Show
Ignore:
Timestamp:
14.03.2014 22:46:25 (5 years ago)
Author:
ak19
Message:

Third commit for security, for ensuring cgiargs macros are websafe. This time all the changes to the runtime action classes.

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone2/runtime-src/src/recpt/usersaction.cpp

    r22984 r28899  
    235235    if (user_database->get_user_info(*users_here, userinfo) == ERRNO_SUCCEED) { 
    236236      textout << outconvert << disp 
    237           << "<tr><td bgcolor=\"\\#eeeeee\">" << userinfo.username << "</td>\n" 
     237          << "<tr><td bgcolor=\"\\#eeeeee\">" << encodeForHTML(userinfo.username) << "</td>\n" 
    238238              << "<td bgcolor=\"\\#eeeeee\">" << (char *) (userinfo.enabled ? "enabled" : "disabled") << "</td>\n" 
    239           << "<td bgcolor=\"\\#eeeeee\">" << userinfo.groups << "&nbsp;</td>\n" 
    240           << "<td bgcolor=\"\\#eeeeee\">" << userinfo.comment << "&nbsp;</td>\n" 
     239          << "<td bgcolor=\"\\#eeeeee\">" << encodeForHTML(userinfo.groups) << "&nbsp;</td>\n" 
     240          << "<td bgcolor=\"\\#eeeeee\">" << encodeForHTML(userinfo.comment) << "&nbsp;</td>\n" 
    241241          << "<td><a href=\"_httpcurrentdocument_&a=um&uma=edituser&umun=" 
    242           << userinfo.username << "\">_userslistusers:textedituser_</a> " 
     242          << encodeForHTML(userinfo.username) << "\">_userslistusers:textedituser_</a> " 
    243243          << "<a href=\"_httpcurrentdocument_&a=um&uma=deleteuser&umun=" 
    244           << userinfo.username << "\">_userslistusers:textdeleteuser_</a>" 
     244          << encodeForHTML(userinfo.username) << "\">_userslistusers:textdeleteuser_</a>" 
    245245          << "</td></tr>\n\n"; 
    246246