wrap pretty much all freemarker variables (i.e the data) in encodeHTML(data..). this...

[mir.git] / templates-dist / admin / language.template

diff --git a/templates-dist/admin/language.template b/templates-dist/admin/language.template
index d2df3a8..e49420b 100755 (executable)
--- a/templates-dist/admin/language.template
+++ b/templates-dist/admin/language.template
@@ -7,9 +7,9 @@ ${lang("language.htmltitle")}
 
 <body bgcolor="#FFFFFF">
 <include "admin/head.template">
-<form action="${config.actionRoot}" method="post">
+<form action="${encodeHTML(config.actionRoot)}" method="post">
        <input type="hidden" name="module" value="Language">
-       <input type="hidden" name="id" value="${id}">
+       <input type="hidden" name="id" value="${encodeHTML(id)}">
        <if data.new><input type="hidden" name="do" value="insert">
        <else><input type="hidden" name="do" value="update"></if>
 <table border="0">
@@ -18,7 +18,7 @@ ${lang("language.htmltitle")}
     <td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
          <B>${lang("language.name")}:</B></font></td>
     <td>
-         <input type="text" name="name" size="30" value="${data.name}">
+         <input type="text" name="name" size="30" value="${encodeHTML(data.name)}">
     </td>
   </tr>
 
@@ -26,7 +26,7 @@ ${lang("language.htmltitle")}
     <td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
          <B>${lang("language.code")}:</B></font></td>
     <td>
-         <input type="text" name="code" size="2" maxlength="2" value="${data.code}">
+         <input type="text" name="code" size="2" maxlength="2" value="${encodeHTML(data.code)}">
     </td>
   </tr>