Show
Ignore:
Timestamp:
14.03.2014 22:46:25 (4 years ago)
Author:
ak19
Message:

Third commit for security, for ensuring cgiargs macros are websafe. This time all the changes to the runtime action classes.

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone2/runtime-src/src/recpt/sqlqueryaction.cpp

    r28888 r28899  
    270270  if (args["qt"]=="0" && args["sqlqto"] != "1") { // normal text search 
    271271    unsafe_cgi_arg("ALL", args["q"]); 
    272     formattedstring = "SELECT DISTINCT docOID FROM document_metadata WHERE " + args["q"];     
     272    formattedstring = "SELECT DISTINCT docOID FROM document_metadata WHERE " + encodeForSQL(args["q"]);     
    273273  } 
    274274  else if (args["qt"]=="1" || args["sqlqto"]=="1"){ // form search