projects / mir.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
remove gratuitous uses of encodeHTML as well as a couple of other where it is a bug...
[mir.git] / templates-dist / admin / media.template
diff --git a/templates-dist/admin/media.template b/templates-dist/admin/media.template
index 2a30dc0..08ddcec 100755 (executable)
--- a/templates-dist/admin/media.template
+++ b/templates-dist/admin/media.template
@@ -4,11 +4,6 @@
 ${lang("other_media.htmltitle")}
 </title>
 <head>
-<SCRIPT LANGUAGE="JavaScript">
-function openWin(url) {
-   window.open(url,"vc","scrollbars=0,height=${data.img_height},width=${data.img_width}");
-}
-</SCRIPT>
 <body bgcolor="#FFFFFF">
 <include "admin/head.template">
 
@@ -30,9 +25,9 @@ function openWin(url) {
 </if>
 <form enctype="multipart/form-data" method="post" action="${config.actionRoot}?module=OtherMedia&do=<if data.new>insert<else>update</if>&id=${data.id}">
 
-       <input type="hidden" name="where" value="${data.where}">
-       <input type="hidden" name="offset" value="${data.offset}">
-       <input type="hidden" name="order" value="${data.order}">
+       <input type="hidden" name="where" value="${encodeHTML(data.where)}">
+       <input type="hidden" name="offset" value="${encodeHTML(data.offset)}">
+       <input type="hidden" name="order" value="${encodeHTML(data.order)}">
        <input type="hidden" name="id" value="${data.id}">
 
        <table border="0">
@@ -58,7 +53,7 @@ function openWin(url) {
     <td>
                <select name="to_media_folder">
                <list extra.mediafolderPopupData as m>
-               <option value="${m.key}" <if m.key == data.to_media_folder>selected</if>>${m.value}</option>
+               <option value="${encodeHTML(m.key)}" <if m.key == data.to_media_folder>selected</if>>${encodeHTML(m.value)}</option>
                </list>
            </select>
        </td>
@@ -67,7 +62,7 @@ function openWin(url) {
        <tr>
     <td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
         <B>${lang("media.description")}:</B></font></td>
-    <td><input type="text" size="40" maxlength="255" name="description" value="${data.description}"></td>
+    <td><input type="text" size="40" maxlength="255" name="description" value="${encodeHTML(data.description)}"></td>
        </tr>
 
        <tr>
@@ -80,20 +75,20 @@ function openWin(url) {
        <tr>
     <td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
         <B>${lang("media.location")}:</B></font></td>
-    <td><input type="text" size="40" maxlength="80" name="place" value="${data.place}"></td>
+    <td><input type="text" size="40" maxlength="80" name="place" value="${encodeHTML(data.place)}"></td>
        </tr>
 
        <tr>
     <td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
         <B>${lang("media.creator")}:</B></font></td>
     <td>
-               <input type="text" size="40" maxlength="80" name="creator" value="${data.creator}">
+               <input type="text" size="40" maxlength="80" name="creator" value="${encodeHTML(data.creator)}">
        </tr>
 
        <tr>
     <td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
         <B>${lang("media.keywords")}:</B></font></td>
-    <td><textarea cols="40" rows="2" name="keywords">${data.keywords}</textarea></td>
+    <td><textarea cols="40" rows="2" name="keywords">${encodeHTML(data.keywords)}</textarea></td>
        </tr>
 
        <tr>
@@ -105,7 +100,7 @@ function openWin(url) {
        <tr>
     <td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
         <B>${lang("media.source")}:</B></font></td>
-    <td><input type="text" size="40" maxlength="80" name="source" value="${data.source}"></td>
+    <td><input type="text" size="40" maxlength="80" name="source" value="${encodeHTML(data.source)}"></td>
        </tr>
        <tr>
     <td colspan="2" align="right"> <font color="black">
@@ -140,7 +135,7 @@ function openWin(url) {
                        <B>${lang("media.title")}:<B>
                </font> </td>
                <td>
-                       <input type="text" name="title" size="40" maxlength="80" value="${data.title}">
+                       <input type="text" name="title" size="40" maxlength="80" value="${encodeHTML(data.title)}">
                </td>
                </tr>
        </if>
The Mir CMS