- Improved security: Removed most [ns_conn form] calls in the system.

efb8bcd5 · Frank Bergmann · 07e5c056 · efb8bcd5 · efb8bcd5
Commit efb8bcd5 authored Jun 11, 2020 by Frank Bergmann
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 3 deletions

index.tcl www/index.tcl +1 -1

modified-tasks.tcl www/modified-tasks.tcl +1 -2

No files found.
--- a/www/index.tcl
+++ b/www/index.tcl
@@ -82,7 +82,7 @@ set substitution_list [list \
 set form_vars [ns_conn form]
 foreach form_var [ad_ns_set_keys $form_vars] {
-    set form_val [ns_set get $form_vars $form_var]
+    set form_val [im_opt_val -limit_to nohtml $form_var]
    lappend substitution_list $form_var
    lappend substitution_list $form_val
 }

--- a/www/modified-tasks.tcl
+++ b/www/modified-tasks.tcl
@@ -80,7 +80,6 @@ switch $perspective {
 set wall_sql [db_string wall "select report_sql from im_reports where report_code = 'wall_new_project_task'"]
 set substitution_list [list \
 			   user_id $current_user_id \
 			   wall_date $wall_date \
@@ -88,7 +87,7 @@ set substitution_list [list \
 set form_vars [ns_conn form]
 foreach form_var [ad_ns_set_keys $form_vars] {
-    set form_val [ns_set get $form_vars $form_var]
+    set form_val [im_opt_val -limit_to nohtml $form_var]
    lappend substitution_list $form_var
    lappend substitution_list $form_val
 }