spip
/
revisions
12
0
Fork 1
Code Issues 13 Pull Requests 1 Releases Wiki Activity

security: limiter l’usage de `#ENV**` dans les formulaires

Browse Source 
& refactor: homogeneiser l'utilisation de #ENV dans les formulaires

Ref: spip-team/securite#4841
remotes/checkIfPRContentChanged-1678731857651005252/refactor_formulaires
b_b 3 months ago
parent 9d609ad21c
commit 14c39c159e
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File

4
formulaires/configurer_revisions_objets.html
Unescape Escape View File

@ -7,9 +7,9 @@
<form action="#ENV{action}#formulaire_configurer_contenu_forums" method="post"><div>
#ACTION_FORMULAIRE
<div class="editer-groupe">
<div class='editer long_label configurer_objets_versions[ (#ENV**{erreurs}|table_valeur{objets_versions}|oui)erreur]'>
<div class='editer long_label configurer_objets_versions[ (#ENV*{erreurs/objets_versions}|oui)erreur]'>
<label><:revisions:label_config_revisions_objets:></label>
[<span class='erreur_message'>(#ENV**{erreurs}|table_valeur{objets_versions})</span>]
[<span class='erreur_message'>(#ENV*{erreurs/objets_versions})</span>]
#SET{name,objets_versions}
<BOUCLE_objets(DATA){source table, #NULL|lister_tables_objets_sql}>[(#VALEUR*|test_objet_versionable)
#SET{id,#GET{name}|replace{\W,'_'}|concat{'_',#CLE}}

6
formulaires/reviser.html
Unescape Escape View File

@ -2,14 +2,14 @@
<h3 class='titrem'>[(#CHEMIN_IMAGE{revision-24.png}|balise_img{'',cadre-icone})]<:revisions:titre_revisions:></h3>
[<p class="reponse_formulaire reponse_formulaire_ok none" role="status">(#ENV**{message_ok})</p>]
[<p class="reponse_formulaire reponse_formulaire_erreur" role="alert">(#ENV**{message_erreur})</p>]
[<p class="reponse_formulaire reponse_formulaire_erreur" role="alert">(#ENV*{message_erreur})</p>]
<form action="#ENV{action}#formulaire_configurer_contenu_forums" method="post"><div>
#ACTION_FORMULAIRE
<div class="editer-groupe">
<div class='editer haut editer_id_version[ (#ENV**{erreurs}|table_valeur{id_version}|oui)erreur]'>
<div class='editer haut editer_id_version[ (#ENV*{erreurs/id_version}|oui)erreur]'>
<label style="display:block"><:revisions:label_choisir_id_version:></label>
[<span class='erreur_message'>(#ENV**{erreurs}|table_valeur{id_version})</span>]
[<span class='erreur_message'>(#ENV*{erreurs/id_version})</span>]
<div class="choix">
<B_v>
<table class="spip diff-versions">

Write Preview
Loading…
Cancel
Save