
    630630_bildstatuscontent_ {
    631631<form name="collectorform" method=post action="_gwcgi_">
    632 <input type=hidden name="e" value="_decodedcompressedoptions_">
     632<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    633633<center>
    634634<table width=_pagewidth_>
     
    682682_bildfailcontent_ {
    683683<form name="collectorform" method=post action="_gwcgi_">
    684 <input type=hidden name="e" value="_decodedcompressedoptions_">
     684<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    685685<input type=hidden name="p" value="_cgiargpAttrsafe_">
    686686
     
    739739_messagehead_ {
    740740<form name="collectorform" method=post action="_gwcgi_">
    741 <input type=hidden name="e" value="_decodedcompressedoptions_">
     741<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    742742
    743743<center>
Note: See TracChangeset for help on using the changeset viewer.