[Zope-Checkins] CVS: Zope/lib/python/Products/SiteAccess/www - manage_edit.dtml:1.2
Florent Guillaume
fg@nuxeo.com
Sun, 22 Dec 2002 12:54:35 -0500
Update of /cvs-repository/Zope/lib/python/Products/SiteAccess/www
In directory cvs.zope.org:/tmp/cvs-serv14380/lib/python/Products/SiteAccess/www
Modified Files:
manage_edit.dtml
Log Message:
Merged efge-death-to-dtml-var-branch into HEAD:
Removed most <dtml-var> to replace them with &dtml-foo;.
This corrects a number of potential XSS holes, and simplifies
auditability of the remaining legitimate <dtml-var>.
=== Zope/lib/python/Products/SiteAccess/www/manage_edit.dtml 1.1 => 1.2 ===
--- Zope/lib/python/Products/SiteAccess/www/manage_edit.dtml:1.1 Tue Dec 4 15:59:10 2001
+++ Zope/lib/python/Products/SiteAccess/www/manage_edit.dtml Sun Dec 22 12:54:04 2002
@@ -29,9 +29,8 @@
or a set of hosts (<strong>*.host/path</strong>).
<div style="width: 100%;">
<textarea name="map_text:text" wrap="off" style="width: 100%;"<dtml-if
- dtpref_cols> cols="<dtml-var dtpref_cols>"<dtml-else
- > cols="50"</dtml-if><dtml-if dtpref_rows> rows="<dtml-var
- dtpref_rows>"<dtml-else> rows="20"</dtml-if>><dtml-in
+ dtpref_cols> cols="&dtml-dtpref_cols;"<dtml-else
+ > cols="50"</dtml-if><dtml-if dtpref_rows> rows="&dtml-dtpref_rows;"<dtml-else> rows="20"</dtml-if>><dtml-in
lines>&dtml-sequence-item;
</dtml-in></textarea>
</div>