<head>
<body bgcolor="#FFFFFF">
-<include "head.template">
+<include "admin/head.template">
-<form method="post" action="${config.actionRoot}">
+<form method="post" action="${encodeHTML(config.actionRoot)}">
<input type="hidden" name="module" value="Comment">
- <input type="hidden" name="where" value="${data.where}">
- <input type="hidden" name="offset" value="${data.offset}">
- <input type="hidden" name="order" value="${data.order}">
- <input type="hidden" name="id" value="${data.id}">
- <input type="hidden" name="date" value="${data.date}">
- <input type="hidden" name="to_media" value="${data.to_media}">
+ <input type="hidden" name="where" value="${encodeHTML(data.where)}">
+ <input type="hidden" name="offset" value="${encodeHTML(data.offset)}">
+ <input type="hidden" name="order" value="${encodeHTML(data.order)}">
+ <input type="hidden" name="id" value="${encodeHTML(data.id)}">
+ <input type="hidden" name="date" value="${encodeHTML(data.date)}">
+ <input type="hidden" name="to_media" value="${encodeHTML(data.to_media)}">
<if new> <input type="hidden" name="do" value="insert">
<else> <input type="hidden" name="do" value="update">
</if>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.date")}:</B></font></td>
- <td>${data.date}</td>
+ <td>${encodeHTML(data.date)}</td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.title")}:</B></font></td>
- <td><input type="text" size="40" maxlength="255" name="title" value="${data.title}"></td>
+ <td><input type="text" size="40" maxlength="255" name="title" value="${encodeHTML(data.title)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.creator")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="creator" value="${data.creator}"></td>
+ <td><input type="text" size="40" maxlength="80" name="creator" value="${encodeHTML(data.creator)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.url")}:</B></font></td>
- <td><input type="text" size="40" maxlength="255" name="main_url" value="${data.main_url}"></td>
+ <td><input type="text" size="40" maxlength="255" name="main_url" value="${encodeHTML(data.main_url)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.email")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="email" value="${data.email}"></td>
+ <td><input type="text" size="40" maxlength="80" name="email" value="${encodeHTML(data.email)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.phone")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="phone" value="${data.phone}"></td>
+ <td><input type="text" size="40" maxlength="80" name="phone" value="${encodeHTML(data.phone)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.address")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="address" value="${data.address}"></td>
+ <td><input type="text" size="40" maxlength="80" name="address" value="${encodeHTML(data.address)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.text")}:</B></font></td>
- <td><textarea cols="40" rows="10" name="description" wrap="virtual">${data.description}</textarea></td>
+ <td><textarea cols="40" rows="10" name="description" wrap="virtual">${encodeHTML(data.description)}</textarea></td>
</tr>
<td colspan="2" align="right"> <font color="black">
</td>
</table>
-<include "foot.template">
+<include "admin/foot.template">
</body>
</html>