projects / mir.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
wrap pretty much all freemarker variables (i.e the data) in encodeHTML(data..). this...
[mir.git] / templates-dist / admin / hiddenlist.template
diff --git a/templates-dist/admin/hiddenlist.template b/templates-dist/admin/hiddenlist.template
index 31cf6fe..192d4ff 100755 (executable)
--- a/templates-dist/admin/hiddenlist.template
+++ b/templates-dist/admin/hiddenlist.template
@@ -1,7 +1,7 @@
 <html>
 <head>
        <title>${lang("start.content.hidden")}</title>
-       <link rel="stylesheet" type="text/css" href="${config.docRoot}/admin.css">
+       <link rel="stylesheet" type="text/css" href="${encodeHTML(config.docRoot)}/admin.css">
 
 </head>
 
@@ -13,7 +13,7 @@
     <td>
 
 
-<form method="post" action="${config.actionRoot}">
+<form method="post" action="${encodeHTML(config.actionRoot)}">
        <input type="hidden" name="module" value="Hidden">
        <input type="hidden" name="do" value="list">
 
@@ -62,16 +62,16 @@
 <table cellpadding="6" bgcolor="#dddddd" width="98%">
   <tr>
     <td>
-     <p>${lang("start.content.hidden")} | ${lang("month")}: ${data.month} , ${lang("year")}:${data.year}</p>
+     <p>${lang("start.content.hidden")} | ${lang("month")}: ${encodeHTML(data.month)} , ${lang("year")}:${encodeHTML(data.year)}</p>
     </td>
   </tr>
 </table>
 
 <list data.contentlist as i>
 <p>
-${lang("content.title")}: <b>${i.title}</b><br>
-${lang("content.creator")}: ${i.creator}<br>
-${lang("message.date")}: ${i.webdb_create_formatted}<br>
+${lang("content.title")}: <b>${encodeHTML(i.title)}</b><br>
+${lang("content.creator")}: ${encodeHTML(i.creator)}<br>
+${lang("message.date")}: ${encodeHTML(i.webdb_create_formatted)}<br>
 <br>
 <if i.to_media_audio >additional media, type: audio<br></if>
 <if i.to_media_video >additional media, type: video<br></if>
@@ -81,11 +81,11 @@ ${lang("message.date")}: ${i.webdb_create_formatted}<br>
 
 <p>
 ${lang("content.abstract")}:<br>
-${i.description_parsed}</p>
+${encodeHTML(i.description_parsed)}</p>
 
 <p>
 ${lang("content.content")}:<br>
-${i.content_data_parsed}
+${encodeHTML(i.content_data_parsed)}
 </p>
 <p>&nbsp;</p>
 <hr size="4" width="98%" noshade>
The Mir CMS