[Zope-Checkins] CVS: Zope/lib/python/Products/SiteAccess/www - manage_edit.dtml:1.1.96.1
Florent Guillaume
fg@nuxeo.com
Wed, 23 Oct 2002 19:06:45 -0400
Update of /cvs-repository/Zope/lib/python/Products/SiteAccess/www
In directory cvs.zope.org:/tmp/cvs-serv26857/lib/python/Products/SiteAccess/www
Modified Files:
Tag: efge-death-to-dtml-var-branch
manage_edit.dtml
Log Message:
Removed most <dtml-var> to replace them with &dtml-foo;.
This corrects a number of potential XSS holes, and simplifies
auditability of the remaining legitimate <dtml-var>.
=== Zope/lib/python/Products/SiteAccess/www/manage_edit.dtml 1.1 => 1.1.96.1 ===
--- Zope/lib/python/Products/SiteAccess/www/manage_edit.dtml:1.1 Tue Dec 4 15:59:10 2001
+++ Zope/lib/python/Products/SiteAccess/www/manage_edit.dtml Wed Oct 23 19:06:14 2002
@@ -29,9 +29,8 @@
or a set of hosts (<strong>*.host/path</strong>).
<div style="width: 100%;">
<textarea name="map_text:text" wrap="off" style="width: 100%;"<dtml-if
- dtpref_cols> cols="<dtml-var dtpref_cols>"<dtml-else
- > cols="50"</dtml-if><dtml-if dtpref_rows> rows="<dtml-var
- dtpref_rows>"<dtml-else> rows="20"</dtml-if>><dtml-in
+ dtpref_cols> cols="&dtml-dtpref_cols;"<dtml-else
+ > cols="50"</dtml-if><dtml-if dtpref_rows> rows="&dtml-dtpref_rows;"<dtml-else> rows="20"</dtml-if>><dtml-in
lines>&dtml-sequence-item;
</dtml-in></textarea>
</div>