wrap pretty much all freemarker variables (i.e the data) in encodeHTML(data..). this...

[mir.git] / templates-dist / admin / fileeditlist.template

diff --git a/templates-dist/admin/fileeditlist.template b/templates-dist/admin/fileeditlist.template
index ac1b48a..5c7798d 100755 (executable)
--- a/templates-dist/admin/fileeditlist.template
+++ b/templates-dist/admin/fileeditlist.template
@@ -1,6 +1,6 @@
 <html>
 <head>
-       <title>${lang("fileedit")}</title>
+       <title>${lang("edit")} ${lang("file")}</title>
 </head>
 
 <body bgcolor="#FFFFFF">
@@ -13,7 +13,7 @@
 
   <tr bgcolor="#006600">
 
-    <td><font color="#FFFFFF" face="Verdana, Arial, Helvetica, sans-serif" size="-1"><b>${lang("language.file")}</b></font></td>
+    <td><font color="#FFFFFF" face="Verdana, Arial, Helvetica, sans-serif" size="-1"><b>${lang("file")}</b></font></td>
        <td>&nbsp;</td>
   </tr>
 
@@ -22,8 +22,8 @@
         <tr
         <if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"> </if>
         >
-                <td>${entry}&nbsp;</td>
-                <td><font size="1"><a href="${config.actionRoot}?module=FileEdit&do=edit&filename=${entry}">${lang("edit")}</a></font></td>
+                <td>${encodeHTML(entry)}&nbsp;</td>
+                <td><font size="1"><a href="${encodeHTML(config.actionRoot)}?module=FileEdit&do=edit&filename=${encodeHTML(entry)}">${lang("edit")}</a></font></td>
         </tr>
   </list>