Changeset 28899 for main/trunk/greenstone2/runtime-src/src/recpt/usersaction.cpp

Timestamp:

2014-03-14T22:46:25+13:00 (10 years ago)

Author:

ak19

Message:

Third commit for security, for ensuring cgiargs macros are websafe. This time all the changes to the runtime action classes.

File:

• main/trunk/greenstone2/runtime-src/src/recpt/usersaction.cpp (modified) (1 diff)

main/trunk/greenstone2/runtime-src/src/recpt/usersaction.cpp

@@ -235 +235 @@
     if (user_database->get_user_info(*users_here, userinfo) == ERRNO_SUCCEED) {
       textout << outconvert << disp
-          << "<tr><td bgcolor=\"\\#eeeeee\">" << userinfo.username << "</td>\n"
+          << "<tr><td bgcolor=\"\\#eeeeee\">" << encodeForHTML(userinfo.username) << "</td>\n"
               << "<td bgcolor=\"\\#eeeeee\">" << (char *) (userinfo.enabled ? "enabled" : "disabled") << "</td>\n"
-          << "<td bgcolor=\"\\#eeeeee\">" << userinfo.groups << "&nbsp;</td>\n"
-          << "<td bgcolor=\"\\#eeeeee\">" << userinfo.comment << "&nbsp;</td>\n"
+          << "<td bgcolor=\"\\#eeeeee\">" << encodeForHTML(userinfo.groups) << "&nbsp;</td>\n"
+          << "<td bgcolor=\"\\#eeeeee\">" << encodeForHTML(userinfo.comment) << "&nbsp;</td>\n"
           << "<td><a href=\"_httpcurrentdocument_&a=um&uma=edituser&umun="
-          << userinfo.username << "\">_userslistusers:textedituser_</a> "
+          << encodeForHTML(userinfo.username) << "\">_userslistusers:textedituser_</a> "
           << "<a href=\"_httpcurrentdocument_&a=um&uma=deleteuser&umun="
-          << userinfo.username << "\">_userslistusers:textdeleteuser_</a>"
+          << encodeForHTML(userinfo.username) << "\">_userslistusers:textdeleteuser_</a>"
           << "</td></tr>\n\n";