[Zope-Checkins] CVS: Zope/lib/python/Products/Transience/dtml - manageTransientObjectContainer.dtml:1.8.98.1

Florent Guillaume fg@nuxeo.com
Wed, 23 Oct 2002 19:06:45 -0400


Update of /cvs-repository/Zope/lib/python/Products/Transience/dtml
In directory cvs.zope.org:/tmp/cvs-serv26857/lib/python/Products/Transience/dtml

Modified Files:
      Tag: efge-death-to-dtml-var-branch
	manageTransientObjectContainer.dtml 
Log Message:
Removed most <dtml-var> to replace them with &dtml-foo;.
This corrects a number of potential XSS holes, and simplifies
auditability of the remaining legitimate <dtml-var>.


=== Zope/lib/python/Products/Transience/dtml/manageTransientObjectContainer.dtml 1.8 => 1.8.98.1 ===
--- Zope/lib/python/Products/Transience/dtml/manageTransientObjectContainer.dtml:1.8	Wed Nov 21 17:46:36 2001
+++ Zope/lib/python/Products/Transience/dtml/manageTransientObjectContainer.dtml	Wed Oct 23 19:06:14 2002
@@ -19,7 +19,7 @@
 <dtml-let l=getLen>
 <dtml-if l>
   <dtml-if "l == 1">1 item is in this transient object container.
-  <dtml-else><dtml-var l> items are in this transient object container.
+  <dtml-else>&dtml-l; items are in this transient object container.
   </dtml-if>
 <dtml-else>
   There are no items in this transient object container.