Menu
▾
▴
[popfile-commit] engine/skins/default history-page.thtml,1.46,1.47
|
From: Sam S. <ssc...@us...> - 2005-01-22 23:10:44
|
Update of /cvsroot/popfile/engine/skins/default In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv16574/skins/default Modified Files: history-page.thtml Log Message: Fix unescaped HTML values. No XSS would be possible without specifically crafted email being present as well. Index: history-page.thtml =================================================================== RCS file: /cvsroot/popfile/engine/skins/default/history-page.thtml,v retrieving revision 1.46 retrieving revision 1.47 diff -C2 -d -r1.46 -r1.47 *** history-page.thtml 21 Jan 2005 05:53:33 -0000 1.46 --- history-page.thtml 22 Jan 2005 23:10:34 -0000 1.47 *************** *** 31,35 **** <form class="HistoryMainForm" action="/history" method="post"> ! <input type="hidden" name="search" value="<TMPL_VAR NAME="History_Field_Search">" /> <input type="hidden" name="sort" value="<TMPL_VAR NAME="History_Field_Sort">" /> <input type="hidden" name="negate" value="<TMPL_VAR NAME="History_Field_Not">" /> --- 31,35 ---- <form class="HistoryMainForm" action="/history" method="post"> ! <input type="hidden" name="search" value="<TMPL_VAR ESCAPE=HTML NAME="History_Field_Search">" /> <input type="hidden" name="sort" value="<TMPL_VAR NAME="History_Field_Sort">" /> <input type="hidden" name="negate" value="<TMPL_VAR NAME="History_Field_Not">" /> *************** *** 89,93 **** <form class="HistoryMainForm" action="/history" method="post"> ! <input type="hidden" name="search" value="<TMPL_VAR NAME="History_Field_Search">" /> <input type="hidden" name="sort" value="<TMPL_VAR NAME="History_Field_Sort">" /> <input type="hidden" name="negate" value="<TMPL_VAR NAME="History_Field_Not">" /> --- 89,93 ---- <form class="HistoryMainForm" action="/history" method="post"> ! <input type="hidden" name="search" value="<TMPL_VAR ESCAPE=HTML NAME="History_Field_Search">" /> <input type="hidden" name="sort" value="<TMPL_VAR NAME="History_Field_Sort">" /> <input type="hidden" name="negate" value="<TMPL_VAR NAME="History_Field_Not">" /> *************** *** 111,116 **** <td width="10px" align="left" style="white-space:nowrap; vertical-align: top;"> <a style="display: block; width:100%; height: 1em;" class="columnRemove" href="/history?session=<TMPL_VAR NAME="Session_Key">&removecolumn=<TMPL_VAR NAME="History_Header">"><img title="<TMPL_VAR NAME="Localize_History_RemoveColumn">" src="skins/x.gif" border="0" alt=""></a> ! </td> ! <th style="text-align: left;"> <a href="/history?<TMPL_VAR NAME="History_Fields">&setsort=<TMPL_VAR NAME="History_Sort"><TMPL_VAR NAME="History_Header">" title="<TMPL_VAR NAME="Localize_History_Click_To_Sort">"> --- 111,116 ---- <td width="10px" align="left" style="white-space:nowrap; vertical-align: top;"> <a style="display: block; width:100%; height: 1em;" class="columnRemove" href="/history?session=<TMPL_VAR NAME="Session_Key">&removecolumn=<TMPL_VAR NAME="History_Header">"><img title="<TMPL_VAR NAME="Localize_History_RemoveColumn">" src="skins/x.gif" border="0" alt=""></a> ! </td> ! <th style="text-align: left;"> <a href="/history?<TMPL_VAR NAME="History_Fields">&setsort=<TMPL_VAR NAME="History_Sort"><TMPL_VAR NAME="History_Header">" title="<TMPL_VAR NAME="Localize_History_Click_To_Sort">"> *************** *** 179,183 **** <input type="hidden" id="rowid_<TMPL_VAR NAME="History_I1">" name="rowid_<TMPL_VAR NAME="History_I1">" value="<TMPL_VAR NAME="History_I1">"/> </td> ! <TMPL_LOOP NAME="History_Loop_Loop_Cells"> <TMPL_IF NAME="History_If_Bucket_Column"> --- 179,183 ---- <input type="hidden" id="rowid_<TMPL_VAR NAME="History_I1">" name="rowid_<TMPL_VAR NAME="History_I1">" value="<TMPL_VAR NAME="History_I1">"/> </td> ! <TMPL_LOOP NAME="History_Loop_Loop_Cells"> <TMPL_IF NAME="History_If_Bucket_Column"> *************** *** 207,211 **** <TMPL_ELSE> <TMPL_IF NAME="History_If_Subject_Column"> ! <td> <a class="messageLink" title="<TMPL_VAR NAME="History_Cell_Title" ESCAPE=HTML>" href="/view?view=<TMPL_VAR NAME="History_Mail_File"><TMPL_VAR NAME="History_Fields">"> <span title="<TMPL_VAR NAME="History_Cell_Title" ESCAPE=HTML>"><TMPL_VAR NAME="History_Cell_Value" ESCAPE=HTML></span></a> --- 207,211 ---- <TMPL_ELSE> <TMPL_IF NAME="History_If_Subject_Column"> ! <td> <a class="messageLink" title="<TMPL_VAR NAME="History_Cell_Title" ESCAPE=HTML>" href="/view?view=<TMPL_VAR NAME="History_Mail_File"><TMPL_VAR NAME="History_Fields">"> <span title="<TMPL_VAR NAME="History_Cell_Title" ESCAPE=HTML>"><TMPL_VAR NAME="History_Cell_Value" ESCAPE=HTML></span></a> |