Ignore:
Timestamp:
12/07/08 17:13:55 (3 years ago)
Author:
KennethLavrsen
Message:

Item375: Eliminate use of URLPARAM in docs so it becomes an XSS trap
Done with the System web topics now

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/core/data/System/WebCreateNewTopicTemplate.txt

    r1022 r1201  
    5252 
    5353 
    54 %TMPL:DEF{"topicname"}%<input type="text" class="twikiInputField" name="topic" id="topic" size="40" %IF{"'%PREFILLTOPIC%'='1'" then="value=\"%BASETOPIC%\""}% %IF{"'%URLPARAM{"newtopic"}%'" then="value=\"%URLPARAM{"newtopic"}%\""}% />%TMPL:END% 
     54%TMPL:DEF{"topicname"}%<input type="text" class="twikiInputField" name="topic" id="topic" size="40" %IF{"'%PREFILLTOPIC%'='1'" then="value=\"%BASETOPIC%\""}% %IF{"'%URLPARAM{"newtopic" encode="quote"}%'" then="value=\"%URLPARAM{"newtopic"}%\""}% />%TMPL:END% 
    5555 
    5656 
    5757%TMPL:DEF{"topicparent"}%%IF{"defined pickparent" then="<select name='topicparent' size='10' class='twikiSelect'>$percntTOPICLIST{$quot<option $marker value='$name'>$name</option>$quot marker=$quotselected$quot separator=$quot$quot selection=$quot$percntURLPARAM{ $quottopicparent$quot default=$quot%MAKETEXT{"(no parent, orphaned topic)"}%$quot }$percnt$quot}$percnt<option value=$quot$quot>$percntMAKETEXT{$quot(no parent, orphaned topic)$quot}$percnt</option></select>" else="<input type='text' size='40' name='topicparent' class='twikiInputField' value='%URLPARAM{topicparent}%' />&nbsp;<a id='pickparent' href='$percntSCRIPTURLPATH{view}$percnt/$percntBASEWEB$percnt/$percntBASETOPIC$percnt?$percntQUERYSTRING$percnt;pickparent=1'>%MAKETEXT{"Pick from a list"}%</a>"}%%TMPL:END% 
    5858 
    59 %TMPL:DEF{"topictemplate"}%<select name="templatetopic" class="twikiSelect">%IF{"'%URLPARAM{"templatetopic"}%'" then='<option selected="selected">%URLPARAM{"templatetopic"}%</option>'}%<option value="">%MAKETEXT{"Default template"}%</option>%SEARCH{"name~'*Template'" scope="topic" excludetopic="WebTopicEditTemplate,WebCreateNewTopicTemplate,*ViewTemplate" type="query" nonoise="on" format="<option>$topic</option>"}%</select> <a id="viewtemplates" href="%SCRIPTURL{view}%/%SYSTEMWEB%/WebTemplateTopics?web=%BASEWEB%">%MAKETEXT{"View templates"}%</a> %TMPL:END% 
     59%TMPL:DEF{"topictemplate"}%<select name="templatetopic" class="twikiSelect">%IF{"'%URLPARAM{"templatetopic" encode="quote"}%'" then='<option selected="selected">%URLPARAM{"templatetopic"}%</option>'}%<option value="">%MAKETEXT{"Default template"}%</option>%SEARCH{"name~'*Template'" scope="topic" excludetopic="WebTopicEditTemplate,WebCreateNewTopicTemplate,*ViewTemplate" type="query" nonoise="on" format="<option>$topic</option>"}%</select> <a id="viewtemplates" href="%SCRIPTURL{view}%/%SYSTEMWEB%/WebTemplateTopics?web=%BASEWEB%">%MAKETEXT{"View templates"}%</a> %TMPL:END% 
    6060 
    6161%TMPL:DEF{"submit"}%<input id="submit" type="submit" class="twikiSubmit" value='%MAKETEXT{"Create this topic"}%' />%TMPL:END% 
Note: See TracChangeset for help on using the changeset viewer.