projects
/
mir.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
ae0a275
)
wrap pretty much all freemarker variables (i.e the data) in encodeHTML(data..). this...
author
mh
<mh>
Tue, 10 Dec 2002 09:40:33 +0000
(09:40 +0000)
committer
mh
<mh>
Tue, 10 Dec 2002 09:40:33 +0000
(09:40 +0000)
templates-dist/admin/content.template
patch
|
blob
|
history
diff --git
a/templates-dist/admin/content.template
b/templates-dist/admin/content.template
index
e128de4
..
bbacb04
100755
(executable)
--- a/
templates-dist/admin/content.template
+++ b/
templates-dist/admin/content.template
@@
-12,12
+12,12
@@
p { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
<body bgcolor="#FFFFFF" link="#aaaaaa">
<include "admin/head.template">
<body bgcolor="#FFFFFF" link="#aaaaaa">
<include "admin/head.template">
-<form method="post" action="${
config.actionRoot
}">
+<form method="post" action="${
encodeHTML(config.actionRoot)
}">
<input type="hidden" name="module" value="Content">
<input type="hidden" name="module" value="Content">
- <input type="hidden" name="where" value="${
data.where
}">
- <input type="hidden" name="offset" value="${
data.offset
}">
- <input type="hidden" name="order" value="${
data.order
}">
- <input type="hidden" name="id" value="${
data.id
}">
+ <input type="hidden" name="where" value="${
encodeHTML(data.where)
}">
+ <input type="hidden" name="offset" value="${
encodeHTML(data.offset)
}">
+ <input type="hidden" name="order" value="${
encodeHTML(data.order)
}">
+ <input type="hidden" name="id" value="${
encodeHTML(data.id)
}">
<if data.new>
<input type="hidden" name="do" value="insert">
<else>
<if data.new>
<input type="hidden" name="do" value="insert">
<else>
@@
-32,7
+32,7
@@
p { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
<b>${lang("content.owner")}:</b>
</td>
<td>
<b>${lang("content.owner")}:</b>
</td>
<td>
- ${
data.login_user.login
}
+ ${
encodeHTML(data.login_user.login)
}
</td>
</font>
<td colspan="3"> </td>
</td>
</font>
<td colspan="3"> </td>
@@
-43,7
+43,7
@@
p { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
<b>${lang("content.import_date")}:</b>
</td>
<td>
<b>${lang("content.import_date")}:</b>
</td>
<td>
- ${
data.date
}
+ ${
encodeHTML(data.date)
}
</td>
</font>
<td colspan="3"> </td>
</td>
</font>
<td colspan="3"> </td>
@@
-55,7
+55,7
@@
p { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
<b>${lang("content.lastchange_date")}:</b>
</td>
<td>
<b>${lang("content.lastchange_date")}:</b>
</td>
<td>
- ${
data.webdb_lastchange
}
+ ${
encodeHTML(data.webdb_lastchange)
}
<br>
</td>
</font>
<br>
</td>
</font>
@@
-68,7
+68,7
@@
p { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
<b>${lang("content.create_date")}:</b>
</td>
<td colspan="3">
<b>${lang("content.create_date")}:</b>
</td>
<td colspan="3">
- ${
data.webdb_create
}<br><br>${lang("edit")} (yyyy-mm-dd [HH:mm]):
+ ${
encodeHTML(data.webdb_create)
}<br><br>${lang("edit")} (yyyy-mm-dd [HH:mm]):
<input type="text" size="10" maxlength="16" name="webdb_create" value="">
<br>
</td>
<input type="text" size="10" maxlength="16" name="webdb_create" value="">
<br>
</td>
@@
-78,11
+78,11
@@
p { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
<tr>
<td align="right" valign="top" bgcolor="#AAAAAA"><font color="#ffffff">
<tr>
<td align="right" valign="top" bgcolor="#AAAAAA"><font color="#ffffff">
- <B>${lang("content.topic")} <a href="${
config.docRoot
}/help/content.html">
- <img src=" ${
config.docRoot
}/img/help.gif" border="0" align="absmiddle"></a>
+ <B>${lang("content.topic")} <a href="${
encodeHTML(config.docRoot)
}/help/content.html">
+ <img src=" ${
encodeHTML(config.docRoot)
}/img/help.gif" border="0" align="absmiddle"></a>
/ ${lang("content.feature")}:
/ ${lang("content.feature")}:
- <a href="${
config.docRoot
}/help/content.html">
- <img src="${
config.docRoot
}/img/help.gif" border="0" align="absmiddle"></a>
+ <a href="${
encodeHTML(config.docRoot)
}/help/content.html">
+ <img src="${
encodeHTML(config.docRoot)
}/img/help.gif" border="0" align="absmiddle"></a>
</B></font>
</td>
<td colspan="4" >
</B></font>
</td>
<td colspan="4" >
@@
-91,12
+91,12
@@
p { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
<td>
<select name="to_article_type">
<list extra.articletypePopupData as a>
<td>
<select name="to_article_type">
<list extra.articletypePopupData as a>
- <option value="${
a.key}" <if (a.key == data.to_article_type)>selected</if>>${a.value
}</option>
+ <option value="${
encodeHTML(a.key)}" <if (a.key == data.to_article_type)>selected</if>>${encodeHTML(a.value)
}</option>
</list>
</select>
<select name="to_feature">
<list extra.schwerpunktPopupData as s>
</list>
</select>
<select name="to_feature">
<list extra.schwerpunktPopupData as s>
- <option value="${
s.key}" <if (s.key == data.to_feature)>selected</if>>${s.value
}</option>
+ <option value="${
encodeHTML(s.key)}" <if (s.key == data.to_feature)>selected</if>>${encodeHTML(s.value)
}</option>
</list>
</select>
</td>
</list>
</select>
</td>
@@
-104,7
+104,7
@@
p { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
<select name="to_topic" size="5" multiple>
<list extra.themenPopupData as t>
<select name="to_topic" size="5" multiple>
<list extra.themenPopupData as t>
- <option value="${
t.key}" <list data.to_topics as to><if (t.key == to["id"])>selected</if></list>>${t.value
}</option>
+ <option value="${
encodeHTML(t.key)}" <list data.to_topics as to><if (t.key == to["id"])>selected</if></list>>${encodeHTML(t.value)
}</option>
</list>
</select>
</list>
</select>
@@
-114,7
+114,7
@@
p { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
<td>
<select name="to_language">
<list extra.languagePopupData as l>
<td>
<select name="to_language">
<list extra.languagePopupData as l>
- <option value="${
l.key}" <if (l.key == data.to_language)>selected</if>>${l.value
}</option>
+ <option value="${
encodeHTML(l.key)}" <if (l.key == data.to_language)>selected</if>>${encodeHTML(l.value)
}</option>
</list>
</select>
<td>
</list>
</select>
<td>
@@
-125,37
+125,37
@@
p { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
<tr>
<td align="right" valign="top" bgcolor="#AAAAAA">
<B><font color="#ffffff">${lang("content.title")}: <br><br>${lang("content.subtitle")}: <br>
<tr>
<td align="right" valign="top" bgcolor="#AAAAAA">
<B><font color="#ffffff">${lang("content.title")}: <br><br>${lang("content.subtitle")}: <br>
- <a href="${
config.docRoot
}/help/content.html#title">
- <img src="${
config.docRoot
}/img/help.gif" border="0" align="absmiddle"></a>
+ <a href="${
encodeHTML(config.docRoot)
}/help/content.html#title">
+ <img src="${
encodeHTML(config.docRoot)
}/img/help.gif" border="0" align="absmiddle"></a>
</font></B>
</td>
<td colspan="4">
</font></B>
</td>
<td colspan="4">
- <input type="text" size="40" name="title" value="${
data.title
}"><br>
- <input type="text" size="20" name="subtitle" value="${
data.subtitle
}">
- <input type="text" size="20" name="edittitle" value="${
data.edittitle
}">
+ <input type="text" size="40" name="title" value="${
encodeHTML(data.title)
}"><br>
+ <input type="text" size="20" name="subtitle" value="${
encodeHTML(data.subtitle)
}">
+ <input type="text" size="20" name="edittitle" value="${
encodeHTML(data.edittitle)
}">
</td>
</tr>
<tr>
<td align="right" valign="top" bgcolor="#AAAAAA">
<B><font color="#ffffff">${lang("content.location")}:</font>
<font color="#FFFFFF">
</td>
</tr>
<tr>
<td align="right" valign="top" bgcolor="#AAAAAA">
<B><font color="#ffffff">${lang("content.location")}:</font>
<font color="#FFFFFF">
- <a href="${
config.docRoot
}/help/content.html">
- <img src="${
config.docRoot
}/img/help.gif" border="0" align="absmiddle"></a>
+ <a href="${
encodeHTML(config.docRoot)
}/help/content.html">
+ <img src="${
encodeHTML(config.docRoot)
}/img/help.gif" border="0" align="absmiddle"></a>
</font></B>
</td>
<td colspan="4" >
</font></B>
</td>
<td colspan="4" >
- <input type="text" size="40" name="place" value="${
data.place
}">
+ <input type="text" size="40" name="place" value="${
encodeHTML(data.place)
}">
</td>
</tr>
<tr>
<td align="right" valign="top" bgcolor="#AAAAAA">
<font color="#ffffff"><B>${lang("content.creator")}:</B></font>
<font color="#ffffff">
</td>
</tr>
<tr>
<td align="right" valign="top" bgcolor="#AAAAAA">
<font color="#ffffff"><B>${lang("content.creator")}:</B></font>
<font color="#ffffff">
- <a href="${
config.docRoot
}/help/content.html">
- <img src="${
config.docRoot
}/img/help.gif" border="0" align="absmiddle"></a></font>
+ <a href="${
encodeHTML(config.docRoot)
}/help/content.html">
+ <img src="${
encodeHTML(config.docRoot)
}/img/help.gif" border="0" align="absmiddle"></a></font>
</td>
<td colspan="4">
</td>
<td colspan="4">
- <input type="text" size="40" name="creator" value="${
data.creator
}"><br>
+ <input type="text" size="40" name="creator" value="${
encodeHTML(data.creator)
}"><br>
</td>
</tr>
</td>
</tr>
@@
-163,71
+163,71
@@
p { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
<td align="right" valign="top" bgcolor="#AAAAAA">
<font color="#ffffff"><B>${lang("content.creator.email")}/${lang("content.creator.url")}:</B></font>
<font color="#ffffff">
<td align="right" valign="top" bgcolor="#AAAAAA">
<font color="#ffffff"><B>${lang("content.creator.email")}/${lang("content.creator.url")}:</B></font>
<font color="#ffffff">
- <a href="${
config.docRoot
}/help/content.html">
- <img src="${
config.docRoot
}/img/help.gif" border="0" align="absmiddle"></a></font>
+ <a href="${
encodeHTML(config.docRoot)
}/help/content.html">
+ <img src="${
encodeHTML(config.docRoot)
}/img/help.gif" border="0" align="absmiddle"></a></font>
</td>
<td colspan="4" >
</td>
<td colspan="4" >
- <input type="text" size="20" name="creator_email" value="${
data.creator_email
}">
- <input type="text" size="20" name="creator_main_url" value="${
data.creator_main_url
}">
+ <input type="text" size="20" name="creator_email" value="${
encodeHTML(data.creator_email)
}">
+ <input type="text" size="20" name="creator_main_url" value="${
encodeHTML(data.creator_main_url)
}">
</td>
</tr>
<tr>
<td align="right" valign="top" bgcolor="#AAAAAA">
<font color="#ffffff"><B>${lang("content.creator.address")}/${lang("content.creator.telephone")}:</B></font>
<font color="#ffffff">
</td>
</tr>
<tr>
<td align="right" valign="top" bgcolor="#AAAAAA">
<font color="#ffffff"><B>${lang("content.creator.address")}/${lang("content.creator.telephone")}:</B></font>
<font color="#ffffff">
- <a href="${
config.docRoot
}/help/content.html">
- <img src="${
config.docRoot
}/img/help.gif" border="0" align="absmiddle"></a></font>
+ <a href="${
encodeHTML(config.docRoot)
}/help/content.html">
+ <img src="${
encodeHTML(config.docRoot)
}/img/help.gif" border="0" align="absmiddle"></a></font>
</td>
<td colspan="4" >
</td>
<td colspan="4" >
- <input type="text" size="20" name="creator_address" value="${
data.creator_address
}">
- <input type="text" size="20" name="creator_phone" value="${
data.creator_phone
}">
+ <input type="text" size="20" name="creator_address" value="${
encodeHTML(data.creator_address)
}">
+ <input type="text" size="20" name="creator_phone" value="${
encodeHTML(data.creator_phone)
}">
</td>
</tr>
<tr>
<td align="right" valign="top" bgcolor="#AAAAAA">
<B><font color="#ffffff">${lang("content.abstract")}:</font></B>
</td>
</tr>
<tr>
<td align="right" valign="top" bgcolor="#AAAAAA">
<B><font color="#ffffff">${lang("content.abstract")}:</font></B>
- <a href="${
config.docRoot
}/help/content.html">
- <img src="${
config.docRoot
}/img/help.gif" border="0" align="absmiddle"></a>
+ <a href="${
encodeHTML(config.docRoot)
}/help/content.html">
+ <img src="${
encodeHTML(config.docRoot)
}/img/help.gif" border="0" align="absmiddle"></a>
</td>
<td colspan="4">
</td>
<td colspan="4">
- <textarea cols="50" rows="15" name="description" wrap=virtual>${
data.description
}</textarea>
+ <textarea cols="50" rows="15" name="description" wrap=virtual>${
encodeHTML(data.description)
}</textarea>
</td>
</tr>
<tr>
<td align="right" valign="top" bgcolor="#AAAAAA">
<B><font color="#ffffff">${lang("content.content")}:
</td>
</tr>
<tr>
<td align="right" valign="top" bgcolor="#AAAAAA">
<B><font color="#ffffff">${lang("content.content")}:
- <a href="${
config.docRoot
}/help/content.html">
- <img src="${
config.docRoot
}/img/help.gif" border="0" align="absmiddle"></a>
+ <a href="${
encodeHTML(config.docRoot)
}/help/content.html">
+ <img src="${
encodeHTML(config.docRoot)
}/img/help.gif" border="0" align="absmiddle"></a>
${lang("content.html")}</font> <input type="checkbox" name="is_html" value="1"<if
data.is_html=="1"> checked</if>>
${lang("content.html")}</font> <input type="checkbox" name="is_html" value="1"<if
data.is_html=="1"> checked</if>>
- <a href="${
config.docRoot
}/help/content.html">
- <img src="${
config.docRoot
}/img/help.gif" border="0" align="absmiddle"></a>
+ <a href="${
encodeHTML(config.docRoot)
}/help/content.html">
+ <img src="${
encodeHTML(config.docRoot)
}/img/help.gif" border="0" align="absmiddle"></a>
</font></b></td>
<td colspan="4">
</font></b></td>
<td colspan="4">
- <textarea cols="50" rows="20" name="content_data" wrap=virtual>${
data.content_data
}</textarea></td>
+ <textarea cols="50" rows="20" name="content_data" wrap=virtual>${
encodeHTML(data.content_data)
}</textarea></td>
</tr>
<!--
<tr>
<td align="right" valign="top" bgcolor="#aaaaaa"><B><font color="#ffffff">Termin (von/bis)
<font color="#000000">
</tr>
<!--
<tr>
<td align="right" valign="top" bgcolor="#aaaaaa"><B><font color="#ffffff">Termin (von/bis)
<font color="#000000">
- <a href="${
config.docRoot
}/help/content.html">
- <img src="${
config.docRoot
}/img/help.gif" border="0" align="absmiddle"></a></font>
+ <a href="${
encodeHTML(config.docRoot)
}/help/content.html">
+ <img src="${
encodeHTML(config.docRoot)
}/img/help.gif" border="0" align="absmiddle"></a></font>
</font>:</B></td>
<td nowrap>
</font>:</B></td>
<td nowrap>
- <input type="text" size="8" maxlength="8" name="date_from" value="${
data.date_from
}">
- <input type="text" size="8" maxlength="8" name="date_to" value="${
data.date_to
}">
+ <input type="text" size="8" maxlength="8" name="date_from" value="${
encodeHTML(data.date_from)
}">
+ <input type="text" size="8" maxlength="8" name="date_to" value="${
encodeHTML(data.date_to)
}">
</td>
<td>
</td>
<td align="right" valign="top" bgcolor="#aaaaaa">
<B><font color="#ffffff">Termin Name:
</td>
<td>
</td>
<td align="right" valign="top" bgcolor="#aaaaaa">
<B><font color="#ffffff">Termin Name:
- <a href="${
config.docRoot}/help/content.html"><img src="${config.docRoot
}/img/help.gif" border="0" align="absmiddle"></a>
+ <a href="${
encodeHTML(config.docRoot)}/help/content.html"><img src="${encodeHTML(config.docRoot)
}/img/help.gif" border="0" align="absmiddle"></a>
</font></B>
</td>
<td>
</font></B>
</td>
<td>
- <input type="text" size="25" name="date_name" value="${
data.date_name
}">
+ <input type="text" size="25" name="date_name" value="${
encodeHTML(data.date_name)
}">
</td>
</tr>
-->
</td>
</tr>
-->
@@
-237,7
+237,7
@@
p { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
<i>${lang("content.internal")}</i></font>
</td>
<td colspan="4">
<i>${lang("content.internal")}</i></font>
</td>
<td colspan="4">
- <textarea cols="50" rows="6" name="comment" wrap=virtual>${
data.comment
}</textarea>
+ <textarea cols="50" rows="6" name="comment" wrap=virtual>${
encodeHTML(data.comment)
}</textarea>
</td>
</tr>
</td>
</tr>
@@
-246,7
+246,7
@@
p { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
<td> </td>
<td> </td>
<td colspan="2" align="right" valign="top">
<td> </td>
<td> </td>
<td colspan="2" align="right" valign="top">
- frei <a href="${
config.docRoot}/help/content.html"><img src="${config.docRoot
}/img/help.gif" border="0" align="absmiddle"></a>:
+ frei <a href="${
encodeHTML(config.docRoot)}/help/content.html"><img src="${encodeHTML(config.docRoot)
}/img/help.gif" border="0" align="absmiddle"></a>:
<input type="checkbox" name="is_published" value="1"<if data.is_published!="0" && data.is_published!=""> checked</if>>
<if data.new>
<input type="submit" name="save" value="${lang("insert")}">
<input type="checkbox" name="is_published" value="1"<if data.is_published!="0" && data.is_published!=""> checked</if>>
<if data.new>
<input type="submit" name="save" value="${lang("insert")}">
@@
-263,8
+263,8
@@
p { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
<td align=right valign=top bgcolor="#aaaaaa">
<B><font color="#ffffff">${lang("content.images")}:</B><br></td>
<td colspan="4" align="left" valign="top">
<td align=right valign=top bgcolor="#aaaaaa">
<B><font color="#ffffff">${lang("content.images")}:</B><br></td>
<td colspan="4" align="left" valign="top">
- <a href="${
config.actionRoot}?module=Images&do=edit&id=${m["id"]}"><img src="${config.actionRoot
}?module=Images&do=getIcon&id=${m["id"]}" alt="edit" border="0"></a>
- <a href="${
config.actionRoot}?module=Content&do=dettach&cid=${data.id
}&mid=${m["id"]}">${lang("delete")}</a>
+ <a href="${
encodeHTML(config.actionRoot)}?module=Images&do=edit&id=${m["id"]}"><img src="${encodeHTML(config.actionRoot)
}?module=Images&do=getIcon&id=${m["id"]}" alt="edit" border="0"></a>
+ <a href="${
encodeHTML(config.actionRoot)}?module=Content&do=dettach&cid=${encodeHTML(data.id)
}&mid=${m["id"]}">${lang("delete")}</a>
</td>
</tr>
</list>
</td>
</tr>
</list>
@@
-272,7
+272,7
@@
p { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
<td align=right valign=top bgcolor="#aaaaaa">
<B><font color="#ffffff">${lang("content.media")}:</B><br></td>
<td colspan="4" align="left" valign="top">
<td align=right valign=top bgcolor="#aaaaaa">
<B><font color="#ffffff">${lang("content.media")}:</B><br></td>
<td colspan="4" align="left" valign="top">
- <a href="${
config.actionRoot}?module=Images&do=list&cid=${data.id}
">${lang("content.addimage")}</a>
+ <a href="${
encodeHTML(config.actionRoot)}?module=Images&do=list&cid=${encodeHTML(data.id)}&query_is_published=1
">${lang("content.addimage")}</a>
</td>
</tr>
<list data.to_media_audio as m>
</td>
</tr>
<list data.to_media_audio as m>
@@
-280,8
+280,8
@@
p { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
<td align=right valign=top bgcolor="#aaaaaa">
<B><font color="#ffffff">${lang("content.audio")}:</B><br></td>
<td colspan="4" align="left" valign="top">
<td align=right valign=top bgcolor="#aaaaaa">
<B><font color="#ffffff">${lang("content.audio")}:</B><br></td>
<td colspan="4" align="left" valign="top">
- <a href="${
config.actionRoot}?module=Audio&do=edit&id=${m["id"]}"><img src="${config.docRoot
}/img/${m["big_icon"]}" alt="edit" border="0"></a>
- <a href="${
config.actionRoot}?module=Content&do=dettach&cid=${data.id
}&mid=${m["id"]}">${lang("delete")}</a>
+ <a href="${
encodeHTML(config.actionRoot)}?module=Audio&do=edit&id=${m["id"]}"><img src="${encodeHTML(config.docRoot)
}/img/${m["big_icon"]}" alt="edit" border="0"></a>
+ <a href="${
encodeHTML(config.actionRoot)}?module=Content&do=dettach&cid=${encodeHTML(data.id)
}&mid=${m["id"]}">${lang("delete")}</a>
</td>
</tr>
</list>
</td>
</tr>
</list>
@@
-289,7
+289,7
@@
p { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
<td align=right valign=top bgcolor="#aaaaaa">
<B><font color="#ffffff">${lang("content.media")}:</B><br></td>
<td colspan="4" align="left" valign="top">
<td align=right valign=top bgcolor="#aaaaaa">
<B><font color="#ffffff">${lang("content.media")}:</B><br></td>
<td colspan="4" align="left" valign="top">
- <a href="${
config.actionRoot}?module=Audio&do=list&cid=${data.id}
">${lang("content.addaudio")}</a>
+ <a href="${
encodeHTML(config.actionRoot)}?module=Audio&do=list&cid=${encodeHTML(data.id)}&query_is_published=1
">${lang("content.addaudio")}</a>
</td>
</tr>
<list data.to_media_video as m>
</td>
</tr>
<list data.to_media_video as m>
@@
-297,8
+297,8
@@
p { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
<td align=right valign=top bgcolor="#aaaaaa">
<B><font color="#ffffff">${lang("content.video")}:</B><br></td>
<td colspan="4" align="left" valign="top">
<td align=right valign=top bgcolor="#aaaaaa">
<B><font color="#ffffff">${lang("content.video")}:</B><br></td>
<td colspan="4" align="left" valign="top">
- <a href="${
config.actionRoot}?module=Video&do=edit&id=${m["id"]}"><img src="${config.docRoot
}/img/${m["big_icon"]}" alt="edit" border="0"></a>
- <a href="${
config.actionRoot}?module=Content&do=dettach&cid=${data.id
}&mid=${m["id"]}">${lang("delete")}</a>
+ <a href="${
encodeHTML(config.actionRoot)}?module=Video&do=edit&id=${m["id"]}"><img src="${encodeHTML(config.docRoot)
}/img/${m["big_icon"]}" alt="edit" border="0"></a>
+ <a href="${
encodeHTML(config.actionRoot)}?module=Content&do=dettach&cid=${encodeHTML(data.id)
}&mid=${m["id"]}">${lang("delete")}</a>
</td>
</tr>
</list>
</td>
</tr>
</list>
@@
-306,7
+306,7
@@
p { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
<td align=right valign=top bgcolor="#aaaaaa">
<B><font color="#ffffff">${lang("content.media")}:</B><br></td>
<td colspan="4" align="left" valign="top">
<td align=right valign=top bgcolor="#aaaaaa">
<B><font color="#ffffff">${lang("content.media")}:</B><br></td>
<td colspan="4" align="left" valign="top">
- <a href="${
config.actionRoot}?module=Video&do=list&cid=${data.id}
">${lang("content.addvideo")}</a>
+ <a href="${
encodeHTML(config.actionRoot)}?module=Video&do=list&cid=${encodeHTML(data.id)}&query_is_published=1
">${lang("content.addvideo")}</a>
</td>
</tr>
<list data.to_media_other as m>
</td>
</tr>
<list data.to_media_other as m>
@@
-314,8
+314,8
@@
p { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
<td align=right valign=top bgcolor="#aaaaaa">
<B><font color="#ffffff">${lang("content.other")}:</B><br></td>
<td colspan="4" align="left" valign="top">
<td align=right valign=top bgcolor="#aaaaaa">
<B><font color="#ffffff">${lang("content.other")}:</B><br></td>
<td colspan="4" align="left" valign="top">
- <a href="${
config.actionRoot}?module=OtherMedia&do=edit&id=${m["id"]}"><img src="${config.docRoot
}/img/${m["big_icon"]}" alt="edit" border="0"></a>
- <a href="${
config.actionRoot}?module=Content&do=dettach&cid=${data.id
}&mid=${m["id"]}">${lang("delete")}</a>
+ <a href="${
encodeHTML(config.actionRoot)}?module=OtherMedia&do=edit&id=${m["id"]}"><img src="${encodeHTML(config.docRoot)
}/img/${m["big_icon"]}" alt="edit" border="0"></a>
+ <a href="${
encodeHTML(config.actionRoot)}?module=Content&do=dettach&cid=${encodeHTML(data.id)
}&mid=${m["id"]}">${lang("delete")}</a>
</td>
</tr>
</list>
</td>
</tr>
</list>
@@
-323,7
+323,7
@@
p { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
<td align=right valign=top bgcolor="#aaaaaa">
<B><font color="#ffffff">${lang("content.media")}:</B><br></td>
<td colspan="4" align="left" valign="top">
<td align=right valign=top bgcolor="#aaaaaa">
<B><font color="#ffffff">${lang("content.media")}:</B><br></td>
<td colspan="4" align="left" valign="top">
- <a href="${
config.actionRoot}?module=OtherMedia&do=list&cid=${data.id}
">${lang("content.addother")}</a>
+ <a href="${
encodeHTML(config.actionRoot)}?module=OtherMedia&do=list&cid=${encodeHTML(data.id)}&query_is_published=1
">${lang("content.addother")}</a>
</td>
</tr>
</table>
</td>
</tr>
</table>