[Zope-Checkins] CVS: Zope/lib/python/Shared/DC/ZRDB/dtml - customDefaultReport.dtml:1.3.98.1
Florent Guillaume
fg@nuxeo.com
Sun, 22 Dec 2002 11:16:48 -0500
Update of /cvs-repository/Zope/lib/python/Shared/DC/ZRDB/dtml
In directory cvs.zope.org:/tmp/cvs-serv2325/lib/python/Shared/DC/ZRDB/dtml
Modified Files:
Tag: Zope-2_6-branch
customDefaultReport.dtml
Log Message:
Fixed insufficient quoting in a number of DTML files when displaying
the title. This closes some actual and potential XSS holes. (Collector #595)
=== Zope/lib/python/Shared/DC/ZRDB/dtml/customDefaultReport.dtml 1.3 => 1.3.98.1 ===
--- Zope/lib/python/Shared/DC/ZRDB/dtml/customDefaultReport.dtml:1.3 Wed Oct 31 13:49:57 2001
+++ Zope/lib/python/Shared/DC/ZRDB/dtml/customDefaultReport.dtml Sun Dec 22 11:16:18 2002
@@ -36,6 +36,6 @@
<dtml-else>
- There was no data matching this <dtml-var title_or_id> query.
+ There was no data matching this &dtml-title_or_id; query.
</dtml-in>