Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
I
intranet-dynfield
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
project-open
intranet-dynfield
Commits
47426ea0
Commit
47426ea0
authored
Jun 11, 2020
by
Frank Bergmann
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
- Improved security: Removed most [ns_conn form] calls in the system.
parent
9b2dae6f
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
3 additions
and
4 deletions
+3
-4
generic-sql-widget-procs.tcl
tcl/generic-sql-widget-procs.tcl
+1
-1
intranet-dynfield-procs.tcl
tcl/intranet-dynfield-procs.tcl
+2
-3
No files found.
tcl/generic-sql-widget-procs.tcl
View file @
47426ea0
...
...
@@ -84,7 +84,7 @@ ad_proc -public template::widget::generic_sql { element_reference tag_attributes
set substitution_hash
(
user_id
)
[
ad_conn user_id
]
set form_vars
[
ns_conn form
]
foreach form_var
[
ad_ns_set_keys
$form
_vars
]
{
set form_val
[
ns_set get
$form
_vars
$form
_var
]
set form_val
[
im_opt_val -limit_to nohtml
$form
_var
]
set substitution_hash
(
$form
_var
)
$form
_val
}
...
...
tcl/intranet-dynfield-procs.tcl
View file @
47426ea0
...
...
@@ -500,12 +500,11 @@ ad_proc -public im_dynfield::set_form_values_from_http {
}
foreach element
$form
_elements
{
# Only set the values for variables that are found in the
# HTTP variable frame to avoid ambiguities
set pos
[
ns_set find
$form
_vars
$element
]
if
{
$pos
>= 0
}
{
set value
[
ns_set get
$form
_vars
$element
]
set value
[
im_opt_val -limit_to
$element
]
template::element::set_value
$form
_id
$element
$value
}
}
...
...
@@ -535,7 +534,7 @@ ad_proc -public im_dynfield::set_local_form_vars_from_http {
# HTTP variable frame to avoid ambiguities
set pos
[
ns_set find
$form
_vars
$element
]
if
{
$pos
>= 0
}
{
set value
[
ns_set get
$form
_vars
$element
]
set value
[
im_opt_val -limit_to nohtml
$element
]
# Write the values to the calling stack frame
upvar
$element
$element
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment