[Zope-Checkins] CVS: Zope/lib/python/Products/MailHost/dtml - manageMailHost.dtml:1.2.228.1
Florent Guillaume
fg@nuxeo.com
Wed, 23 Oct 2002 19:06:43 -0400
Update of /cvs-repository/Zope/lib/python/Products/MailHost/dtml
In directory cvs.zope.org:/tmp/cvs-serv26857/lib/python/Products/MailHost/dtml
Modified Files:
Tag: efge-death-to-dtml-var-branch
manageMailHost.dtml
Log Message:
Removed most <dtml-var> to replace them with &dtml-foo;.
This corrects a number of potential XSS holes, and simplifies
auditability of the remaining legitimate <dtml-var>.
=== Zope/lib/python/Products/MailHost/dtml/manageMailHost.dtml 1.2 => 1.2.228.1 ===
--- Zope/lib/python/Products/MailHost/dtml/manageMailHost.dtml:1.2 Mon Jan 8 17:47:01 2001
+++ Zope/lib/python/Products/MailHost/dtml/manageMailHost.dtml Wed Oct 23 19:06:13 2002
@@ -11,7 +11,7 @@
</td>
<td align="left" valign="top">
<div class="form-text">
- <dtml-var id>
+ &dtml-id;
</div>
</td>
</tr>
@@ -23,7 +23,7 @@
</td>
<td align="left" valign="top">
<input type="text" name="title" size="40"
- value="<dtml-var title html_quote>"/>
+ value="&dtml-title;"/>
</td>
</tr>
<tr>
@@ -34,7 +34,7 @@
</td>
<td align="left" valign="top">
<input type="text" name="smtp_host" size="40"
- value="<dtml-var smtp_host html_quote>"/>
+ value="&dtml-smtp_host;"/>
</td>
</tr>
<tr>
@@ -45,7 +45,7 @@
</td>
<td align="left" valign="top">
<input type="text" name="smtp_port:int" size="4"
- value="<dtml-var smtp_port html_quote>"/>
+ value="&dtml-smtp_port;"/>
</td>
</tr>
<tr>