Show
Ignore:
Timestamp:
14.03.2014 22:46:25 (4 years ago)
Author:
ak19
Message:

Third commit for security, for ensuring cgiargs macros are websafe. This time all the changes to the runtime action classes.

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone2/runtime-src/src/recpt/authenaction.cpp

    r22984 r28899  
    308308  //      _authen:hiddenargs_   to contain all the arguments that were 
    309309  //                            explicitly set 
    310   disp.setmacro ("messagestatus", "authen", ("_authen:message" + args["us"] 
     310  disp.setmacro ("messagestatus", "authen", ("_authen:message" + encodeForHTML(args["us"]) 
    311311                         + "_")); 
    312312  // change style of header and footer if page is a frame 
     
    339339    saveconfset.find((*args_here).first) == saveconfset.end()) { 
    340340      hiddenargs += "<input type=hidden name=\"" + (*args_here).first + 
    341     "\" value=\"_cgiarg" + (*args_here).first + "_\">\n"; 
     341    "\" value=\"_cgiarg" + (*args_here).first + "Attrsafe_\">\n"; 
    342342    } 
    343343    ++args_here;