Changeset 28899 for main/trunk/greenstone2/runtime-src/src/recpt/securitytools.cpp

Timestamp:

2014-03-14T22:46:25+13:00 (10 years ago)

Author:

ak19

Message:

Third commit for security, for ensuring cgiargs macros are websafe. This time all the changes to the runtime action classes.

File:

• main/trunk/greenstone2/runtime-src/src/recpt/securitytools.cpp (modified) (4 diffs)

main/trunk/greenstone2/runtime-src/src/recpt/securitytools.cpp

@@ -136 +136 @@
 }
 
-
-text_t encodeForMySQL(const text_t& in, const text_t& immuneChars, const SQLMode mode) {
-  text_t out;
-  text_t::const_iterator here = in.begin();
-  text_t::const_iterator end = in.end();
-  while (here != end) {
-    out += encodeForMySQL(immuneChars, *here, mode); // IMMUNE_SQL and STANDARD SQLMode by default
+text_t encodeForSQL(const text_t& in, const text_t& immuneChars, const SQLMode mode) {
+  text_t out;
+  text_t::const_iterator here = in.begin();
+  text_t::const_iterator end = in.end();
+  while (here != end) {
+    out += encodeForSQL(immuneChars, *here, mode); // IMMUNE_SQL and STANDARD SQLMode by default
     ++here;
   }
@@ -320 +319 @@
 
 /* 
+
+ C++ port of OWASP-ESAPI for MySQL. Not sure if this is is the same for SQLite
+
 http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
  Defense Option 3 of https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
@@ -335 +337 @@
 
 */
-text_t encodeForMySQL(const text_t& immuneChars, const unsigned short in, const SQLMode mode) {
+text_t encodeForSQL(const text_t& immuneChars, const unsigned short in, const SQLMode mode) {
   
   text_t result = "";
@@ -392 +394 @@
 }
 
+// Unused at present.
 // See Codec.hex[] initialization and Codec.getHexForNonAlphanumeric(c) and Codec.toHex(c)
 // http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/codecs/Codec.java