[Zope-Checkins] CVS: Zope/lib/python/Products/ZCatalog/dtml - addIndexForm.dtml:1.3 catalogAddRowForm.dtml:1.3 catalogAdvanced.dtml:1.4 catalogFind.dtml:1.4 catalogIndexes.dtml:1.8 catalogObjectInformation.dtml:1.5 catalogSchema.dtml:1.4 catalogStatus.dtml:1.3 catalogView.dtml:1.8 editCatalogerForm.dtml:1.3 manage_vocab.dtml:1.4 vocab_manage_main.dtml:1.3
Florent Guillaume
fg@nuxeo.com
Sun, 22 Dec 2002 12:54:38 -0500
Update of /cvs-repository/Zope/lib/python/Products/ZCatalog/dtml
In directory cvs.zope.org:/tmp/cvs-serv14380/lib/python/Products/ZCatalog/dtml
Modified Files:
addIndexForm.dtml catalogAddRowForm.dtml catalogAdvanced.dtml
catalogFind.dtml catalogIndexes.dtml
catalogObjectInformation.dtml catalogSchema.dtml
catalogStatus.dtml catalogView.dtml editCatalogerForm.dtml
manage_vocab.dtml vocab_manage_main.dtml
Log Message:
Merged efge-death-to-dtml-var-branch into HEAD:
Removed most <dtml-var> to replace them with &dtml-foo;.
This corrects a number of potential XSS holes, and simplifies
auditability of the remaining legitimate <dtml-var>.
=== Zope/lib/python/Products/ZCatalog/dtml/addIndexForm.dtml 1.2 => 1.3 ===
--- Zope/lib/python/Products/ZCatalog/dtml/addIndexForm.dtml:1.2 Wed May 30 11:57:37 2001
+++ Zope/lib/python/Products/ZCatalog/dtml/addIndexForm.dtml Sun Dec 22 12:54:07 2002
@@ -11,7 +11,7 @@
</p>
<form action="manage_addIndex" method="post">
-<input type=hidden name="type" value="<dtml-var index_type>">
+<input type=hidden name="type" value="&dtml-index_type;">
<table cellspacing="0" cellpadding="2" border="0">
<tr>
=== Zope/lib/python/Products/ZCatalog/dtml/catalogAddRowForm.dtml 1.2 => 1.3 ===
--- Zope/lib/python/Products/ZCatalog/dtml/catalogAddRowForm.dtml:1.2 Mon Jan 8 17:47:03 2001
+++ Zope/lib/python/Products/ZCatalog/dtml/catalogAddRowForm.dtml Sun Dec 22 12:54:07 2002
@@ -1,7 +1,7 @@
<dtml-var manage_page_header>
<dtml-var manage_tabs>
-<form action="<dtml-var URL1>">
+<form action="&dtml-URL1;">
=== Zope/lib/python/Products/ZCatalog/dtml/catalogAdvanced.dtml 1.3 => 1.4 ===
--- Zope/lib/python/Products/ZCatalog/dtml/catalogAdvanced.dtml:1.3 Fri Jan 26 14:00:13 2001
+++ Zope/lib/python/Products/ZCatalog/dtml/catalogAdvanced.dtml Sun Dec 22 12:54:07 2002
@@ -18,7 +18,7 @@
</p>
</td>
<td align="right" valign="top">
-<form action="<dtml-var URL1>">
+<form action="&dtml-URL1;">
<input class="form-element" type="submit"
name="manage_catalogReindex:method" value=" Update Catalog ">
</form>
@@ -30,7 +30,7 @@
</p>
</td>
<td align="right" valign="top">
-<form action="<dtml-var URL1>">
+<form action="&dtml-URL1;">
<input class="form-element" type="submit"
name="manage_catalogClear:method" value=" Clear Catalog ">
</form>
@@ -80,7 +80,7 @@
</dtml-if></p>
</td>
<td align="right" valign="top">
- <form action="<dtml-var URL1>" method="POST">
+ <form action="&dtml-URL1;" method="POST">
<div class="form-element">
<dtml-if threshold>
<input class="form-element" type="submit"
@@ -109,8 +109,7 @@
<td align="right" valign="top">
<form action="manage_edit" method=POST>
<div class="form-element">
- <input name="threshold:int" value="<dtml-var
- threshold html_quote>" />
+ <input name="threshold:int" value="&dtml-threshold;" />
<input type="submit" name="submit" value="Set Threshold">
</div>
</form>
=== Zope/lib/python/Products/ZCatalog/dtml/catalogFind.dtml 1.3 => 1.4 ===
--- Zope/lib/python/Products/ZCatalog/dtml/catalogFind.dtml:1.3 Mon Jan 15 17:15:17 2001
+++ Zope/lib/python/Products/ZCatalog/dtml/catalogFind.dtml Sun Dec 22 12:54:07 2002
@@ -19,7 +19,7 @@
<SELECT NAME="obj_metatypes:list" SIZE="4" MULTIPLE>
<OPTION VALUE="all" SELECTED> All types
<dtml-in all_meta_types mapping>
- <OPTION VALUE="<dtml-var name html_quote>"> <dtml-var name>
+ <OPTION VALUE="&dtml-name;"> &dtml-name;
</dtml-in>
</SELECT>
</div>
@@ -85,7 +85,7 @@
<div class="form-element">
<SELECT NAME="obj_roles:list" SIZE="3" MULTIPLE>
<dtml-in valid_roles>
- <OPTION VALUE="<dtml-var sequence-item html_quote>"> <dtml-var sequence-item>
+ <OPTION VALUE="&dtml-sequence-item;"> &dtml-sequence-item;
</dtml-in>
</SELECT>
</div>
@@ -101,7 +101,7 @@
<div class="form-element">
<SELECT NAME="obj_permission">
<dtml-in permission_settings mapping>
- <OPTION VALUE="<dtml-var name html_quote>"> <dtml-var name>
+ <OPTION VALUE="&dtml-name;"> &dtml-name;
</dtml-in>
</SELECT>
</div>
=== Zope/lib/python/Products/ZCatalog/dtml/catalogIndexes.dtml 1.7 => 1.8 ===
--- Zope/lib/python/Products/ZCatalog/dtml/catalogIndexes.dtml:1.7 Fri Jun 28 13:25:24 2002
+++ Zope/lib/python/Products/ZCatalog/dtml/catalogIndexes.dtml Sun Dec 22 12:54:07 2002
@@ -142,11 +142,11 @@
<td>
<div class="list-item">
<dtml-if "_.string.find(_.str(_.getattr(this(),'__implements__','old')),'PluggableIndexInterface')>-1">
- <dtml-var meta_type>
+ &dtml-meta_type;
<dtml-else>
<dtml-call "REQUEST.set('oldidx',1)">
(pre-2.4 index)
- <dtml-var meta_type>
+ &dtml-meta_type;
</dtml-if>
</div>
</td>
=== Zope/lib/python/Products/ZCatalog/dtml/catalogObjectInformation.dtml 1.4 => 1.5 ===
--- Zope/lib/python/Products/ZCatalog/dtml/catalogObjectInformation.dtml:1.4 Thu Apr 5 12:06:50 2001
+++ Zope/lib/python/Products/ZCatalog/dtml/catalogObjectInformation.dtml Sun Dec 22 12:54:07 2002
@@ -10,7 +10,7 @@
<tr class="location-bar">
<td colspan="2" align="left">
<div class="std-text">
- <strong>Catalog record at <dtml-var expr="getpath(_.int(rid))"></strong>
+ <strong>Catalog record at <dtml-var expr="getpath(_.int(rid))" html_quote></strong>
</div>
</td>
</tr>
=== Zope/lib/python/Products/ZCatalog/dtml/catalogSchema.dtml 1.3 => 1.4 ===
--- Zope/lib/python/Products/ZCatalog/dtml/catalogSchema.dtml:1.3 Tue Jun 11 16:20:12 2002
+++ Zope/lib/python/Products/ZCatalog/dtml/catalogSchema.dtml Sun Dec 22 12:54:07 2002
@@ -22,18 +22,17 @@
tab). This way, the summary data may be shown in the search results.
</p>
-<form action="<dtml-var URL1>">
+<form action="&dtml-URL1;">
<table cellspacing="0" cellpadding="2" border="0">
<dtml-in schema sort=sequence-item>
<tr>
<td align="left" valign="top">
- <input type="checkbox" name="names:list" value="<dtml-var
- sequence-item html_quote>" />
+ <input type="checkbox" name="names:list" value="&dtml-sequence-item;" />
</td>
<td align="left" valign="top">
<div class="form-text">
- <dtml-var sequence-item>
+ &dtml-sequence-item;
</div>
</td>
</tr>
=== Zope/lib/python/Products/ZCatalog/dtml/catalogStatus.dtml 1.2 => 1.3 ===
--- Zope/lib/python/Products/ZCatalog/dtml/catalogStatus.dtml:1.2 Mon Jan 8 17:47:03 2001
+++ Zope/lib/python/Products/ZCatalog/dtml/catalogStatus.dtml Sun Dec 22 12:54:07 2002
@@ -26,7 +26,7 @@
<font color="red"><b>Disabled</b></font>
</dtml-if></h3>
- <form action="<dtml-var URL1>" method="POST">
+ <form action="&dtml-URL1;" method="POST">
<div class="form-element">
<dtml-if threshold>
<input class="form-element" type="submit"
@@ -49,8 +49,7 @@
memory. If this number is higher, the Catalog will index
quickly but consume much more memory.</p>
- Subtransaction threshold: <input name="threshold:int" value="<dtml-var
- threshold html_quote>" />
+ Subtransaction threshold: <input name="threshold:int" value="&dtml-threshold;" />
<br>
<div class="form-element">
<input type="submit" name="submit" value="Save Changes">
@@ -65,7 +64,7 @@
<dtml-in index_objects sort=id>
<li>
<dtml-var "_.len(_['sequence-item'])">
- object are indexed in <b><dtml-var "_['sequence-item'].id"></b>
+ object are indexed in <b><dtml-var "_['sequence-item'].id" html_quote></b>
</li>
</dtml-in>
</ul>
=== Zope/lib/python/Products/ZCatalog/dtml/catalogView.dtml 1.7 => 1.8 ===
--- Zope/lib/python/Products/ZCatalog/dtml/catalogView.dtml:1.7 Mon Dec 16 13:11:31 2002
+++ Zope/lib/python/Products/ZCatalog/dtml/catalogView.dtml Sun Dec 22 12:54:07 2002
@@ -28,20 +28,19 @@
//-->
</script>
-<form action="<dtml-var name="URL1">" name="objectItems">
+<form action="&dtml-URL1;" name="objectItems">
<p class="form-text">
-<dtml-var id> contains <dtml-var
- searchResults fmt=collection-length thousands_commas> record(s).
+&dtml-id; contains <dtml-var searchResults fmt=collection-length thousands_commas> record(s).
</p>
<div class="form-text">
<dtml-in searchResults previous size=20 start=query_start >
- <a href="<dtml-var URL>?query_start=<dtml-var previous-sequence-start-number>">
+ <a href="&dtml-URL;?query_start=<dtml-var previous-sequence-start-number>">
[Previous <dtml-var previous-sequence-size> entries]
</a>
</dtml-in>
<dtml-in searchResults next size=20 start=query_start >
- <a href="<dtml-var URL>?query_start=<dtml-var next-sequence-start-number>">
+ <a href="&dtml-URL;?query_start=<dtml-var next-sequence-start-number>">
[Next <dtml-var next-sequence-size> entries]
</a>
</dtml-in>
@@ -72,7 +71,7 @@
<td align="left" valign="top">
<div class="form-text">
<dtml-if expr="has_key('meta_type') and meta_type">
- <dtml-var name="meta_type" size="15">
+ <dtml-var name="meta_type" size="15" html_quote>
<dtml-else>
<i>Unknown</i>
</dtml-if>
=== Zope/lib/python/Products/ZCatalog/dtml/editCatalogerForm.dtml 1.2 => 1.3 ===
--- Zope/lib/python/Products/ZCatalog/dtml/editCatalogerForm.dtml:1.2 Mon Jan 8 17:47:03 2001
+++ Zope/lib/python/Products/ZCatalog/dtml/editCatalogerForm.dtml Sun Dec 22 12:54:07 2002
@@ -12,7 +12,7 @@
<span class="form-label">
Use Catalog:
</span>
-<input name="default" value="<dtml-var default_catalog html_quote>">
+<input name="default" value="&dtml-default_catalog;">
<br>
<div class="form-element">
<input class="form-element" type="submit" value="Save Changes">
=== Zope/lib/python/Products/ZCatalog/dtml/manage_vocab.dtml 1.3 => 1.4 ===
--- Zope/lib/python/Products/ZCatalog/dtml/manage_vocab.dtml:1.3 Fri Jan 26 14:00:13 2001
+++ Zope/lib/python/Products/ZCatalog/dtml/manage_vocab.dtml Sun Dec 22 12:54:07 2002
@@ -4,21 +4,20 @@
<dtml-if words>
<p class="form-text">
-<dtml-var id> contains <em><dtml-var
- words fmt=collection-length thousands_commas></em>
+&dtml-id; contains <em><dtml-var words fmt=collection-length thousands_commas></em>
word(s).
</p>
<dtml-in words previous size=20 start=query_start >
<span class="list-nav">
- <a href="<dtml-var URL>?query_start=<dtml-var previous-sequence-start-number>">
+ <a href="&dtml-URL;?query_start=<dtml-var previous-sequence-start-number>">
[Previous <dtml-var previous-sequence-size> entries]
</a>
</span>
</dtml-in>
<dtml-in words next size=20 start=query_start >
<span class="list-nav">
- <a href="<dtml-var URL>?query_start=<dtml-var next-sequence-start-number>">
+ <a href="&dtml-URL;?query_start=<dtml-var next-sequence-start-number>">
[Next <dtml-var next-sequence-size> entries]
</a>
</span>
@@ -48,7 +47,7 @@
<dtml-in words previous size=20 start=query_start >
<div class="list-nav">
- <a href="<dtml-var URL>?query_start=<dtml-var previous-sequence-start-number>">
+ <a href="&dtml-URL;?query_start=<dtml-var previous-sequence-start-number>">
[Previous <dtml-var previous-sequence-size> entries]
</a>
</div>
@@ -56,7 +55,7 @@
<dtml-in words next size=20 start=query_start >
<div class="list-nav">
- <a href="<dtml-var URL>?query_start=<dtml-var next-sequence-start-number>">
+ <a href="&dtml-URL;?query_start=<dtml-var next-sequence-start-number>">
[Next <dtml-var next-sequence-size> entries]
</a>
</div>
=== Zope/lib/python/Products/ZCatalog/dtml/vocab_manage_main.dtml 1.2 => 1.3 ===
--- Zope/lib/python/Products/ZCatalog/dtml/vocab_manage_main.dtml:1.2 Mon Jan 8 17:47:03 2001
+++ Zope/lib/python/Products/ZCatalog/dtml/vocab_manage_main.dtml Sun Dec 22 12:54:07 2002
@@ -1,7 +1,7 @@
<dtml-var manage_page_header>
<dtml-var manage_tabs>
-<h2>Edit <dtml-var id></h2>
+<h2>Edit &dtml-id;</h2>
<!--