Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
I
intranet-confdb
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
project-open
intranet-confdb
Commits
b4641787
Commit
b4641787
authored
Jun 11, 2020
by
Frank Bergmann
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
- Improved security: Removed most [ns_conn form] calls in the system.
parent
1c5db844
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
3 additions
and
16 deletions
+3
-16
intranet-confdb-procs.tcl
tcl/intranet-confdb-procs.tcl
+3
-16
No files found.
tcl/intranet-confdb-procs.tcl
View file @
b4641787
...
@@ -647,13 +647,9 @@ ad_proc -public im_conf_item_list_component {
...
@@ -647,13 +647,9 @@ ad_proc -public im_conf_item_list_component {
# ---------------------- Defaults ----------------------------------
# ---------------------- Defaults ----------------------------------
# Get parameters from HTTP session
# Get parameters from HTTP session
# Don't trust the container page to pass-on that value...
# Don't trust the container page to pass-on that value...
set form_vars
[
ns_conn form
]
if
{
""
==
$form
_vars
}
{
set form_vars
[
ns_set create
]
}
# Get the start_idx in case of pagination
# Get the start_idx in case of pagination
set start_idx
[
ns_set get
$form
_vars
"conf_item_start_idx"
]
set start_idx
[
im_opt_val -limit_to integer
"conf_item_start_idx"
]
if
{
""
==
$start
_idx
}
{
set start_idx 0
}
if
{
""
==
$start
_idx
}
{
set start_idx 0
}
if
{[
im_security_alert_check_integer -location
"im_conf_item_list_component"
-value
$start
_idx
]}
{
set start_idx 0
}
set end_idx
[
expr
{
$start
_idx +
$max
_entries_per_page - 1
}]
set end_idx
[
expr
{
$start
_idx +
$max
_entries_per_page - 1
}]
set bgcolor
(
0
)
" class=roweven"
set bgcolor
(
0
)
" class=roweven"
...
@@ -714,21 +710,12 @@ ad_proc -public im_conf_item_list_component {
...
@@ -714,21 +710,12 @@ ad_proc -public im_conf_item_list_component {
if
{
$debug
}
{
ns_log Notice
"im_conf_item_list_component: column_headers=
$column
_headers"
}
if
{
$debug
}
{
ns_log Notice
"im_conf_item_list_component: column_headers=
$column
_headers"
}
# -------- Compile the list of parameters to pass-through-------
# -------- Compile the list of parameters to pass-through-------
set form_vars
[
ns_conn form
]
if
{
""
==
$form
_vars
}
{
set form_vars
[
ns_set create
]
}
set bind_vars
[
ns_set create
]
set bind_vars
[
ns_set create
]
foreach var
$export
_var_list
{
foreach var
$export
_var_list
{
upvar 1
$var
value
set value
[
im_opt_val
$var
]
if
{
[
info
exists value
]
}
{
if
{
$value
ne
""
}
{
ns_set put
$bind
_vars
$var
$value
ns_set put
$bind
_vars
$var
$value
if
{
$debug
}
{
ns_log Notice
"im_conf_item_list_component:
$var
<-
$value
"
}
if
{
$debug
}
{
ns_log Notice
"im_conf_item_list_component:
$var
<-
$value
"
}
}
else
{
set value
[
ns_set get
$form
_vars
$var
]
if
{
$value
ne
""
}
{
ns_set put
$bind
_vars
$var
$value
if
{
$debug
}
{
ns_log Notice
"im_conf_item_list_component:
$var
<-
$value
"
}
}
}
}
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment