<body bgcolor="#FFFFFF">
<include "admin/head.template">
-<form action="${config.actionRoot}" method="post">
+<form action="${encodeHTML(config.actionRoot)}" method="post">
<input type="hidden" name="module" value="Language">
- <input type="hidden" name="id" value="${id}">
+ <input type="hidden" name="id" value="${encodeHTML(id)}">
<if data.new><input type="hidden" name="do" value="insert">
<else><input type="hidden" name="do" value="update"></if>
<table border="0">
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("language.name")}:</B></font></td>
<td>
- <input type="text" name="name" size="30" value="${data.name}">
+ <input type="text" name="name" size="30" value="${encodeHTML(data.name)}">
</td>
</tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("language.code")}:</B></font></td>
<td>
- <input type="text" name="code" size="2" maxlength="2" value="${data.code}">
+ <input type="text" name="code" size="2" maxlength="2" value="${encodeHTML(data.code)}">
</td>
</tr>