Show
Ignore:
Timestamp:
14.03.2014 17:13:56 (6 years ago)
Author:
ak19
Message:

1. The cgiargq query variable is now no longer escaped in the 3 simply or large forms that use it. fqv and other js escaped fields are unchanged, since the jssafe now ensures that backslashes are escaped for macro files, so these resolve correctly in query.dm. 2. securitytools.cpp and .h updated to additionally escape back slashes for macro files when javascript escaping. This is done by default, since jssafe variants of cgiargs are all that are used, and they're used in macro files. 3. Encoded versions of decodedcompressedoptions are now used in all macro files. They're always used in attributes, so the attrsafe version which is set in receptionist.cpp is used.

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone2/macros/dateqry.dm

    r28888 r28898  
    6767 
    6868<input type=hidden name="a" value="q"> 
    69 <input type=hidden name="e" value="_decodedcompressedoptions_"> 
     69<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 
    7070<input type=hidden name="r" value="1"> 
    7171<input type=hidden name="hs" value="1">