[Zope-Checkins] CVS: Zope/lib/python/Products/ZSQLMethods/dtml - edit.dtml:1.3.184.1
Florent Guillaume
fg@nuxeo.com
Sun, 22 Dec 2002 11:16:48 -0500
Update of /cvs-repository/Zope/lib/python/Products/ZSQLMethods/dtml
In directory cvs.zope.org:/tmp/cvs-serv2325/lib/python/Products/ZSQLMethods/dtml
Modified Files:
Tag: Zope-2_6-branch
edit.dtml
Log Message:
Fixed insufficient quoting in a number of DTML files when displaying
the title. This closes some actual and potential XSS holes. (Collector #595)
=== Zope/lib/python/Products/ZSQLMethods/dtml/edit.dtml 1.3 => 1.3.184.1 ===
--- Zope/lib/python/Products/ZSQLMethods/dtml/edit.dtml:1.3 Wed Jan 31 16:26:55 2001
+++ Zope/lib/python/Products/ZSQLMethods/dtml/edit.dtml Sun Dec 22 11:16:17 2002
@@ -23,7 +23,7 @@
</td>
<td align="left" valign="top">
<input type="text" name="title" size="40" value="<dtml-if
- title><dtml-var title></dtml-if>">
+ title>&dtml-title;</dtml-if>">
</td>
</tr>
<tr>