Changeset 28899 for main/trunk/greenstone2/runtime-src/src/recpt/authenaction.cpp

Timestamp:

2014-03-14T22:46:25+13:00 (10 years ago)

Author:

ak19

Message:

Third commit for security, for ensuring cgiargs macros are websafe. This time all the changes to the runtime action classes.

File:

• main/trunk/greenstone2/runtime-src/src/recpt/authenaction.cpp (modified) (2 diffs)

main/trunk/greenstone2/runtime-src/src/recpt/authenaction.cpp

@@ -308 +308 @@
   //      _authen:hiddenargs_   to contain all the arguments that were
   //                            explicitly set
-  disp.setmacro ("messagestatus", "authen", ("_authen:message" + args["us"]
+  disp.setmacro ("messagestatus", "authen", ("_authen:message" + encodeForHTML(args["us"])
                          + "_"));
   // change style of header and footer if page is a frame
@@ -339 +339 @@
     saveconfset.find((*args_here).first) == saveconfset.end()) {
       hiddenargs += "<input type=hidden name=\"" + (*args_here).first +
-    "\" value=\"_cgiarg" + (*args_here).first + "_\">\n";
+    "\" value=\"_cgiarg" + (*args_here).first + "Attrsafe_\">\n";
     }
     ++args_here;