wrap pretty much all freemarker variables (i.e the data) in encodeHTML(data..). this...

[mir.git] / templates-dist / admin / comment.template

<html>
<head>
<title>
${lang("comment.htmltitle")}
</title>
<head>

<body bgcolor="#FFFFFF">
<include "admin/head.template">

<form method="post" action="${encodeHTML(config.actionRoot)}">
        <input type="hidden" name="module" value="Comment">
        <input type="hidden" name="where" value="${encodeHTML(data.where)}">
        <input type="hidden" name="offset" value="${encodeHTML(data.offset)}">
        <input type="hidden" name="order" value="${encodeHTML(data.order)}">
        <input type="hidden" name="id" value="${encodeHTML(data.id)}">
        <input type="hidden" name="date" value="${encodeHTML(data.date)}">
        <input type="hidden" name="to_media" value="${encodeHTML(data.to_media)}">
        <if new> <input type="hidden" name="do" value="insert">
        <else>   <input type="hidden" name="do" value="update">
        </if>

        <table border="0">      

        <tr> 
    <td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
         <B>${lang("comment.date")}:</B></font></td>
    <td>${encodeHTML(data.date)}</td>
        </tr>
        
        <tr> 
    <td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
         <B>${lang("comment.title")}:</B></font></td>
    <td><input type="text" size="40" maxlength="255" name="title" value="${encodeHTML(data.title)}"></td>
        </tr>

        <tr> 
    <td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
         <B>${lang("comment.creator")}:</B></font></td>
    <td><input type="text" size="40" maxlength="80" name="creator" value="${encodeHTML(data.creator)}"></td>
        </tr>

        <tr> 
    <td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
         <B>${lang("comment.url")}:</B></font></td>
    <td><input type="text" size="40" maxlength="255" name="main_url" value="${encodeHTML(data.main_url)}"></td>
        </tr>
  
        <tr> 
    <td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
         <B>${lang("comment.email")}:</B></font></td>
    <td><input type="text" size="40" maxlength="80" name="email" value="${encodeHTML(data.email)}"></td>
        </tr>
  
        <tr> 
    <td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
         <B>${lang("comment.phone")}:</B></font></td>
    <td><input type="text" size="40" maxlength="80" name="phone" value="${encodeHTML(data.phone)}"></td>
        </tr>
  
        <tr> 
    <td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
         <B>${lang("comment.address")}:</B></font></td>
    <td><input type="text" size="40" maxlength="80" name="address" value="${encodeHTML(data.address)}"></td>
        </tr>
  
        <tr> 
    <td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
         <B>${lang("comment.text")}:</B></font></td>
    <td><textarea cols="40" rows="10" name="description" wrap="virtual">${encodeHTML(data.description)}</textarea></td>
        </tr>

    <td colspan="2" align="right"> <font color="black">
        ${lang("comment.published")} <input type="checkbox" name="is_published" value="1" <if data.is_published=="1"> checked</if>>
        <if new> 
      <input type="submit" name="save" value="${lang("insert")}">
    <else> 
    <input type="submit" name="save" value="${lang("save")}">
    </if> </font></form></font>
    </td>
</table>

<include "admin/foot.template">
</body>
</html>