<body bgcolor="#FFFFFF">
<include "admin/head.template">
-<form action="${config.actionRoot}" method="post">
+<form action="${encodeHTML(config.actionRoot)}" method="post">
<input type="hidden" name="module" value="Message">
- <input type="hidden" name="id" value="${data.id}">
+ <input type="hidden" name="id" value="${encodeHTML(data.id)}">
<if data.new><input type="hidden" name="do" value="insert">
<else><input type="hidden" name="do" value="update"></if>
<table border="0">
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("message.date")}:</B></font></td>
<td>
- ${data.date}
+ ${encodeHTML(data.date)}
</td>
</tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("message.title")}:</B></td>
<td>
- <input type=text name="title" maxlength=40 value="${data.title}">
+ <input type=text name="title" maxlength=40 value="${encodeHTML(data.title)}">
</td>
</tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("message.creator")}:</B></td>
<td>
- <input type=text name="creator" maxlength=40 value="${data.creator}">
+ <input type=text name="creator" maxlength=40 value="${encodeHTML(data.creator)}">
</td>
</tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("message.text")}:</B> ${lang("message.textinfo")}</font></td>
<td>
- <textarea cols="50" rows="3" name="description" wrap=virtual>${data.description}</textarea>
+ <textarea cols="50" rows="3" name="description" wrap=virtual>${encodeHTML(data.description)}</textarea>
</td>
</tr>