- Improved security: Removed most [ns_conn form] calls in the system.

www/portlets/portlet.tcl

@@ -187,7 +187,6 @@ if {"" == $plugin_id} {
     
     set form_vars [ns_conn form]
     array set form_hash [ns_set array $form_vars]
-    
     foreach elem $component_tcl {
 	if {[regexp {^\$(.*)} $elem match varname]} {
 	    if {![info exists $varname]} {
@@ -195,7 +194,7 @@ if {"" == $plugin_id} {
 		    doc_return 200 "text/html" "<pre>Error: You have to specify variable '$varname' in the URL."
 		    ad_script_abort
 		}
-		set $varname $form_hash($varname)
+		set $varname [im_opt_val -limit_to nohtml $varname]
 	    }
 	}
     }