Ignore:
Timestamp:
2014-03-18T20:22:59+13:00 (10 years ago)
Author:
ak19
Message:

6th commit for security of cgiargs. Looked over all occurrences of setmacro in *action.cpp files

Location:
main/trunk/greenstone2/macros
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • main/trunk/greenstone2/macros/gti.dm

    r28888 r28913  
    9898# Content of the GTI "find text fragments" page
    9999_gtifind_ {
    100 <h2><a href="_gwcgi_?a=gti&amp;p=lang&amp;e=_compressedoptions_">_gtitargetlanguagename_</a> -- <a href="_gwcgi_?a=gti&amp;p=core&amp;e=_compressedoptions_">_gtitranslationfiledesc_</a></h2>
     100<h2><a href="_gwcgi_?a=gti&amp;p=lang&amp;e=_compressedoptions_">_gtitargetlanguagename_</a> -- <a href="_gwcgi_?a=gti&amp;p=core&amp;e=_compressedoptions_">_gtitranslationfiledescHtmlsafe_</a></h2>
    101101<p>
    102102_textgtienterquery_:
     
    111111# Content of the GTI "offline" page
    112112_gtioffline_ {
    113 <h2><a href="_gwcgi_?a=gti&amp;p=lang&amp;e=_compressedoptions_">_gtitargetlanguagename_</a> -- _gtitranslationfiledesc_</h2>
     113<h2><a href="_gwcgi_?a=gti&amp;p=lang&amp;e=_compressedoptions_">_gtitargetlanguagename_</a> -- _gtitranslationfiledescHtmlsafe_</h2>
    114114<p>
    115115_textgtiofflinetranslation_
     
    118118# Content of the GTI "core" page (with text areas for entering and updating translations)
    119119_gticore_ {
    120 <h2><a href="_gwcgi_?a=gti&amp;p=lang&amp;e=_compressedoptions_">_gtitargetlanguagename_</a> -- _gtitranslationfiledesc_</h2>
     120<h2><a href="_gwcgi_?a=gti&amp;p=lang&amp;e=_compressedoptions_">_gtitargetlanguagename_</a> -- _gtitranslationfiledescHtmlsafe_</h2>
    121121<p>
    122122<center>
     
    133133# Content of the GTI "done" page, thanking the translator for completing the file
    134134_gtidone_ {
    135 <h2><a href="_gwcgi_?a=gti&amp;p=lang&amp;e=_compressedoptions_">_gtitargetlanguagename_</a> -- _gtitranslationfiledesc_</h2>
     135<h2><a href="_gwcgi_?a=gti&amp;p=lang&amp;e=_compressedoptions_">_gtitargetlanguagename_</a> -- _gtitranslationfiledescHtmlsafe_</h2>
    136136<p>
    137137<center>
     
    169169# --------------------------------------------------------------------------------
    170170
    171 # _If_(_gtiglihelpzipfilepath_ ne "", <a href="_httpprefix_/_gtiglihelpzipfilepath_">_textgtiglihelpzipfile_</a>,)<br>
     171# _If_(_gtiglihelpzipfilepath_ ne "", <a href="_httpprefix_/_gtiglihelpzipfilepathUrlsafe_">_textgtiglihelpzipfile_</a>,)<br>
    172172# <a href="_gwcgi_?a=gti&amp;p=glihelp&amp;e=_compressedoptions_">_textgtiglihelpzipfile_</a>
    173173
     
    180180     _If_("_4_" eq "_gtidownloadglihelp_", <a href="_4_">, <a href="_httpprefix_/_4_">)_textgtidownloadtargetfile_</a>
    181181
    182      _If_(_gtiglihelpzipfilepath_, <a href="_httpprefix_/_gtiglihelpzipfilepath_">_textgtiglihelpzipfile_</a>,)<br>
     182     _If_(_gtiglihelpzipfilepath_, <a href="_httpprefix_/_gtiglihelpzipfilepathUrlsafe_">_textgtiglihelpzipfile_</a>,)<br>
    183183
    184184     <a href="_gwcgi_?a=gti&amp;p=offline&amp;e=_compressedoptions_">_textgtitranslatefileoffline_</a><br>
    185      _gtiviewtranslationfileinaction_
     185     _gtiviewtranslationfileinactionHtmlsafe_
    186186  </td></tr>)
    187187</table>

  • main/trunk/greenstone2/macros/users.dm

    r28898 r28913  
    6262
    6363<table border=0>
    64 <tr><td>_authen:textusername_</td><td><input type="text" name="umun" value="_users:usersargun_" size=15></td>
     64<tr><td>_authen:textusername_</td><td><input type="text" name="umun" value="_users:usersargunAttrsafe_" size=15></td>
    6565<td><font color=gray>_textaboutusername_</font></td>
    6666</tr>
    67 <tr><td>_authen:textpassword_</td><td><input type="text" name="umpw" value="_users:usersargpw_" size=9></td>
     67<tr><td>_authen:textpassword_</td><td><input type="text" name="umpw" value="_users:usersargpwAttrsafe_" size=9></td>
    6868<td><font color=gray>_textaboutpassword_
    6969_If_("_cgiarguma_" eq "edituser",_textoldpass_)
     
    7575</select>
    7676</td></tr>
    77 <tr><td>_userslistusers:textgroups_</td><td colspan=2><input type="text" name="umug" value="_users:usersargug_" size=50></td></tr>
     77<tr><td>_userslistusers:textgroups_</td><td colspan=2><input type="text" name="umug" value="_users:usersargugAttrsafe_" size=50></td></tr>
    7878<tr><td></td><td></td>
    7979<td><font color=gray>_textaboutgroups_</font><br/><font color=gray>_textavailablegroups_</font></td></tr>
    80 <tr><td>_userslistusers:textcomment_</td><td colspan=2><input type="text" name="umc" value="_users:usersargc_" size=50></td></tr>
     80<tr><td>_userslistusers:textcomment_</td><td colspan=2><input type="text" name="umc" value="_users:usersargcAttrsafe_" size=50></td></tr>
    8181<tr><td></td><td colspan=2><input type="submit" name=beu value="submit">
    8282<input type="submit" name=uma value="cancel"></td></tr>
Note: See TracChangeset for help on using the changeset viewer.