<table border="0" cellpadding="2" cellspacing="1">
<tr>
- <td colspan="5"><form method="post" action="${config.actionRoot}">
+ <td colspan="5"><form method="post" action="${encodeHTML(config.actionRoot)}">
<input type="hidden" name="module" value="Images">
<input type="hidden" name="do" value="list">
- <input type="hidden" name="cid" value="${data.cid}">
+ <input type="hidden" name="cid" value="${encodeHTML(data.cid)}">
<table border="0">
<tr bgcolor="Pink">
<td>${lang("medialist.search_text_in")}:</td>
<tr>
<td>
- <input type="text" size="10" maxlength="20" name="query_text" value="${data.query_text}">
+ <input type="text" size="10" maxlength="20" name="query_text" value="${encodeHTML(data.query_text)}">
<select name="query_field">
<option value="title"<if data.query_field=="title"> selected</if>>${lang("media.title")}</option>
<option value="creator"<if data.query_field=="creator"> selected</if>>${lang("media.creator")}</option>
<td>
<select name="query_media_folder">
<list extra.mediafolderPopupData as m>
- <option value="${m.key}" <if m.key == query_media_folder>selected</if>>${m.value}</option>
+ <option value="${encodeHTML(m.key)}" <if m.key == data.query_media_folder>selected</if>>${encodeHTML(m.value)}</option>
</list>
</select>
</td>
<td><font color="#FFFFFF" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<b>${lang("media.title")}</b></font></td>
<td><font color="#FFFFFF" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
+ <b>${lang("media.format")}</b></font></td>
+ <td><font color="#FFFFFF" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
+ <b>${lang("media.size")}</b></font></td>
+ <td><font color="#FFFFFF" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<b>${lang("media.mediafolder")}</b></font></td>
<td><font color="#FFFFFF" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<b>${lang("media.creator")}</b></font></td>
<tr <if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"> </if>>
<td>
<if entry.icon_data!="" && entry.icon_data!="0">
- <a href="${config.actionRoot}?module=Images&do=showimg&id=${entry.id}" target="new">
- <img src="${config.actionRoot}?module=Images&do=showicon&id=${entry.id}" border=0></a></font></td>
+ <a href="${encodeHTML(config.actionRoot)}?module=Images&do=getMedia&id=${encodeHTML(entry.id)}" target="new">
+ <img src="${encodeHTML(config.actionRoot)}?module=Images&do=getIcon&id=${encodeHTML(entry.id)}" border=0></a></font></td>
</if>
- <td>${entry.title}
- <if entry.decription><br>${entry.description}</if></td>
+ <td>${encodeHTML(entry.title)}
+ <if entry.description><br>${encodeHTML(entry.description)}</if></td>
+ <td>${encodeHTML(entry.media_descr)} </td>
+ <td>${encodeHTML(entry.human_readable_size)} </td>
<td>${data.mediafolderHashdata[entry.to_media_folder]["name"]} </td>
- <td>${entry.creator} </td>
+ <td>${encodeHTML(entry.creator)} </td>
<td><font size="1">
- <if data.cid><a href="${config.actionRoot}?module=Content&do=attach&mid=${entry.id}&cid=${data.cid}">${lang("attach")}</a>
+ <if data.cid><a href="${encodeHTML(config.actionRoot)}?module=Content&do=attach&mid=${encodeHTML(entry.id)}&cid=${encodeHTML(data.cid)}">${lang("attach")}</a>
<else>
- <a href="${config.actionRoot}?module=Images&do=delete&id=${entry.id}">${lang("delete")}</a>
- | <a href="${config.actionRoot}?module=Images&do=edit&id=${entry.id}">${lang("edit")}</a>
+ <a href="${config.actionRoot}?module=Images&do=delete&id=${entry.id}&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&query_is_published=${data.query_is_published}&query_media_folder=${data.query_media_folder}&offset=${data.offset}&order=${data.order}">${lang("delete")}</a>
+ | <a href="${encodeHTML(config.actionRoot)}?module=Images&do=edit&id=${encodeHTML(entry.id)}">${lang("edit")}</a>
</if>
</font></td>
</tr>
</list>
<tr>
- <td colspan="4" bgcolor="#006600"><font color="#ffffff">${data.count} ${lang("records")}
+ <td colspan="4" bgcolor="#006600"><font color="#ffffff">${encodeHTML(data.count)} ${lang("records")}
/ ${lang("show_from_to", data.from, data.to)}</font></td>
<td> </td>
</tr>
<tr><td>
<if data.prev>
- <a href="${config.actionRoot}?module=Images&do=list&query_text=${data.query_text_encoded}&query_field=${data.query_field}&query_is_published=${data.query_is_published}&query_media_folder=${data.query_media_folder}&offset=${data.prev}&prev=zurück&cid=${data.cid}">zurueck</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Images&do=list&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&query_is_published=${encodeHTML(data.query_is_published)}&query_media_folder=${encodeHTML(data.query_media_folder)}&offset=${encodeHTML(data.prev)}&prev=zurück&cid=${encodeHTML(data.cid)}">zurueck</a>
</if>
<if data.next>
-<a href="${config.actionRoot}?module=Images&do=list&query_text=${data.query_text_encoded}&query_field=${data.query_field}&query_is_published=${data.query_is_published}&query_media_folder=${data.query_media_folder}&offset=${data.next}&next=weiter&cid=${data.cid}">weiter</a>
+<a href="${encodeHTML(config.actionRoot)}?module=Images&do=list&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&query_is_published=${encodeHTML(data.query_is_published)}&query_media_folder=${encodeHTML(data.query_media_folder)}&offset=${encodeHTML(data.next)}&next=weiter&cid=${encodeHTML(data.cid)}">weiter</a>
</if>
</td></tr>
<else>