Show
Ignore:
Timestamp:
14.03.2014 22:46:25 (4 years ago)
Author:
ak19
Message:

Third commit for security, for ensuring cgiargs macros are websafe. This time all the changes to the runtime action classes.

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone2/runtime-src/src/recpt/receptionist.cpp

    r28898 r28899  
    15331533    text_t urlsafe = encodeForURL(macrovalue); 
    15341534    text_t jssafe = encodeForJavascript(macrovalue); // with default setting will return \\x and \\u for macro files 
    1535     text_t csssafe = encodeForCSS(macrovalue); 
     1535    text_t csssafe = encodeForCSS(macrovalue); // not yet used anywhere, but is available for use in macros 
     1536    text_t sqlsafe = encodeForSQL(macrovalue); 
    15361537 
    15371538    disp.setmacro ("cgiarg" + (*argshere).first + "Htmlsafe", displayclass::defaultpackage, htmlsafe);     
    15381539    disp.setmacro ("cgiarg" + (*argshere).first + "Attrsafe", displayclass::defaultpackage, attrsafe); 
     1540    disp.setmacro ("cgiarg" + (*argshere).first + "Urlsafe", displayclass::defaultpackage, urlsafe); 
    15391541    disp.setmacro ("cgiarg" + (*argshere).first + "Jssafe", displayclass::defaultpackage, jssafe); 
    15401542    disp.setmacro ("cgiarg" + (*argshere).first + "Csssafe", displayclass::defaultpackage, csssafe); 
    1541     disp.setmacro ("cgiarg" + (*argshere).first + "Urlsafe", displayclass::defaultpackage, urlsafe); 
     1543    disp.setmacro ("cgiarg" + (*argshere).first + "Sqlsafe", displayclass::defaultpackage, sqlsafe); 
    15421544     
    15431545