[Zope-Checkins] CVS: Zope/lib/python/Products/Sessions/dtml - manageIdManager.dtml:1.7.22.1

Florent Guillaume fg@nuxeo.com
Wed, 23 Oct 2002 19:06:45 -0400


Update of /cvs-repository/Zope/lib/python/Products/Sessions/dtml
In directory cvs.zope.org:/tmp/cvs-serv26857/lib/python/Products/Sessions/dtml

Modified Files:
      Tag: efge-death-to-dtml-var-branch
	manageIdManager.dtml 
Log Message:
Removed most <dtml-var> to replace them with &dtml-foo;.
This corrects a number of potential XSS holes, and simplifies
auditability of the remaining legitimate <dtml-var>.


=== Zope/lib/python/Products/Sessions/dtml/manageIdManager.dtml 1.7 => 1.7.22.1 ===
--- Zope/lib/python/Products/Sessions/dtml/manageIdManager.dtml:1.7	Mon Aug 19 15:50:17 2002
+++ Zope/lib/python/Products/Sessions/dtml/manageIdManager.dtml	Wed Oct 23 19:06:14 2002
@@ -89,7 +89,7 @@
   </TD>
   <TD ALIGN="LEFT" VALIGN="TOP">
     <INPUT TYPE="TEXT" NAME="cookiepath" SIZE="20"
-     value="<dtml-var getCookiePath html_quote>">
+     value="&dtml-getCookiePath;">
   </TD>
 </TR>
 <TR>
@@ -105,7 +105,7 @@
   </TD>
   <TD ALIGN="LEFT" VALIGN="TOP">
     <INPUT TYPE="TEXT" NAME="cookiedomain" SIZE="20"
-     value="<dtml-var getCookieDomain html_quote>">
+     value="&dtml-getCookieDomain;">
   </TD>
 </TR>
 <TR>
@@ -120,7 +120,7 @@
   </TD>
   <TD ALIGN="LEFT" VALIGN="TOP">
     <INPUT TYPE="TEXT" NAME="cookielifedays:int" SIZE="20"
-     value="<dtml-var getCookieLifeDays html_quote>">
+     value="&dtml-getCookieLifeDays;">
   </TD>
 </TR>
 <TR>