Changeset 28898 for main/trunk/greenstone2/macros/pref.dm

Timestamp:

2014-03-14T17:13:56+13:00 (10 years ago)

Author:

ak19

Message:

1. The cgiargq query variable is now no longer escaped in the 3 simply or large forms that use it. fqv and other js escaped fields are unchanged, since the jssafe now ensures that backslashes are escaped for macro files, so these resolve correctly in query.dm. 2. securitytools.cpp and .h updated to additionally escape back slashes for macro files when javascript escaping. This is done by default, since jssafe variants of cgiargs are all that are used, and they're used in macro files. 3. Encoded versions of decodedcompressedoptions are now used in all macro files. They're always used in attributes, so the attrsafe version which is set in receptionist.cpp is used.

File:

• main/trunk/greenstone2/macros/pref.dm (modified) (1 diff)

main/trunk/greenstone2/macros/pref.dm

@@ -511 +511 @@
 
 <form name=PrefForm method=get action="_gwcgi_">
-<input type="hidden" name="e" value="_decodedcompressedoptions_">
+<input type="hidden" name="e" value="_decodedcompressedoptionsAttrsafe_">
 _If_(_collectionoption_,_collectionprefs_)
 _presentationprefs_