Context Navigation

← Previous Change
Next Change →

farsi2.dm

Timestamp:

2014-03-13T14:34:48+13:00 (10 years ago)

Author:

ak19

Message:

First security commit. 1. Introducing the new securitools.h and .cpp files, which port the functions necessary to implement security in Greenstone from OWASP-ESAPI for Java, since OWASP's C++ version is largely not yet implemented, even though their code compiles. The newly added runtime-src/packages/security which contains OWASP ESAPI for C++ will therefore be removed again shortly. 2. receptionist.cpp now sets various web-encoded variants for each cgiarg macro, such as HTML entity encoded, attr encoded, javascript encoded (and css encoded variants). These are now used in the macro files based on which variant is suited to the context. 3. This commit further contains the minimum changes to protect the c, d, and p cgi variables.

File:

: 1 edited

main/trunk/greenstone2/macros/farsi2.dm (modified) (8 diffs)

Legend:

: Unmodified
: Added
: Removed

main/trunk/greenstone2/macros/farsi2.dm

-              r23743
+              r28888
 ÙØ¹Ù "_2_" ØšØšÛÙÛØ¯ Ù
 Û ØªÙØ§ÙÛØ¯
 <a href="_httpdoc_&c=_1_&cl=_cgiargcl_&d=_3_">ØšÙ Ø§ÛÙ ØµÙØÙ</a> ØšØ±ÙÛØ¯Ø Ø¯Ø± ØºÛØ±
+<a href="_httpdoc_&c=_1_&cl=_cgiargclUrlsafe_&d=_3_">ØšÙ Ø§ÛÙ ØµÙØÙ</a> ØšØ±ÙÛØ¯Ø Ø¯Ø± ØºÛØ±
 Ø§ÛÙØµÙØ±Øª ØšØ§ Ø§Ø³ØªÙØ§Ø¯Ù Ø§Ø² Ø¯Ú©Ù
 Ù Back Ù
 …
 _textmustbelongtogroup_ [l=fa] {ØªÙØ¬Ù Ø¯Ø§ØŽØªÙ ØšØ§ØŽÙØ¯ ÙÙ ØŽÙ
 Ø§ Ø¬ÙØª Ø¯Ø³ØªØ±Ø³Ù ØšÙ Ø§ÙÙ ØµÙØÙ ØšØ§ÙØ¯ Ø¬Ø²Ù Ú¯Ø±ÙÙ "cgiargug-"ØšØ§ØŽÙØ¯}
+Ø§ Ø¬ÙØª Ø¯Ø³ØªØ±Ø³Ù ØšÙ Ø§ÙÙ ØµÙØÙ ØšØ§ÙØ¯ Ø¬Ø²Ù Ú¯Ø±ÙÙ "_cgiargugHtmlsafe_"ØšØ§ØŽÙØ¯}
 _textmessageinvalid_ [l=fa] {ØµÙØÙ Ø§Ù ÙÙ ØŽÙ
 …
 Ù ÛØ§ ØšØ®ØŽÛ Ø§Ø² Ù
 Ø¬Ù
 ÙØ¹Ù_cgiargbc1dirname_ ÙÙ
+ÙØ¹Ù_cgiargbc1dirnameHtmlsafe_ ÙÙ
 Û ØªÙØ§ÙØ¯ ØØ°Ù ØŽÙØ¯. Ø¯ÙØ§ÛÙ Ø§ØØªÙ
 Ø§ÙÛ Ù
 …
 Ú©Ù Ø§Ø³Øª ÛÚ©Û Ø§Ø² Ù
 ÙØ§Ø±Ø¯ Ø²ÛØ± ØšØ§ØŽØ¯:  <ul>
 <li>Ú¯Ø±ÙÙ Ø§Ø³ØªÙÙ Ø§Ø² Ø§Ø®ØªÙØ§Ø± ÙØ§Ø±ÙÙ Ø¬ÙØª ØØ°Ù Ø¯Ø§ÙØ±ÙØªÙØ±Ù _gsdlhome_/collect/_cgiargbc1dirname_ ØšØ±Ø®ÙØ±Ø¯Ø§Ø± ÙÙØ³Øª.
+<li>Ú¯Ø±ÙÙ Ø§Ø³ØªÙÙ Ø§Ø² Ø§Ø®ØªÙØ§Ø± ÙØ§Ø±ÙÙ Ø¬ÙØª ØØ°Ù Ø¯Ø§ÙØ±ÙØªÙØ±Ù _gsdlhome_/collect/_cgiargbc1dirnameHtmlsafe_ ØšØ±Ø®ÙØ±Ø¯Ø§Ø± ÙÙØ³Øª.
 Ø¬ÙØª ØšØ±Ø¯Ø§ØŽØªÙ Ù
 Ø¬Ù
 ÙØ¹Ù _cgiargbc1dirname_ ØŽÙ
+ÙØ¹Ù _cgiargbc1dirnameHtmlsafe_ ØŽÙ
 Ø§ Ù
 Ù
 …
 _textdelinv_ [l=fa] {Ù
 Ø¬Ù
 ÙØ¹Ù_cgiargbc1dirname_ ØÙØ§ØžØª ØŽØ¯Ù ÙØ§ ØšÙ Ø§Ø¹ØªØšØ§Ø± Ø§Ø³Øª. ØØ°Ù ÙØ±Ø¯Ù ÙØºÙ ØŽØ¯.}
+ÙØ¹Ù_cgiargbc1dirnameHtmlsafe_ ØÙØ§ØžØª ØŽØ¯Ù ÙØ§ ØšÙ Ø§Ø¹ØªØšØ§Ø± Ø§Ø³Øª. ØØ°Ù ÙØ±Ø¯Ù ÙØºÙ ØŽØ¯.}
 _textdelsuc_ [l=fa] {Ù
 Ø¬Ù
 ÙØ¹Ù _cgiargbc1dirname_ ØšØ§ Ù
+ÙØ¹Ù _cgiargbc1dirnameHtmlsafe_ ØšØ§ Ù
 ÙÙÙÙØª ØØ°Ù ØŽØ¯.}
 _textclonefail_ [l=fa] {Ù
 Ø¬Ù
 ÙØ¹Ù _cgiargclonecol_ ÙÙ
+ÙØ¹Ù _cgiargclonecolHtmlsafe_ ÙÙ
 Ù ØªÙØ§ÙØ¯ ØšØ§Ø²ØªÙÙÙØ¯ ØŽÙØ¯. Ø¯ÙØ§ÙÙ Ø§ØØªÙ
 Ø§ÙÙ Ø§ÙÙ ÙØ§ ÙØ³ØªÙØ¯:
 …
 <li>Ù
 Ø¬Ù
 ÙØ¹Ù _cgiargclonecol_ Ù
+ÙØ¹Ù _cgiargclonecolHtmlsafe_ Ù
 ÙØ¬ÙØ¯ ÙÙØ³Øª.
 <li>Ù
 Ø¬Ù
 ÙØ¹Ù _cgiargclonecol_ Ø¯Ø§Ø±Ø§Ù ÙØ§ÙÙ ÙŸÙÙØ±ØšÙØ¯Ù collect.cfg ÙÙØ³Øª.
+ÙØ¹Ù _cgiargclonecolHtmlsafe_ Ø¯Ø§Ø±Ø§Ù ÙØ§ÙÙ ÙŸÙÙØ±ØšÙØ¯Ù collect.cfg ÙÙØ³Øª.
 <li>Ú¯Ø±ÙÙ Ø§Ø³ØªÙÙ Ø§Ø² Ù
 Ø¬ÙØ² ÙØ§ÙÙ Ø¬ÙØª Ø®ÙØ§ÙØ¯Ù collect.cfg ØšØ±Ø®ÙØ±Ø¯Ø§Ø± ÙÙØ³Øª.
 …
 _textexptsuc_ [l=fa] {Ù
 Ø¬Ù
 ÙØ¹Ù _cgiargbc1dirname_ØšØ§ Ù
 ÙÙÙÙØª ØšÙ Ø¯Ø§ÙØ±ÙØªÙØ±Ù _gsdlhome_/tmp/exported\__cgiargbc1dirname_ØµØ§Ø¯Ø± ØŽØ¯.}
+ÙØ¹Ù _cgiargbc1dirnameHtmlsafe_ØšØ§ Ù
+ÙÙÙÙØª ØšÙ Ø¯Ø§ÙØ±ÙØªÙØ±Ù _gsdlhome_/tmp/exported\__cgiargbc1dirnameHtmlsafe_ØµØ§Ø¯Ø± ØŽØ¯.}
 _textexptfail_ [l=fa] {<p>ØšØ±ÙÙØ¯Ø§Ø¯ Ù
 Ø¬Ù
 ÙØ¹Ù _cgiargbc1dirname_ Ø§ÙØ¬Ø§Ù
+ÙØ¹Ù _cgiargbc1dirnameHtmlsafe_ Ø§ÙØ¬Ø§Ù
  ÙÚ¯Ø±ÙØª. <p>Ø§ÙÙ Ù
 Ù
 …
 Ø§ ÙØ§ÙØ¹Ø§ Ù
 Ù Ø®ÙØ§ÙÙØ¯ ØšØ±Ø§Ù ÙÙ
 ÙØŽÙ ÙØ§Ø±ØšØ± Ø±Ø§ ØØ°Ù ÙÙÙØ¯<b>_cgiargumun_</b>Ø}
+ÙØŽÙ ÙØ§Ø±ØšØ± Ø±Ø§ ØØ°Ù ÙÙÙØ¯<b>_cgiargumunHtmlsafe_</b>Ø}

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 28888 for main/trunk/greenstone2/macros/farsi2.dm

Legend:

main/trunk/greenstone2/macros/farsi2.dm

Download in other formats: