Changeset 30566

Timestamp:

2016-06-07T18:30:52+12:00 (7 years ago)

Author:

ak19

Message:

Had return statement back to front, returning true when meaning to return false and vice-versa.

File:

• main/trunk/greenstone2/runtime-src/src/recpt/securitytools.cpp (modified) (2 diffs)

main/trunk/greenstone2/runtime-src/src/recpt/securitytools.cpp

@@ -55 +55 @@
     https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.235_-_URL_Escape_Before_Inserting_Untrusted_Data_into_HTML_URL_Parameter_Values
     
-    WARNING: Do not encode complete or relative URL's with URL encoding! If untrusted input is meant to be placed into 
+    WARNING: Do not encode complete or relative URLs with URL encoding! If untrusted input is meant to be placed into 
     href, src or other URL-based attributes, it should be validated to make sure it does not point to an unexpected 
-    protocol, especially Javascript links. URL's should then be encoded based on the context of display like any other
-    piece of data. For example, user driven URL's in HREF links should be attribute encoded. For example:
+    protocol, especially Javascript links. URLs should then be encoded based on the context of display like any other
+    piece of data. For example, user driven URLs in HREF links should be attribute encoded. For example:
 
     String userURL = request.getParameter( "userURL" )
@@ -74 +74 @@
 
   if(findword(here, end, "javascript:") != end) {
-    return true;
-  }
-  return false;
+    return false;
+  }
+  return true;
 }