[Zope-Checkins] CVS: Zope/lib/python/Products/SiteAccess/www - manage_edit.dtml:1.2

Florent Guillaume fg@nuxeo.com
Sun, 22 Dec 2002 12:54:35 -0500


Update of /cvs-repository/Zope/lib/python/Products/SiteAccess/www
In directory cvs.zope.org:/tmp/cvs-serv14380/lib/python/Products/SiteAccess/www

Modified Files:
	manage_edit.dtml 
Log Message:
Merged efge-death-to-dtml-var-branch into HEAD:

Removed most <dtml-var> to replace them with &dtml-foo;.
This corrects a number of potential XSS holes, and simplifies
auditability of the remaining legitimate <dtml-var>.


=== Zope/lib/python/Products/SiteAccess/www/manage_edit.dtml 1.1 => 1.2 ===
--- Zope/lib/python/Products/SiteAccess/www/manage_edit.dtml:1.1	Tue Dec  4 15:59:10 2001
+++ Zope/lib/python/Products/SiteAccess/www/manage_edit.dtml	Sun Dec 22 12:54:04 2002
@@ -29,9 +29,8 @@
   or a set of hosts (<strong>*.host/path</strong>).
   <div style="width: 100%;">
   <textarea name="map_text:text" wrap="off" style="width: 100%;"<dtml-if 
-   dtpref_cols> cols="<dtml-var dtpref_cols>"<dtml-else
-   > cols="50"</dtml-if><dtml-if dtpref_rows> rows="<dtml-var 
-   dtpref_rows>"<dtml-else> rows="20"</dtml-if>><dtml-in 
+   dtpref_cols> cols="&dtml-dtpref_cols;"<dtml-else
+   > cols="50"</dtml-if><dtml-if dtpref_rows> rows="&dtml-dtpref_rows;"<dtml-else> rows="20"</dtml-if>><dtml-in 
    lines>&dtml-sequence-item;
 </dtml-in></textarea>
   </div>