Ignore:
Timestamp:
2014-03-18T20:22:59+13:00 (10 years ago)
Author:
ak19
Message:

6th commit for security of cgiargs. Looked over all occurrences of setmacro in *action.cpp files

File:
1 edited

Legend:

Unmodified
Added
Removed

  • main/trunk/greenstone2/runtime-src/src/recpt/usersaction.cpp

    r28899 r28913  
    268268  disp.setmacro ("usersargug", "users", args["umug"]);
    269269  disp.setmacro ("usersargc", "users", args["umc"]);
     270
     271  disp.setmacro ("usersargunAttrsafe", "users", encodeForHTMLAttr(args["umun"]));
     272  disp.setmacro ("usersargpwAttrsafe", "users", encodeForHTMLAttr(args["umpw"]));
     273  disp.setmacro ("usersargusAttrsafe", "users", encodeForHTMLAttr(args["umus"])); // unused in users.dm or other macro files, but setting this attrsafe'd macro in parallel with the other usersarg* values here.
     274  disp.setmacro ("usersargugAttrsafe", "users", encodeForHTMLAttr(args["umug"]));
     275  disp.setmacro ("usersargcAttrsafe", "users", encodeForHTMLAttr(args["umc"]));
     276
    270277}
    271278
Note: See TracChangeset for help on using the changeset viewer.