</head>
<SCRIPT LANGUAGE="JavaScript">
function openWin(url) {
- window.open(url,"vc","scrollbars=0,height=${data.img_height},width=${data.img_width}");
+ window.open(url,"vc","scrollbars=0,height=${encodeHTML(data.img_height)},width=${encodeHTML(data.img_width)}");
}
</SCRIPT>
<body bgcolor="#FFFFFF">
<if data.new>
-<form action="${config.actionRoot}?module=Images&do=add" method="post">
+<form action="${encodeHTML(config.actionRoot)}?module=Images&do=add" method="post">
<table border="0">
<tr>
<td align="right" bgcolor="#006600">
</font>
</td>
<td>
- <input type="text" size="3" name="medianum" value="${medianum}"> <input type="submit" value="${lang("open.posting.nr_of_media.submit")}">
+ <input type="text" size="3" name="medianum" value="${encodeHTML(medianum)}"> <input type="submit" value="${lang("open.posting.nr_of_media.submit")}">
</td>
</tr>
</table>
</form>
</if>
-<form enctype="multipart/form-data" method="post" action="${config.actionRoot}?module=Images&do=<if data.new>insert<else>update</if>&id=${data.id}">
+<form enctype="multipart/form-data" method="post" action="${encodeHTML(config.actionRoot)}?module=Images&do=<if data.new>insert<else>update</if>&id=${encodeHTML(data.id)}">
<table border="0">
- <input type="hidden" name="where" value="${data.where}">
- <input type="hidden" name="offset" value="${data.offset}">
- <input type="hidden" name="order" value="${data.order}">
- <input type="hidden" name="id" value="${data.id}">
+ <input type="hidden" name="where" value="${encodeHTML(data.where)}">
+ <input type="hidden" name="offset" value="${encodeHTML(data.offset)}">
+ <input type="hidden" name="order" value="${encodeHTML(data.order)}">
+ <input type="hidden" name="id" value="${encodeHTML(data.id)}">
<if !data.new>
<tr>
<td align="right" bgcolor="#006600">
<if (data.icon_data!="" && data.icon_data!="0") && !new>
<font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
- <a href="JavaScript:openWin('${config.actionRoot}?module=Images&do=getMedia&id=${data.id}')">
- <img src="${config.actionRoot}?module=Images&do=getIcon&id=${data.id}" border=0></a></font></td>
+ <a href="JavaScript:openWin('${encodeHTML(config.actionRoot)}?module=Images&do=getMedia&id=${encodeHTML(data.id)}')">
+ <img src="${encodeHTML(config.actionRoot)}?module=Images&do=getIcon&id=${encodeHTML(data.id)}" border=0></a></font></td>
</if>
<td valign="bottom"><font color="Silver" face="Verdana, Arial, Helvetica, sans-serif" size=1>
- ${lang("media.created")}: ${data.webdb_create} <if data.webdb_lastchange>/ ${lang("media.changed")} ${data.webdb_lastchange}</if><br>
- <if data.is_published=="1">${lang("media.published")}: ${data.publish_date} / ${data.publish_server}${data.publish_path}<br></if>
- ${lang("media.format")}: ${data.media_descr} / ${data.img_width}x${data.img_height} / ${data.imgformatHashdata[to_img_format]["name"]} / ${data.imglayoutHashdata[to_img_layout]["name"]} / ${data.imgcolorHashdata[to_img_color]["name"]}<br>
+ ${lang("media.created")}: ${encodeHTML(data.webdb_create)} <if data.webdb_lastchange>/ ${lang("media.changed")} ${encodeHTML(data.webdb_lastchange)}</if><br>
+ <if data.is_published=="1">${lang("media.published")}: ${encodeHTML(data.publish_date)} / ${encodeHTML(data.publish_server)}${encodeHTML(data.publish_path)}<br></if>
+ ${lang("media.format")}: ${encodeHTML(data.media_descr)} / ${encodeHTML(data.img_width)}x${encodeHTML(data.img_height)} / ${data.imgformatHashdata[to_img_format]["name"]} / ${data.imglayoutHashdata[to_img_layout]["name"]} / ${data.imgcolorHashdata[to_img_color]["name"]}<br>
${lang("media.rights")}: <b>${data.rightsHashdata[to_rights]["name"]}</b><br>
${lang("media.type")}: <b>${data.imgtypeHashdata[to_img_type]["name"]}</b><br>
</td>
<td>
<select name="to_media_folder">
<list extra.mediafolderPopupData as m>
- <option value="${m.key}" <if m.key == data.to_media_folder>selected</if>>${m.value}</option>
+ <option value="${encodeHTML(m.key)}" <if m.key == data.to_media_folder>selected</if>>${encodeHTML(m.value)}</option>
</list>
</select>
</td>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.description")}:</B></font></td>
- <td><input type="text" size="40" maxlength="255" name="description" value="${data.description} ${data.human_readable_size}"></td>
+ <td><input type="text" size="40" maxlength="255" name="description" value="${encodeHTML(data.description)} ${encodeHTML(data.human_readable_size)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.date")}:</B></font></td>
- <td><input type="text" size="8" maxlength="8" name="date" value="${data.date}">
- <input type="text" size="20" maxlength="40" name="year" value="${data.year}"></td>
+ <td><input type="text" size="8" maxlength="8" name="date" value="${encodeHTML(data.date)}">
+ <input type="text" size="20" maxlength="40" name="year" value="${encodeHTML(data.year)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.location")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="place" value="${data.place}"></td>
+ <td><input type="text" size="40" maxlength="80" name="place" value="${encodeHTML(data.place)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.creator")}:</B></font></td>
<td>
- <input type="text" size="40" maxlength="80" name="creator" value="${data.creator}">
+ <input type="text" size="40" maxlength="80" name="creator" value="${encodeHTML(data.creator)}">
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.keywords")}:</B></font></td>
- <td><textarea cols="40" rows="2" name="keywords">${data.keywords}</textarea></td>
+ <td><textarea cols="40" rows="2" name="keywords">${encodeHTML(data.keywords)}</textarea></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.comment")}:</B></font></td>
- <td><textarea cols="40" rows="2" name="comment">${data.comment}</textarea></td>
+ <td><textarea cols="40" rows="2" name="comment">${encodeHTML(data.comment)}</textarea></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.source")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="source" value="${data.source}"></td>
+ <td><input type="text" size="40" maxlength="80" name="source" value="${encodeHTML(data.source)}"></td>
</tr>
<if data.new>
<tr>
<B>${lang("media.title")}:<B>
</font> </td>
<td>
- <input type="text" name="media_title${m}" size="40" maxlength="80" value="">
+ <input type="text" name="media_title${encodeHTML(m)}" size="40" maxlength="80" value="">
</td>
</tr>
<tr>
<td bgcolor="#006600"></td>
<td>
- <INPUT TYPE="file" NAME="mpfile${m}"><br>
+ <INPUT TYPE="file" NAME="mpfile${encodeHTML(m)}"><br>
</td>
</tr>
</list>
<B>${lang("media.title")}:<B>
</font> </td>
<td>
- <input type="text" name="title" size="40" maxlength="80" value="${data.title}">
+ <input type="text" name="title" size="40" maxlength="80" value="${encodeHTML(data.title)}">
</td>
</tr>
</if>