Ignore:
Timestamp:
2014-03-13T14:34:48+13:00 (10 years ago)
Author:
ak19
Message:

First security commit. 1. Introducing the new securitools.h and .cpp files, which port the functions necessary to implement security in Greenstone from OWASP-ESAPI for Java, since OWASP's C++ version is largely not yet implemented, even though their code compiles. The newly added runtime-src/packages/security which contains OWASP ESAPI for C++ will therefore be removed again shortly. 2. receptionist.cpp now sets various web-encoded variants for each cgiarg macro, such as HTML entity encoded, attr encoded, javascript encoded (and css encoded variants). These are now used in the macro files based on which variant is suited to the context. 3. This commit further contains the minimum changes to protect the c, d, and p cgi variables.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • main/trunk/greenstone2/macros/paperspast-english.dm

    r28324 r28888  
    206206_textresultsperpage_ [c=paperspast] {Results per page}
    207207
    208 _textprevresults_ {Previous _cgiargo_ results}
    209 _textnextresults_ {Next _cgiargo_ results}
     208_textprevresults_ {Previous _cgiargoHtmlsafe_ results}
     209_textnextresults_ {Next _cgiargoHtmlsafe_ results}
    210210
    211211# Search history macros
     
    344344_textarticleview_ {Article view}
    345345_textarticletextviewsidebar_ {
    346 <p><a class="dark" href="_gwcgi_?a=d&amp;d=_cgiargd_&amp;cl=_cgiargcl_&amp;srpos=_cgiargsrpos_&amp;_state_"><b>Click here to view this newspaper article</b></a></p>
    347 
    348 <p>This text was automatically generated by a computer. It has not been manually reviewed or corrected and may include errors. You can view the article in its <a class="dark" href="_gwcgi_?a=d&amp;d=_cgiargd_&amp;cl=_cgiargcl_&amp;srpos=_cgiargsrpos_&amp;_state_">original format</a> or read the <a class="dark" href="_gwcgi_?a=d&amp;d=_documentlevel:documentoid_._logicalsectionlevel:logicalsectionmetafirstpagelink_&amp;_state_">entire page</a>.</p>
     346<p><a class="dark" href="_gwcgi_?a=d&amp;d=_cgiargdUrlsafe_&amp;cl=_cgiargclUrlsafe_&amp;srpos=_cgiargsrposUrlsafe_&amp;_state_"><b>Click here to view this newspaper article</b></a></p>
     347
     348<p>This text was automatically generated by a computer. It has not been manually reviewed or corrected and may include errors. You can view the article in its <a class="dark" href="_gwcgi_?a=d&amp;d=_cgiargdUrlsafe_&amp;cl=_cgiargclUrlsafe_&amp;srpos=_cgiargsrposUrlsafe_&amp;_state_">original format</a> or read the <a class="dark" href="_gwcgi_?a=d&amp;d=_documentlevel:documentoid_._logicalsectionlevel:logicalsectionmetafirstpagelink_&amp;_state_">entire page</a>.</p>
    349349
    350350<h4>About the computer-generated text</h4>
Note: See TracChangeset for help on using the changeset viewer.