Changeset 28899 for main/trunk/greenstone2/runtime-src/src/recpt/pageaction.cpp

Timestamp:

2014-03-14T22:46:25+13:00 (10 years ago)

Author:

ak19

Message:

Third commit for security, for ensuring cgiargs macros are websafe. This time all the changes to the runtime action classes.

File:

• main/trunk/greenstone2/runtime-src/src/recpt/pageaction.cpp (modified) (4 diffs)

main/trunk/greenstone2/runtime-src/src/recpt/pageaction.cpp

@@ -212 +212 @@
           
           text_t link = "_gwcgi_?"+optsite+"a=p&p=about&c=" + *collist_here;
-          link += "&l=" + args["l"] + "&w=" + args["w"];
+          link += "&l=" + encodeForURL(args["l"]) + "&w=" + encodeForURL(args["w"]);
 
           // We are "dynamically" overriding so to speak the
@@ -335 +335 @@
           if (cinfo->isCollectGroup) {
         link = "<a class=\"collectiontitle\" href=\"_gwcgi_?"+optsite+"a=p&amp;p=home&amp;g=" + *collist_here;
-        link += "&amp;l=" + args["l"] + "&amp;w=" + args["w"] + "\">";
+        link += "&amp;l=" + encodeForURL(args["l"]) + "&amp;w=" + encodeForURL(args["w"]) + "\">";
           }
           else {
         link = "<a class=\"collectiontitle\" href=\"_gwcgi_?"+optsite+"a=p&amp;p=about&amp;c=" + *collist_here;
-        link += "&amp;l=" + args["l"] + "&amp;w=" + args["w"] + "\">";
+        link += "&amp;l=" + encodeForURL(args["l"]) + "&amp;w=" + encodeForURL(args["w"]) + "\">";
           }
           
@@ -515 +515 @@
 
 void pageaction::set_macro_to_file_contents (displayclass &disp, const text_t &macroname,
-                         const text_t &packagename, const text_t &filename) {
+                         const text_t &packagename, const text_t &filename, bool encode) {
 
   text_t filecontent;
@@ -531 +531 @@
     file_in.close();
   }
+
+  // if we ever need to encode the contents into HTML, call this function with encode=true
+  if(encode) {
+    filecontent = encodeForHTML(filecontent);
+  }
+
   disp.setmacro (macroname, packagename, dm_safe(filecontent));
 }