Changeset 28899 for main/trunk/greenstone2/runtime-src/src/recpt/receptionist.cpp

Timestamp:

2014-03-14T22:46:25+13:00 (10 years ago)

Author:

ak19

Message:

Third commit for security, for ensuring cgiargs macros are websafe. This time all the changes to the runtime action classes.

File:

• main/trunk/greenstone2/runtime-src/src/recpt/receptionist.cpp (modified) (1 diff)

main/trunk/greenstone2/runtime-src/src/recpt/receptionist.cpp

@@ -1533 +1533 @@
     text_t urlsafe = encodeForURL(macrovalue);
     text_t jssafe = encodeForJavascript(macrovalue); // with default setting will return \\x and \\u for macro files
-    text_t csssafe = encodeForCSS(macrovalue);
+    text_t csssafe = encodeForCSS(macrovalue); // not yet used anywhere, but is available for use in macros
+    text_t sqlsafe = encodeForSQL(macrovalue);
 
     disp.setmacro ("cgiarg" + (*argshere).first + "Htmlsafe", displayclass::defaultpackage, htmlsafe);    
     disp.setmacro ("cgiarg" + (*argshere).first + "Attrsafe", displayclass::defaultpackage, attrsafe);
+    disp.setmacro ("cgiarg" + (*argshere).first + "Urlsafe", displayclass::defaultpackage, urlsafe);
     disp.setmacro ("cgiarg" + (*argshere).first + "Jssafe", displayclass::defaultpackage, jssafe);
     disp.setmacro ("cgiarg" + (*argshere).first + "Csssafe", displayclass::defaultpackage, csssafe);
-    disp.setmacro ("cgiarg" + (*argshere).first + "Urlsafe", displayclass::defaultpackage, urlsafe);
+    disp.setmacro ("cgiarg" + (*argshere).first + "Sqlsafe", displayclass::defaultpackage, sqlsafe);