Changeset 28899 for main/trunk/greenstone2/runtime-src/src/recpt/rssaction.cpp

Timestamp:

2014-03-14T22:46:25+13:00 (10 years ago)

Author:

ak19

Message:

Third commit for security, for ensuring cgiargs macros are websafe. This time all the changes to the runtime action classes.

File:

• main/trunk/greenstone2/runtime-src/src/recpt/rssaction.cpp (modified) (2 diffs)

main/trunk/greenstone2/runtime-src/src/recpt/rssaction.cpp

@@ -70 +70 @@
       << "  <link>_httpdomain__httppageabout_</link>\n"
       << "  <description>_collectionextra_</description>\n"
-      << "  <language>_cgiargl_</language>\n"
+      << "  <language>_cgiarglHtmlsafe_</language>\n"
       << "  <pubDate>Thu, 23 Aug 1999 07:00:00 GMT</pubDate>\n"
       << "  <lastBuildDate>Thu, 23 Aug 1999 16:20:26 GMT</lastBuildDate>\n"
@@ -122 +122 @@
   // If ever adding a custom macro file like rss.dm that mentions the package, need to list rss.dm in etc/main.cfg
 
-  if(disp.havemacro("Global", "httpdomain") == 0) { // if using rss package, willcheck rss and Global packages in order. And if not found:
+  if(disp.havemacro("Global", "httpdomain") == 0) { // if using rss package, will check rss and Global packages in order. And if not found:
     
     if(!args["hostname"].empty()) {
-      disp.setmacro("httpdomain", "Global", "http://" + args["hostname"]);
+      disp.setmacro("httpdomain", "Global", "http://" + encodeForURL(args["hostname"]));
     } 
     else { // we shouldn't have to get here