projects / mir.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
wrap pretty much all freemarker variables (i.e the data) in encodeHTML(data..). this...
[mir.git] / templates-dist / admin / linksimcslist.template
diff --git a/templates-dist/admin/linksimcslist.template b/templates-dist/admin/linksimcslist.template
index dbff0f1..17eba79 100755 (executable)
--- a/templates-dist/admin/linksimcslist.template
+++ b/templates-dist/admin/linksimcslist.template
@@ -5,7 +5,7 @@
 <body bgcolor="#FFFFFF">\r
 <include "admin/head.template">\r
 \r
-<form method="post" action="${config.actionRoot}">\r
+<form method="post" action="${encodeHTML(config.actionRoot)}">\r
        <input type="hidden" name="module" value="LinksImcs">\r
        <input type="hidden" name="do" value="list">\r
        <input type="hidden" name="cid" value="">\r
@@ -19,7 +19,7 @@
        \r
        <tr>\r
        <td>\r
-               <input type="text" size="10" maxlength="20" name="query_text" value="${data.query_text}">\r
+               <input type="text" size="10" maxlength="20" name="query_text" value="${encodeHTML(data.query_text)}">\r
                <select name="query_field">\r
                        <option value="title"<if data.query_field == "title"> selected</if>>${lang("linkimcs.name")}\r
                        <option value="url"<if data.query_field == "url"> selected</if>>${lang("linkimcs.url")}\r
@@ -28,14 +28,14 @@
        <td>\r
                <select name="to_parent_id">\r
                        <option value=""></option>\r
-                   <list data.parentlist as parent><option value="${parent.id}"<if to_parent_id == parent.id> selected</if>>${parent.title}</option>\r
+                   <list data.parentlist as parent><option value="${encodeHTML(parent.id)}"<if to_parent_id == parent.id> selected</if>>${encodeHTML(parent.title)}</option>\r
                        </list>\r
            </select>\r
        </td>\r
        <td>\r
                <select name="to_language">\r
                        <option value="">${lang("all")}</option>\r
-                       <list data.languagelist as language><option value="${language.id}"<if to_language == language.id> selected</if>>${language.name}</option>\r
+                       <list data.languagelist as language><option value="${encodeHTML(language.id)}"<if to_language == language.id> selected</if>>${encodeHTML(language.name)}</option>\r
                        </list> \r
                </select>\r
        </td>\r
@@ -73,28 +73,28 @@
   </list>\r
   \r
   <tr <if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"> </if>>\r
-       <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${entry.title}&nbsp;</font></td>\r
-       <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${parent}</font></td>\r
-       <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${entry.url}</font></td>\r
-       <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${entry.sortpriority}</font></td>\r
-       <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${data.language}</font></td>\r
-       <td><font size="1">&nbsp;<a href="${actionRoot}?module=LinksImcs&do=delete&id=${entry.id}">${lang("delete")}</a>\r
-       | <a href="${actionRoot}?module=LinksImcs&do=edit&id=${entry.id}">${lang("edit")}</a></font>\r
+       <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${encodeHTML(entry.title)}&nbsp;</font></td>\r
+       <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${encodeHTML(parent)}</font></td>\r
+       <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${encodeHTML(entry.url)}</font></td>\r
+       <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${encodeHTML(entry.sortpriority)}</font></td>\r
+       <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${encodeHTML(data.language)}</font></td>\r
+       <td><font size="1">&nbsp;<a href="${encodeHTML(actionRoot)}?module=LinksImcs&do=delete&id=${encodeHTML(entry.id)}">${lang("delete")}</a>\r
+       | <a href="${encodeHTML(actionRoot)}?module=LinksImcs&do=edit&id=${encodeHTML(entry.id)}">${lang("edit")}</a></font>\r
        </td>\r
   </tr>\r
   </list>\r
   <tr>\r
   <td colspan="6" bgcolor="#006600"><font face="Verdana, Arial, Helvetica, sans-serif" size="-1" color="#ffffff">\r
-       ${data.count} ${lang("records")} / ${lang("show_from_to", data.from, data.to)}</font></td>\r
+       ${encodeHTML(data.count)} ${lang("records")} / ${lang("show_from_to", data.from, data.to)}</font></td>\r
   <td>&nbsp;</td>\r
   </tr>\r
 </table>\r
 <P>\r
 <if data.prev>\r
-       <a href="${config.actionRoot}?module=LinksImcs&do=list&order=${data.order}&query_text=${data.query_text_encoded}&query_field=${data.query_field}&to_parent_id=${data.to_parent_id}&to_language=${data.to_language}&prevoffset=${data.prev}&prev=zur&uuml;ck">${lang("list.previous")}</a>&nbsp;\r
+       <a href="${encodeHTML(config.actionRoot)}?module=LinksImcs&do=list&order=${encodeHTML(data.order)}&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&to_parent_id=${encodeHTML(data.to_parent_id)}&to_language=${encodeHTML(data.to_language)}&prevoffset=${encodeHTML(data.prev)}&prev=zur&uuml;ck">${lang("list.previous")}</a>&nbsp;\r
 </if>\r
 <if data.next>\r
-<a href="${config.actionRoot}?module=LinksImcs&do=list&order=${data.order}&query_text=${data.query_text_encoded}&query_field=${data.query_field}&to_parent_id=${data.to_parent_id}&to_language=${data.to_language}&nextoffset=${data.next}&next=weiter">${lang("list.next")}</a>\r
+<a href="${encodeHTML(config.actionRoot)}?module=LinksImcs&do=list&order=${encodeHTML(data.order)}&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&to_parent_id=${encodeHTML(data.to_parent_id)}&to_language=${encodeHTML(data.to_language)}&nextoffset=${encodeHTML(data.next)}&next=weiter">${lang("list.next")}</a>\r
 </if>\r
 \r
 <else>\r
The Mir CMS