Show
Ignore:
Timestamp:
19.03.2014 19:11:13 (6 years ago)
Author:
ak19
Message:

Commit to do with security surrounding cgiargs. Depositor and collector.

Location:
main/trunk/greenstone2/runtime-src/src/recpt
Files:
2 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone2/runtime-src/src/recpt/collectoraction.cpp

    r22984 r28930  
    962962 
    963963  // set _pagescriptextra_ macro to _cpagescriptextra_ 
    964   disp.setmacro ("pagescriptextra", "collector", "_" + collector_page + "scriptextra_"); 
     964  disp.setmacro ("pagescriptextra", "collector", "_" + encodeForHTML(collector_page) + "scriptextra_"); 
    965965 
    966966  if (collector_page == "bildstatus" || collector_page == "bilddone" ||  
    967967      collector_page == "bildfail" || collector_page == "bildframe1") { 
    968     disp.setmacro ("header", "collector", "_" + collector_page + "header_"); 
     968    disp.setmacro ("header", "collector", "_" + encodeForHTML(collector_page) + "header_"); 
    969969  } 
    970970 
     
    13321332      // output page ("bild" page was already output above) 
    13331333      textout << outconvert << disp << ("_collector:header_\n") 
    1334           << ("_collector:" + collector_page + "content_\n") 
     1334          << ("_collector:" + encodeForHTML(collector_page) + "content_\n") 
    13351335          << ("_collector:footer_\n"); 
    13361336    } 
  • main/trunk/greenstone2/runtime-src/src/recpt/depositoraction.cpp

    r28899 r28930  
    424424                } 
    425425 
    426                 cached_metadata_values += "\"" + args_name + "\":\"" + args_val + "\""; 
     426                cached_metadata_values += "\"" + args_name + "\":\"" + encodeForJavascript(args_val) + "\""; 
    427427              } 
    428428            }