[Zope] <code> tag?
Martijn Pieters
mj@antraciet.nl
Sun, 29 Aug 1999 20:06:00 +0200
At 10:43 29-8-99 , Itamar Shtull-Trauring wrote:
>Martijn Pieters wrote:
>
> > There are two methods, one of which is (to me) a very serious security
> > breach: document_src (for which you need the View management screens
> > permission), and PrincipiaSearchSource, for which you do not need any
> > permissions at all. At any Zope2 site, I can add /PrincipiaSearchSource to
> > the URL and see the source of that DTML Method/Document.
> >
> > I just discovered this, and will report it to the Collector.
>
>Are you sure? I tried this in the Zope beta site and I didn't manage to
>view the source of any page.
http://www.zope.org:18200/index_html/PrincipiaSearchSource
<html><head></head>
<!--#var standard_html_header-->
<p align=center>So, what's <a href="/SiteAnnouncement">new</a> about this
site?</p>
<!--#comment-->
<table border="0" width="100%">
<tr valign="top">
<td valign="top">
<p class="small">
<form action="<!--#var SCRIPT_NAME-->/SiteIndex/search" method="post">
<input name="text_content">
<input type="submit" value=" Search ">
</form>
</p>
<h2>What is Zope?</h2>
<p class="small">
Zope is a free, Open Source™ application server for building
high-performance, dynamic web sites.
</p>
<p class="small">
<a href="">Find out more...</a>
</p>
<h2>Latest News</h2>
<!--#var "SiteIndex.recentChanges(SiteIndex,REQUEST)"-->
<p class="small">
<a href="<!--#var SCRIPT_NAME-->/SiteIndex/news.rss">Zope news in RSS
format.</a>
</p>
</td>
<td width="250" valign="top">
<table border="0" width="250">
<tr valign="top">
<td bgcolor="#7777FF">
<p class="smallpagetitle">Spotlight On</p>
</td></tr>
<tr valign="top"><td class="small">
<!--#with SpotLightOn-->
<!--#var Current-->
<!--#/with-->
</td></tr></table>
</td></tr></table>
<!--#/comment-->
<!--------------------------------------------------------------------------
--->
<!-- THIS IS THE NEWS
TABLE -->
<!-- FORMATTING FOR EACH NEWS ITEM FOLLOWS THE
PATTERN: -->
<!-- REMEMBER TO OMIT THE TRAILING H2 TAG (IT CAUSES A WRAP BUT THE
PAGE -->
<!-- ISN"T DEGRADED W/ OUT
IT).
-->
!--
<TR>
-->
!-- <TD CLASS="headline"><H2
CLASS="headline">HEADLINE</TD> -->
<!--
</TR>
-->
!--
<TR>
-->
!-- <TD>
-->
!-- <DIV
CLASS="byline">BYLINE</DIV>
-->
!-- <DIV CLASS="newsitem">SUMARRY<I><A HREF="#">[More...]</A></I></DIV> -->
<!-- <BR>
-->
!-- <DIV CLASS="extras">[CATEGORY |
THREADS]</DIV></TD> -->
<!--
</TR>
-->
!--
</TR>
-->
!-- <TD> </TD>
-->
!--
</TR>
-->
!---------------------------------------------------------------------------
-->
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0">
<!--#var "SiteIndex.recentChanges(SiteIndex,REQUEST)"-->
</TABLE>
<p>
<a href="<!--#var SCRIPT_NAME-->/SiteIndex/news.rss">Zope news in RSS
format.</a>
</p>
</TD>
<!--------------------------------------------------------------------->
<!-- END OF THE NEWS TABLE -->
<!--------------------------------------------------------------------->
<TD VALIGN=TOP>
<!--------------------------------------------------------------------------
------------------>
<!-- THIS IS THE RIGHT COLUMN
TABLE
-->
!-- For each item, you must set up as follows replacing TITLE
and -->
<!-- COPY as
required:
-->
!-- REMEMBER TO OMIT THE TRAILING H2 TAG (IT CAUSES A WRAP BUT THE
PAGE -->
<!-- ISN"T DEGRADED W/ OUT
IT).
-->
!--
-->
!--
<TR>
-->
!-- <TD WIDTH="1" BGCOLOR="#6699CC"
ROWSPAN="2">
-->
!-- <IMG SRC="Images/spacer.gif" WIDTH="1" HEIGHT="1"
BORDER="0"></TD> -->
<!-- <TD VALIGN="TOP" CLASS="righttitle"><H2
CLASS="righttitle">TITLE</TD></TR> -->
<!--
<TR>
-->
!-- <TD
VALIGN="TOP"
-->
!-- <P
CLASS="right">COPY</P></TD>
-->
!--
</TR>
-->
!--
<TR>
-->
!-- <TD
COLSPAN="2"> </TD>
-->
!--
</TR>
-->
!---------------------------------------------------------------------------
----------------->
<TABLE BORDER="0" CELLSPACING="0" CELLPADDING="0"
WIDTH="200">
<!-------------------------->
<!-- RIGHT COLUMN ITEM #1 -->
<!-------------------------->
<TR>
<TD WIDTH="1" ROWSPAN="2" BGCOLOR="#6699CC">
<IMG SRC="Images/spacer.gif" ALT="Spacing
image" WIDTH="1" HEIGHT="2" BORDER="0"></TD>
<TD VALIGN="TOP" CLASS="righttitle"><H2
CLASS="righttitle">What is Zope?</TD>
</TR>
<TR>
<TD VALIGN="TOP">
<P CLASS="right">Zope™ is a free, Open
Source™ application server for building
high-performance, dynamic web sites.
</P></TD>
</TR>
<TR>
<TD COLSPAN="2"> </TD>
</TR>
<!-------------------------->
<!-- RIGHT COLUMN ITEM #2 -->
<!-------------------------->
<TR>
<TD WIDTH="1" BGCOLOR="#6699CC"
ROWSPAN="3" VALIGN=TOP><IMG SRC="/Images/spacer.gif" ALT="Spacing image"
WIDTH="1" HEIGHT="2" BORDER="0"></TD>
<TD VALIGN="TOP" CLASS="righttitle"><H2
CLASS="righttitle">Spotlight On...</TD>
</TR>
<TR>
<TD VALIGN="TOP">
<!--#with SpotLightOn-->
<!--#var Current-->
<!--#/with-->
<!--#comment-->
<!-- Links removed because of lack of content -->
<HR NOSHADE SIZE="0.5" WIDTH="95%">
<P CLASS="right">Read more Zope <A
HREF="/Community/CaseStudies">case studies</A> and <A
HREF="/Community/Testimonials">testimonials</A>.</P>
<!--#/comment-->
</TD>
</TR>
<TR>
<TD COLSPAN="2"> </TD>
</TR>
</TABLE></TD>
<!--------------------------------------------------------------------->
<!-- END OF THE RIGHT COLUMN TABLE -->
<!--------------------------------------------------------------------->