Changeset 28912 for main/trunk/greenstone2/runtime-src/src/recpt/pagedbrowserclass.cpp

Timestamp:

2014-03-18T16:45:46+13:00 (10 years ago)

Author:

ak19

Message:

Commit 5 for security. Handles setmacro() occurrences in non action.cpp files. cl is safe from hacks now.

File:

• main/trunk/greenstone2/runtime-src/src/recpt/pagedbrowserclass.cpp (modified) (3 diffs)

main/trunk/greenstone2/runtime-src/src/recpt/pagedbrowserclass.cpp

@@ -107 +107 @@
 
   if (section.OID != args["d"]) {
-    text_t httpprevarrow = "_httpdocument_&cl=" + args["cl"] + "&d=" + dm_safe(section.OID);
+    text_t httpprevarrow = "_httpdocument_&cl=" + encodeForURL(args["cl"]) + "&d=" + dm_safe(section.OID);
     text_t parentarrow = "<a href=\"" + httpprevarrow + "\">_iconprev_</a>\n";
     disp.setmacro ("httpprevarrow", "document", httpprevarrow);
@@ -176 +176 @@
 
   if (!found) {
-    httpnextarrow = "_httpdocument_&cl=" + args["cl"] + "&d=" + sections.docInfo[0].OID;
+    httpnextarrow = "_httpdocument_&cl=" + encodeForURL(args["cl"]) + "&d=" + sections.docInfo[0].OID;
     nextarrow = "<a href=\"" + httpnextarrow + "\">" + 
       sections.docInfo[0].metadata["Title"].values[0] + "_iconnext_</a>\n";
@@ -182 +182 @@
   } else {
     if (!previousOID.empty()) {
-      httpprevarrow = "_httpdocument_&cl=" + args["cl"] + "&d=" + dm_safe(previousOID);
+      httpprevarrow = "_httpdocument_&cl=" + encodeForURL(args["cl"]) + "&d=" + dm_safe(previousOID);
       prevarrow = "<a href=\"" + httpprevarrow + "\">_iconprev_" + previoustitle + "</a>\n";
     }
     if (!nextOID.empty()) {
-      httpnextarrow = "_httpdocument_&cl=" + args["cl"] + "&d=" + dm_safe(nextOID);
+      httpnextarrow = "_httpdocument_&cl=" + encodeForURL(args["cl"]) + "&d=" + dm_safe(nextOID);
       nextarrow = "<a href=\"" + httpnextarrow + "\">" + nexttitle + "_iconnext_</a>\n";
     }