projects / mir.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
wrap pretty much all freemarker variables (i.e the data) in encodeHTML(data..). this...
[mir.git] / templates-dist / admin / featurelist.template
diff --git a/templates-dist/admin/featurelist.template b/templates-dist/admin/featurelist.template
index cd9a40d..01c9252 100755 (executable)
--- a/templates-dist/admin/featurelist.template
+++ b/templates-dist/admin/featurelist.template
@@ -21,35 +21,35 @@
   <if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"> </if>
   >
   <td align="center"><if entry.is_published!="0">X<else>&nbsp;</if></td>
-  <td>${entry.title}&nbsp;</td>
-  <td>${entry.filename}&nbsp;</td>
-  <td>${entry.main_url}&nbsp;</td>
-  <td>${entry.description}&nbsp;</td>
-  <td><font size="1"> <a href="${config.actionRoot}?module=Schwerpunkt&do=delete&id=${entry.id}">${lang("delete")}</a>
-  | <a href="${config.actionRoot}?module=Schwerpunkt&do=edit&id=${entry.id}">${lang("edit")}</a></font></td>
+  <td>${encodeHTML(entry.title)}&nbsp;</td>
+  <td>${encodeHTML(entry.filename)}&nbsp;</td>
+  <td>${encodeHTML(entry.main_url)}&nbsp;</td>
+  <td>${encodeHTML(entry.description)}&nbsp;</td>
+  <td><font size="1"> <a href="${encodeHTML(config.actionRoot)}?module=Schwerpunkt&do=delete&id=${encodeHTML(entry.id)}">${lang("delete")}</a>
+  | <a href="${encodeHTML(config.actionRoot)}?module=Schwerpunkt&do=edit&id=${encodeHTML(entry.id)}">${lang("edit")}</a></font></td>
   </tr>
   </list>
 
   <tr>
     <td align="center" colspan="5" bgcolor="#006600">
-      <div align="left"><font color="#ffffff">${data.count} ${lang("records")} /
+      <div align="left"><font color="#ffffff">${encodeHTML(data.count)} ${lang("records")} /
         ${lang("show_from_to", data.from, data.to)}</font></div>
     </td>
-    <td><a href="${config.docRoot}"><font size="1">&nbsp;${lang("back")}</font></a></td>
+    <td><a href="${encodeHTML(config.docRoot)}"><font size="1">&nbsp;${lang("back")}</font></a></td>
   </tr>
 </table>
 
       <P>
 <if (data.prev || data.next)>
- <form method="post" action="${config.actionRoot}">
+ <form method="post" action="${encodeHTML(config.actionRoot)}">
  <input type="hidden" name="module" value="Schwerpunkt">
- <input type="hidden" name="where" value="${data.where}">
+ <input type="hidden" name="where" value="${encodeHTML(data.where)}">
 <if data.prev>
- <input type="hidden" name="prevoffset" value="${data.prev}">
+ <input type="hidden" name="prevoffset" value="${encodeHTML(data.prev)}">
  <input type="submit" name="prev" value="${lang("list.previous")}">
 </if>
 <if data.next>
- <input type="hidden" name="nextoffset" value="${data.next}">
+ <input type="hidden" name="nextoffset" value="${encodeHTML(data.next)}">
  <input type="submit" name="next" value="${lang("list.next")}">
 </if>
  </form>
The Mir CMS