[Zope-Checkins] CVS: Zope/lib/python/Products/ZGadflyDA/dtml - connectionAdd.dtml:1.3 connectionEdit.dtml:1.3 table_info.dtml:1.3 table_menu.dtml:1.3 tables.dtml:1.3
Florent Guillaume
fg@nuxeo.com
Sun, 22 Dec 2002 12:54:39 -0500
Update of /cvs-repository/Zope/lib/python/Products/ZGadflyDA/dtml
In directory cvs.zope.org:/tmp/cvs-serv14380/lib/python/Products/ZGadflyDA/dtml
Modified Files:
connectionAdd.dtml connectionEdit.dtml table_info.dtml
table_menu.dtml tables.dtml
Log Message:
Merged efge-death-to-dtml-var-branch into HEAD:
Removed most <dtml-var> to replace them with &dtml-foo;.
This corrects a number of potential XSS holes, and simplifies
auditability of the remaining legitimate <dtml-var>.
=== Zope/lib/python/Products/ZGadflyDA/dtml/connectionAdd.dtml 1.2 => 1.3 ===
--- Zope/lib/python/Products/ZGadflyDA/dtml/connectionAdd.dtml:1.2 Mon Jan 8 17:47:04 2001
+++ Zope/lib/python/Products/ZGadflyDA/dtml/connectionAdd.dtml Sun Dec 22 12:54:08 2002
@@ -6,7 +6,7 @@
<dtml-if data_sources>
-<form action="manage_addZ<dtml-var database_type>Connection" method="post">
+<form action="manage_addZ&dtml-database_type;Connection" method="post">
<table cellspacing="0" cellpadding="2" border="0">
<tr>
<td align="left" valign="top">
@@ -46,9 +46,7 @@
<div class="form-element">
<select name="connection" size="5">
<dtml-in data_sources>
- <option value="<dtml-var sequence-key html_quote>"><dtml-var
- sequence-key><dtml-if sequence-item>, <dtml-var
- sequence-item></dtml-if></option>
+ <option value="&dtml-sequence-key;">&dtml-sequence-key;<dtml-if sequence-item>, &dtml-sequence-item;</dtml-if></option>
</dtml-in>
</select>
</div>
@@ -80,8 +78,8 @@
<dtml-else>
<p class="form-help">
-Sorry, you cannot create any Zope <dtml-var database_type> Database
-Connections because no <dtml-var database_type> databases exist, or
+Sorry, you cannot create any Zope &dtml-database_type; Database
+Connections because no &dtml-database_type; databases exist, or
all of the existing databases are in use.
</p>
</dtml-if>
=== Zope/lib/python/Products/ZGadflyDA/dtml/connectionEdit.dtml 1.2 => 1.3 ===
--- Zope/lib/python/Products/ZGadflyDA/dtml/connectionEdit.dtml:1.2 Mon Jan 8 17:47:04 2001
+++ Zope/lib/python/Products/ZGadflyDA/dtml/connectionEdit.dtml Sun Dec 22 12:54:08 2002
@@ -11,7 +11,7 @@
</td>
<td align="left" valign="top">
<div class="form-text">
- <dtml-var id>
+ &dtml-id;
</div>
</td>
</tr>
@@ -23,7 +23,7 @@
</td>
<td align="left" valign="top">
<input type="text" name="title" size="40"
- value="<dtml-var title html_quote>" />
+ value="&dtml-title;" />
</td>
</tr>
<tr>
@@ -43,10 +43,8 @@
<div class="form-element">
<select name="connection_string" size="5">
<dtml-in data_sources>
- <option value="<dtml-var sequence-key html_quote>"<dtml-if
- "_['sequence-key']==connection_string"> selected</dtml-if>><dtml-var
- sequence-key><dtml-if sequence-item>, <dtml-var
- sequence-item></dtml-if></option>
+ <option value="&dtml-sequence-key;"<dtml-if
+ "_['sequence-key']==connection_string"> selected</dtml-if>>&dtml-sequence-key;<dtml-if sequence-item>, &dtml-sequence-item;</dtml-if></option>
</dtml-in>
</select>
</div>
=== Zope/lib/python/Products/ZGadflyDA/dtml/table_info.dtml 1.2 => 1.3 ===
--- Zope/lib/python/Products/ZGadflyDA/dtml/table_info.dtml:1.2 Mon Jan 8 17:47:04 2001
+++ Zope/lib/python/Products/ZGadflyDA/dtml/table_info.dtml Sun Dec 22 12:54:08 2002
@@ -1,7 +1,7 @@
<dtml-var standard_html_header>
-<dtml-var TABLE_TYPE><dtml-if TABLE_OWNER>
-owned by <dtml-var TABLE_OWNER></dtml-if>
-<dtml-if REMARKS><br><dtml-var REMARKS></dtml-if>
+&dtml-TABLE_TYPE;<dtml-if TABLE_OWNER>
+owned by &dtml-TABLE_OWNER;</dtml-if>
+<dtml-if REMARKS><br>&dtml-REMARKS;</dtml-if>
<dtml-var standard_html_footer>
=== Zope/lib/python/Products/ZGadflyDA/dtml/table_menu.dtml 1.2 => 1.3 ===
--- Zope/lib/python/Products/ZGadflyDA/dtml/table_menu.dtml:1.2 Mon Jan 8 17:47:04 2001
+++ Zope/lib/python/Products/ZGadflyDA/dtml/table_menu.dtml Sun Dec 22 12:54:08 2002
@@ -1,5 +1,5 @@
<dtml-var standard_html_header>
-<a href="tableNamed/<dtml-var Name>/manage_designInput">Design Input *</a>
-<a href="tableNamed/<dtml-var Name>/manage_designUpdate">Design Update *</a>
-<a href="tableNamed/<dtml-var Name>/manage_designDelete">Design Delete</a>
+<a href="tableNamed/&dtml.url_quote-Name;/manage_designInput">Design Input *</a>
+<a href="tableNamed/&dtml.url_quote-Name;/manage_designUpdate">Design Update *</a>
+<a href="tableNamed/&dtml.url_quote-Name;/manage_designDelete">Design Delete</a>
<dtml-var standard_html_footer>
=== Zope/lib/python/Products/ZGadflyDA/dtml/tables.dtml 1.2 => 1.3 ===
--- Zope/lib/python/Products/ZGadflyDA/dtml/tables.dtml:1.2 Mon Jan 8 17:47:04 2001
+++ Zope/lib/python/Products/ZGadflyDA/dtml/tables.dtml Sun Dec 22 12:54:08 2002
@@ -1,10 +1,10 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
- <head><title><dtml-var title_or_id> tables</title></head>
+ <head><title>&dtml-title_or_id; tables</title></head>
<body bgcolor="#FFFFFF" link="#000099" vlink="#555555" alink="#77003B">
<dtml-var manage_tabs>
- <h2><dtml-var title_or_id> tables</h2>
+ <h2>&dtml-title_or_id; tables</h2>
<form action="manage_wizard" method="POST">
<table cellspacing="2">
@@ -14,8 +14,8 @@
<td align="LEFT" valign="TOP">
<select name="tables:list" size=9 multiple>
<dtml-in table_info>
- <option value="<dtml-var sequence-key html_quote>">
- <dtml-var sequence-key> <dtml-var sequence-item>
+ <option value="&dtml-sequence-key;">
+ &dtml-sequence-key; &dtml-sequence-item;
</option>
</dtml-in>
</select>