Ignore:
Timestamp:
2014-03-14T17:13:56+13:00 (10 years ago)
Author:
ak19
Message:
  1. The cgiargq query variable is now no longer escaped in the 3 simply or large forms that use it. fqv and other js escaped fields are unchanged, since the jssafe now ensures that backslashes are escaped for macro files, so these resolve correctly in query.dm. 2. securitytools.cpp and .h updated to additionally escape back slashes for macro files when javascript escaping. This is done by default, since jssafe variants of cgiargs are all that are used, and they're used in macro files. 3. Encoded versions of decodedcompressedoptions are now used in all macro files. They're always used in attributes, so the attrsafe version which is set in receptionist.cpp is used.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • main/trunk/greenstone2/macros/depositdspace.dm

    r28888 r28898  
    636636_selectcontent_ {
    637637<form name="depositorform" method=post action="_gwcgi_">
    638 <input type=hidden name="e" value="_decodedcompressedoptions_">
     638<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    639639<input type=hidden name="p" value="intro">
    640640<input type=hidden name="c" value="">
     
    672672_step0content_ {
    673673<form name="depositorform" method=post action="_gwcgi_" enctype="multipart/form-data">
    674 <input type=hidden name="e" value="_decodedcompressedoptions_">
     674<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    675675<input type=hidden name="p" value="step1">
    676676
     
    803803_step1content_ {
    804804<form name="depositorform" method=post action="_gwcgi_" enctype="multipart/form-data">
    805 <input type=hidden name="e" value="_decodedcompressedoptions_">
     805<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    806806<input type=hidden name="p" value="step1">
    807807        <center>
     
    10181018_step2content_ {
    10191019<form name="depositorform" method=post action="_gwcgi_" enctype="multipart/form-data">
    1020 <input type=hidden name="e" value="_decodedcompressedoptions_">
     1020<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    10211021<input type=hidden name="p" value="step2">
    10221022
     
    11271127_step3content_ {
    11281128<form name="depositorform" method=post action="_gwcgi_" enctype="multipart/form-data">
    1129 <input type=hidden name="e" value="_decodedcompressedoptions_">
     1129<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    11301130<input type=hidden name="p" value="step3">
    11311131
     
    12101210_step4content_ {
    12111211<form name="depositorform" method=post action="_gwcgi_" enctype="multipart/form-data">
    1212 <input type=hidden name="e" value="_decodedcompressedoptions_">
     1212<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    12131213<input type=hidden name="p" value="step4">
    12141214
     
    13241324_step5content_ {
    13251325<form name="depositorform" method=post action="_gwcgi_" enctype="multipart/form-data">
    1326 <input type=hidden name="e" value="_decodedcompressedoptions_">
     1326<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    13271327<input type=hidden name="p" value="step5">
    13281328
     
    15471547_step6content_ {
    15481548<form id="depositorform" name="depositorform" method=post action="_gwcgi_" enctype="multipart/form-data">
    1549 <input type=hidden name="e" value="_decodedcompressedoptions_">
     1549<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    15501550<input type=hidden name="p" value="step6">
    15511551
     
    16491649_step7content_ {
    16501650<form name="depositorform" method=post action="_gwcgi_" enctype="multipart/form-data">
    1651 <input type=hidden name="e" value="_decodedcompressedoptions_">
     1651<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    16521652<input type=hidden name="p" value="step7">
    16531653
     
    17001700
    17011701<form name="depositorform" method=post action="_gwcgi_">
    1702 <input type=hidden name="e" value="_decodedcompressedoptions_">
     1702<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    17031703<input type=hidden name="p" value="_cgiargpAttrsafe_">
    17041704
     
    17591759_bildframe1content_ {
    17601760<form name="depositorform" method=post action="_gwcgi_">
    1761 <input type=hidden name="e" value="_decodedcompressedoptions_">
     1761<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    17621762<input type=hidden name="p" value="bildcancel">
    17631763
     
    18021802_bildcancelcontent_ {
    18031803<form name="depositorform" method=post action="_gwcgi_">
    1804 <input type=hidden name="e" value="_decodedcompressedoptions_">
     1804<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    18051805<input type=hidden name="p" value="_cgiargpAttrsafe_">
    18061806
     
    18611861_bildstatuscontent_ {
    18621862<form name="depositorform" method=post action="_gwcgi_">
    1863 <input type=hidden name="e" value="_decodedcompressedoptions_">
     1863<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    18641864
    18651865<center>
     
    19251925_bildfailcontent_ {
    19261926<form name="depositorform" method=post action="_gwcgi_">
    1927 <input type=hidden name="e" value="_decodedcompressedoptions_">
     1927<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    19281928<input type=hidden name="p" value="_cgiargpAttrsafe_">
    19291929
     
    19841984_messagehead_ {
    19851985<form name="depositorform" method=post action="_gwcgi_">
    1986 <input type=hidden name="e" value="_decodedcompressedoptions_">
     1986<input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_">
    19871987
    19881988<center>
Note: See TracChangeset for help on using the changeset viewer.