<list data.contentlist as entry>
<tr <if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"></if>>
<td><font face="Verdana, Arial, Helvetica, sans-serif" size="-2">
- ${entry.webdb_create_formatted}<br>
- <if entry.webdb_lastchange>${entry.webdb_lastchange_formatted}<else>-</if><br>
+ ${encodeHTML(entry.webdb_create_formatted)}<br>
+ <if entry.webdb_lastchange>${encodeHTML(entry.webdb_lastchange_formatted)}<else>-</if><br>
<if entry.is_published!="0">F<else>-</if>
<if entry.is_html!="0">H<else>-</if>
</font></td>
<td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1"><b>
- <font size="-2">${articletypeHash[entry.to_article_type]["name"]} -- </font><if entry.place>${entry.place}: </if>${entry.title}</b><br>
- ${entry.creator}
- <a href="${config.actionRoot}?module=Content&do=edit&id=${entry.id}&where=${data.where_encoded}&order=${data.order_encoded}&offset=${data.offset}">${lang("edit")}</a>
- <if entry.to_article_type=="0"> | <a href="${config.actionRoot}?module=Content&do=newswire&id=${entry.id}&where=${data.where_encoded}&order=${data.order_encoded}&offset=${data.offset}">newswire</a></if></font></td>
+ <font size="-2">${articletypeHash[entry.to_article_type]["name"]} -- </font><if entry.place>${encodeHTML(entry.place)}: </if>${encodeHTML(entry.title)}</b><br>
+ ${encodeHTML(entry.creator)}
+ <a href="${encodeHTML(config.actionRoot)}?module=Content&do=edit&id=${encodeHTML(entry.id)}&where=${encodeHTML(data.where_encoded)}&order=${encodeHTML(data.order_encoded)}&offset=${encodeHTML(data.offset)}">${lang("edit")}</a>
+ <if entry.to_article_type=="0"> | <a href="${encodeHTML(config.actionRoot)}?module=Content&do=newswire&id=${encodeHTML(entry.id)}&where=${encodeHTML(data.where_encoded)}&order=${encodeHTML(data.order_encoded)}&offset=${encodeHTML(data.offset)}">newswire</a></if></font></td>
<td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<if entry.thema_id!="0">${themenHashData[entry.thema_id]["name"]}</if> <br>
<if entry.to_feature!="0">${schwerpunktHashData[entry.to_feature]["title"]}</if> </font></td>
<td width="20%" <if grey=="1">bgcolor="Pink"<else>bgcolor="Yellow"</if> valign="top"><font face="Verdana, Arial, Helvetica, sans-serif" size="-2">
- ${entry.comment} </font></td>
+ ${encodeHTML(entry.comment)} </font></td>
<td bgcolor="#888888"><font size="1">
- <a href="${config.actionRoot}?module=Content&do=delete&id=${entry.id}&where=${data.where_encoded}&order=${data.order_encoded}&offset=${data.offset}">${lang("delete")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Content&do=delete&id=${encodeHTML(entry.id)}&where=${encodeHTML(data.where_encoded)}&order=${encodeHTML(data.order_encoded)}&offset=${encodeHTML(data.offset)}">${lang("delete")}</a>
</font></td>
</tr>
</list>
<tr bgcolor="#006600">
- <td colspan="4"><font color="#ffffff">${data.count} ${lang("records")}
+ <td colspan="4"><font color="#ffffff">${encodeHTML(data.count)} ${lang("records")}
/ ${lang("show_from_to", data.from, data.to)}</font></td></tr>
</table>
<P>
<if data.prev || data.next>
- <form method="post" action="${config.actionRoot}">
+ <form method="post" action="${encodeHTML(config.actionRoot)}">
<input type="hidden" name="module" value="Content">
<input type="hidden" name="do" value="listop">
- <input type="hidden" name="where" value="${data.where}">
- <input type="hidden" name="order" value="${data.order}">
+ <input type="hidden" name="where" value="${encodeHTML(data.where)}">
+ <input type="hidden" name="order" value="${encodeHTML(data.order)}">
<if data.prev>
- <input type="hidden" name="prevoffset" value="${data.prev}">
+ <input type="hidden" name="prevoffset" value="${encodeHTML(data.prev)}">
<input type="submit" name="prev" value="${lang("list.previous")}">
</if>
<if data.next>
- <input type="hidden" name="nextoffset" value="${data.next}">
+ <input type="hidden" name="nextoffset" value="${encodeHTML(data.next)}">
<input type="submit" name="next" value="${lang("list.next")}">
</if>
</form>
projects / mir.git / blobdiff