- Timestamp:
- 2014-03-14T17:13:56+13:00 (10 years ago)
- Location:
- main/trunk/greenstone2
- Files:
-
- 14 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone2/macros/authen.dm
r28888 r28898 16 16 <form name="login" method="post" action="_gwcgi_"> 17 17 ) 18 <input type=hidden name="e" value="_If_(_cgiarger_,_cgiargerAttrsafe_,_decodedcompressedoptions _)">18 <input type=hidden name="e" value="_If_(_cgiarger_,_cgiargerAttrsafe_,_decodedcompressedoptionsAttrsafe_)"> 19 19 _hiddenargs_ 20 20 <center><table width="_pagewidth_"> -
main/trunk/greenstone2/macros/browse.dm
r28888 r28898 42 42 43 43 <input type=hidden name="a" value="br"> 44 <input type=hidden name="e" value="_decodedcompressedoptions _">44 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 45 45 <p> 46 46 _textfilterby_ _anyallselect_ _textwords_<br> -
main/trunk/greenstone2/macros/collect.dm
r28888 r28898 52 52 _introcontent_ { 53 53 <form name="collectorform" method=post action="_gwcgi_"> 54 <input type=hidden name="e" value="_decodedcompressedoptions _">54 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 55 55 56 56 <center> … … 143 143 _existingcontent_ { 144 144 <form name="collectorform" method=post action="_gwcgi_"> 145 <input type=hidden name="e" value="_decodedcompressedoptions _">145 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 146 146 <input type=hidden name="p" value="_cgiargpAttrsafe_"> 147 147 <input type=hidden name="bc1dodelete" value="0"> … … 246 246 _infocontent_ { 247 247 <form name="collectorform" method=post action="_gwcgi_"> 248 <input type=hidden name="e" value="_decodedcompressedoptions _">248 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 249 249 <input type=hidden name="p" value="_cgiargpAttrsafe_"> 250 250 <input type=hidden name="bc1infochanged" value="0"> … … 370 370 _srcecontent_ { 371 371 <form name="collectorform" method=post action="_gwcgi_"> 372 <input type=hidden name="e" value="_decodedcompressedoptions _">372 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 373 373 <input type=hidden name="p" value="_cgiargpAttrsafe_"> 374 374 <input type=hidden name="bc1fromsrce" value="0"> … … 423 423 _confcontent_ { 424 424 <form name="collectorform" method=post action="_gwcgi_"> 425 <input type=hidden name="e" value="_decodedcompressedoptions _">425 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 426 426 <input type=hidden name="p" value="_cgiargpAttrsafe_"> 427 427 <input type=hidden name="bc1cfgchanged" value="_cgiargbc1cfgchangedAttrsafe_"> … … 475 475 476 476 <form name="collectorform" method=post action="_gwcgi_"> 477 <input type=hidden name="e" value="_decodedcompressedoptions _">477 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 478 478 <input type=hidden name="p" value="_cgiargpAttrsafe_"> 479 479 … … 528 528 _bildframe1content_ { 529 529 <form name="collectorform" method=post action="_gwcgi_"> 530 <input type=hidden name="e" value="_decodedcompressedoptions _">530 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 531 531 <input type=hidden name="p" value="bildcancel"> 532 532 … … 571 571 _bildcancelcontent_ { 572 572 <form name="collectorform" method=post action="_gwcgi_"> 573 <input type=hidden name="e" value="_decodedcompressedoptions _">573 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 574 574 <input type=hidden name="p" value="_cgiargpAttrsafe_"> 575 575 … … 630 630 _bildstatuscontent_ { 631 631 <form name="collectorform" method=post action="_gwcgi_"> 632 <input type=hidden name="e" value="_decodedcompressedoptions _">632 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 633 633 <center> 634 634 <table width=_pagewidth_> … … 682 682 _bildfailcontent_ { 683 683 <form name="collectorform" method=post action="_gwcgi_"> 684 <input type=hidden name="e" value="_decodedcompressedoptions _">684 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 685 685 <input type=hidden name="p" value="_cgiargpAttrsafe_"> 686 686 … … 739 739 _messagehead_ { 740 740 <form name="collectorform" method=post action="_gwcgi_"> 741 <input type=hidden name="e" value="_decodedcompressedoptions _">741 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 742 742 743 743 <center> -
main/trunk/greenstone2/macros/dateqry.dm
r28888 r28898 67 67 68 68 <input type=hidden name="a" value="q"> 69 <input type=hidden name="e" value="_decodedcompressedoptions _">69 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 70 70 <input type=hidden name="r" value="1"> 71 71 <input type=hidden name="hs" value="1"> -
main/trunk/greenstone2/macros/deposit.dm
r28888 r28898 125 125 _selectcontent_ { 126 126 <form name="depositorform" method=post action="_gwcgi_"> 127 <input type=hidden name="e" value="_decodedcompressedoptions _">127 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 128 128 <input type=hidden name="p" value="intro"> 129 129 <input type=hidden name="c" value=""> … … 229 229 <form name="depositorform" method=post action="_gwcgi_" enctype="multipart/form-data"> 230 230 231 <input type=hidden name="e" value="_decodedcompressedoptions _">231 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 232 232 <input type=hidden name="p" value="_cgiargpAttrsafe_"> 233 233 … … 274 274 _step2content_ { 275 275 <form name="depositorform" method=post action="_gwcgi_" enctype="multipart/form-data"> 276 <input type=hidden name="e" value="_decodedcompressedoptions _">276 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 277 277 <input type=hidden name="p" value="_cgiargpAttrsafe_"> 278 278 <center> … … 310 310 _step3content_ { 311 311 <form name="depositorform" method=post action="_gwcgi_" enctype="multipart/form-data"> 312 <input type=hidden name="e" value="_decodedcompressedoptions _">312 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 313 313 <input type=hidden name="p" value="_cgiargpAttrsafe_"> 314 314 <center> … … 347 347 348 348 <form name="depositorform" method=post action="_gwcgi_"> 349 <input type=hidden name="e" value="_decodedcompressedoptions _">349 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 350 350 <input type=hidden name="p" value="_cgiargpAttrsafe_"> 351 351 … … 406 406 _bildframe1content_ { 407 407 <form name="depositorform" method=post action="_gwcgi_"> 408 <input type=hidden name="e" value="_decodedcompressedoptions _">408 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 409 409 <input type=hidden name="p" value="bildcancel"> 410 410 … … 449 449 _bildcancelcontent_ { 450 450 <form name="depositorform" method=post action="_gwcgi_"> 451 <input type=hidden name="e" value="_decodedcompressedoptions _">451 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 452 452 <input type=hidden name="p" value="_cgiargpAttrsafe_"> 453 453 … … 508 508 _bildstatuscontent_ { 509 509 <form name="depositorform" method=post action="_gwcgi_"> 510 <input type=hidden name="e" value="_decodedcompressedoptions _">510 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 511 511 512 512 <center> … … 572 572 _bildfailcontent_ { 573 573 <form name="depositorform" method=post action="_gwcgi_"> 574 <input type=hidden name="e" value="_decodedcompressedoptions _">574 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 575 575 <input type=hidden name="p" value="_cgiargpAttrsafe_"> 576 576 … … 631 631 _messagehead_ { 632 632 <form name="depositorform" method=post action="_gwcgi_"> 633 <input type=hidden name="e" value="_decodedcompressedoptions _">633 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 634 634 635 635 <center> -
main/trunk/greenstone2/macros/depositdspace.dm
r28888 r28898 636 636 _selectcontent_ { 637 637 <form name="depositorform" method=post action="_gwcgi_"> 638 <input type=hidden name="e" value="_decodedcompressedoptions _">638 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 639 639 <input type=hidden name="p" value="intro"> 640 640 <input type=hidden name="c" value=""> … … 672 672 _step0content_ { 673 673 <form name="depositorform" method=post action="_gwcgi_" enctype="multipart/form-data"> 674 <input type=hidden name="e" value="_decodedcompressedoptions _">674 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 675 675 <input type=hidden name="p" value="step1"> 676 676 … … 803 803 _step1content_ { 804 804 <form name="depositorform" method=post action="_gwcgi_" enctype="multipart/form-data"> 805 <input type=hidden name="e" value="_decodedcompressedoptions _">805 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 806 806 <input type=hidden name="p" value="step1"> 807 807 <center> … … 1018 1018 _step2content_ { 1019 1019 <form name="depositorform" method=post action="_gwcgi_" enctype="multipart/form-data"> 1020 <input type=hidden name="e" value="_decodedcompressedoptions _">1020 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 1021 1021 <input type=hidden name="p" value="step2"> 1022 1022 … … 1127 1127 _step3content_ { 1128 1128 <form name="depositorform" method=post action="_gwcgi_" enctype="multipart/form-data"> 1129 <input type=hidden name="e" value="_decodedcompressedoptions _">1129 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 1130 1130 <input type=hidden name="p" value="step3"> 1131 1131 … … 1210 1210 _step4content_ { 1211 1211 <form name="depositorform" method=post action="_gwcgi_" enctype="multipart/form-data"> 1212 <input type=hidden name="e" value="_decodedcompressedoptions _">1212 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 1213 1213 <input type=hidden name="p" value="step4"> 1214 1214 … … 1324 1324 _step5content_ { 1325 1325 <form name="depositorform" method=post action="_gwcgi_" enctype="multipart/form-data"> 1326 <input type=hidden name="e" value="_decodedcompressedoptions _">1326 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 1327 1327 <input type=hidden name="p" value="step5"> 1328 1328 … … 1547 1547 _step6content_ { 1548 1548 <form id="depositorform" name="depositorform" method=post action="_gwcgi_" enctype="multipart/form-data"> 1549 <input type=hidden name="e" value="_decodedcompressedoptions _">1549 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 1550 1550 <input type=hidden name="p" value="step6"> 1551 1551 … … 1649 1649 _step7content_ { 1650 1650 <form name="depositorform" method=post action="_gwcgi_" enctype="multipart/form-data"> 1651 <input type=hidden name="e" value="_decodedcompressedoptions _">1651 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 1652 1652 <input type=hidden name="p" value="step7"> 1653 1653 … … 1700 1700 1701 1701 <form name="depositorform" method=post action="_gwcgi_"> 1702 <input type=hidden name="e" value="_decodedcompressedoptions _">1702 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 1703 1703 <input type=hidden name="p" value="_cgiargpAttrsafe_"> 1704 1704 … … 1759 1759 _bildframe1content_ { 1760 1760 <form name="depositorform" method=post action="_gwcgi_"> 1761 <input type=hidden name="e" value="_decodedcompressedoptions _">1761 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 1762 1762 <input type=hidden name="p" value="bildcancel"> 1763 1763 … … 1802 1802 _bildcancelcontent_ { 1803 1803 <form name="depositorform" method=post action="_gwcgi_"> 1804 <input type=hidden name="e" value="_decodedcompressedoptions _">1804 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 1805 1805 <input type=hidden name="p" value="_cgiargpAttrsafe_"> 1806 1806 … … 1861 1861 _bildstatuscontent_ { 1862 1862 <form name="depositorform" method=post action="_gwcgi_"> 1863 <input type=hidden name="e" value="_decodedcompressedoptions _">1863 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 1864 1864 1865 1865 <center> … … 1925 1925 _bildfailcontent_ { 1926 1926 <form name="depositorform" method=post action="_gwcgi_"> 1927 <input type=hidden name="e" value="_decodedcompressedoptions _">1927 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 1928 1928 <input type=hidden name="p" value="_cgiargpAttrsafe_"> 1929 1929 … … 1984 1984 _messagehead_ { 1985 1985 <form name="depositorform" method=post action="_gwcgi_"> 1986 <input type=hidden name="e" value="_decodedcompressedoptions _">1986 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 1987 1987 1988 1988 <center> -
main/trunk/greenstone2/macros/document.dm
r28888 r28898 296 296 _gotoform_ { 297 297 <form name="GotoForm" method="get" action="_gwcgi_"> 298 <input type=hidden name="e" value="_decodedcompressedoptions _">298 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 299 299 <input type=hidden name="d" value="_cgiargdAttrsafe_"> 300 300 <input type=hidden name="cl" value="_cgiargclAttrsafe_"> -
main/trunk/greenstone2/macros/pref.dm
r28888 r28898 511 511 512 512 <form name=PrefForm method=get action="_gwcgi_"> 513 <input type="hidden" name="e" value="_decodedcompressedoptions _">513 <input type="hidden" name="e" value="_decodedcompressedoptionsAttrsafe_"> 514 514 _If_(_collectionoption_,_collectionprefs_) 515 515 _presentationprefs_ -
main/trunk/greenstone2/macros/query.dm
r28888 r28898 884 884 } 885 885 886 _smallquerybox_ {<nobr><input type="text" name="q" value="_cgiargq Attrsafe_" size="50"> <input type="submit" value="_textbeginsearch_"></nobr>}886 _smallquerybox_ {<nobr><input type="text" name="q" value="_cgiargq_" size="50"> <input type="submit" value="_textbeginsearch_"></nobr>} 887 887 888 888 _largequerybox_ { 889 889 <tr><td><textarea name="q" cols="63" rows="10"> 890 _cgiargq Htmlsafe_890 _cgiargq_ 891 891 </textarea></td></tr> 892 892 <tr align="right"><td><table> … … 973 973 <table> 974 974 <tr><td align="left">_textadvquery_</td></tr> 975 <tr><td><textarea name="q" cols="57" rows="3" onChange="updateq();">_cgiargq Htmlsafe_</textarea></td>975 <tr><td><textarea name="q" cols="57" rows="3" onChange="updateq();">_cgiargq_</textarea></td> 976 976 <td valign="bottom"> 977 977 <input type="button" value="_textrunquery_" onClick="runQuery();"></td></tr> -
main/trunk/greenstone2/macros/status.dm
r18652 r28898 123 123 <form name="maincfgform" method=post action="_gwcgi_"> 124 124 <input type=hidden name="p" value="changemaincfg"> 125 <input type=hidden name="e" value="_decodedcompressedoptions _">125 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 126 126 <p>_If_(_maincfgfile_,<textarea name="cfgfile" cols=72 rows=18 wrap=off> 127 127 _maincfgfile_ -
main/trunk/greenstone2/macros/users.dm
r28888 r28898 57 57 58 58 <form name="edituser" method="post" action="_gwcgi_"> 59 <input type=hidden name="e" value="_decodedcompressedoptions _">59 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 60 60 <input type=hidden name="a" value="um"> 61 61 <input type=hidden name="uma" value="_cgiargumaAttrsafe_"> … … 110 110 <tr><td> 111 111 <form name="deleteuser" method="post" action="_gwcgi_"> 112 <input type=hidden name="e" value="_decodedcompressedoptions _">112 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 113 113 <input type=hidden name="a" value="um"> 114 114 <input type=hidden name="uma" value="_cgiargumaAttrsafe_"> … … 148 148 <p> 149 149 <form name="changepasswd" method="post" action="_gwcgi_"> 150 <input type=hidden name="e" value="_decodedcompressedoptions _">150 <input type=hidden name="e" value="_decodedcompressedoptionsAttrsafe_"> 151 151 <input type=hidden name="a" value="um"> 152 152 <input type=hidden name="uma" value="_cgiargumaAttrsafe_"> -
main/trunk/greenstone2/runtime-src/src/recpt/receptionist.cpp
r28888 r28898 1532 1532 text_t attrsafe = encodeForHTMLAttr(macrovalue); 1533 1533 text_t urlsafe = encodeForURL(macrovalue); 1534 text_t jssafe = encodeForJavascript(macrovalue); 1534 text_t jssafe = encodeForJavascript(macrovalue); // with default setting will return \\x and \\u for macro files 1535 1535 text_t csssafe = encodeForCSS(macrovalue); 1536 1536 -
main/trunk/greenstone2/runtime-src/src/recpt/securitytools.cpp
r28888 r28898 125 125 } 126 126 127 text_t encodeForJavascript(const text_t& in, const text_t& immuneChars) { 128 text_t out; 129 text_t::const_iterator here = in.begin(); 130 text_t::const_iterator end = in.end(); 131 while (here != end) { 132 out += encodeForJavascript(immuneChars, *here); // IMMUNE_JAVASCRIPT by default 133 ++here; 134 } 135 return out; 136 } 127 text_t encodeForJavascript(const text_t& in, const text_t& immuneChars, bool dmsafe) { 128 text_t out; 129 text_t::const_iterator here = in.begin(); 130 text_t::const_iterator end = in.end(); 131 while (here != end) { 132 out += encodeForJavascript(immuneChars, *here, dmsafe); // IMMUNE_JAVASCRIPT by default 133 ++here; 134 } 135 return out; 136 } 137 137 138 138 139 text_t encodeForMySQL(const text_t& in, const text_t& immuneChars, const SQLMode mode) { … … 259 260 260 261 // http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java 261 text_t encodeForJavascript(const text_t& immuneChars, const unsigned short in ) {262 text_t encodeForJavascript(const text_t& immuneChars, const unsigned short in, bool dmsafe) { 262 263 263 264 text_t result = ""; … … 294 295 char hex_char[3]; 295 296 sprintf(hex_char,"%02X",in); 296 result = "\\x" + text_t(hex_char); 297 298 if(dmsafe) { // double escape backslashes for macro files 299 result = "\\\\x" + text_t(hex_char); 300 } else { 301 result = "\\x" + text_t(hex_char); 302 } 297 303 } 298 304 // otherwise encode with \\uHHHH … … 300 306 char hex_char[5]; 301 307 sprintf(hex_char,"%04X",in); 302 result = "\\u" + text_t(hex_char); 308 if(dmsafe) { // double escape backslashes for macro files 309 result = "\\\\u" + text_t(hex_char); 310 } else { 311 result = "\\u" + text_t(hex_char); 312 } 303 313 } 304 314 -
main/trunk/greenstone2/runtime-src/src/recpt/securitytools.h
r28888 r28898 25 25 text_t encodeForHTML(const text_t& input, const text_t& immuneChars=IMMUNE_HTML); 26 26 text_t encodeForURL(const text_t& input, const text_t& immuneChars=IMMUNE_URL); 27 text_t encodeForJavascript(const text_t& input, const text_t& immuneChars=IMMUNE_JAVASCRIPT );27 text_t encodeForJavascript(const text_t& input, const text_t& immuneChars=IMMUNE_JAVASCRIPT, bool dmsafe=true); 28 28 text_t encodeForHTMLAttr(const text_t& input, const text_t& immuneChars=IMMUNE_HTMLATTR); 29 29 text_t encodeForCSS(const text_t& input, const text_t& immuneChars=IMMUNE_CSS); … … 33 33 text_t encodeForHTML(const text_t& immuneChars, const unsigned short input); 34 34 text_t encodeForURL(const text_t& immuneChars, const unsigned short input); 35 text_t encodeForJavascript(const text_t& immuneChars, const unsigned short input );35 text_t encodeForJavascript(const text_t& immuneChars, const unsigned short input, bool dmsafe); 36 36 text_t encodeForCSS(const text_t& immuneChars, const unsigned short input); 37 37 text_t encodeForMySQL(const text_t& immuneChars, const unsigned short input, const SQLMode mode);
Note:
See TracChangeset
for help on using the changeset viewer.