projects / mir.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
wrap pretty much all freemarker variables (i.e the data) in encodeHTML(data..). this...
[mir.git] / templates-dist / admin / mediafolderlist.template
diff --git a/templates-dist/admin/mediafolderlist.template b/templates-dist/admin/mediafolderlist.template
index 3a8ff38..542c804 100755 (executable)
--- a/templates-dist/admin/mediafolderlist.template
+++ b/templates-dist/admin/mediafolderlist.template
@@ -16,28 +16,28 @@
                 </tr>
          <list data.contentlist as entry>
                  <tr <if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"> </if> >
-                       <td>${entry.date}&nbsp;</td>
-                       <td><b>${entry.name}</b>&nbsp;</td>
-                       <td>${entry.place}&nbsp;</td>
-                       <td>${entry.comment}&nbsp;</td>
-                       <td>${entry.keywords}&nbsp;</td>
-                       <td><font size="1"><a href="${config.actionRoot}?module=Mediafolder&do=delete&id=${entry.id}">${lang("delete")}</a>
-                       | <a href="${config.actionRoot}?module=Mediafolder&do=edit&id=${entry.id}">${lang("edit")}</a>
-                               | <a href="${config.actionRoot}?module=Images&do=list&query_media_folder=${entry.id}">${lang("list")}</a></font></td>
+                       <td>${encodeHTML(entry.date)}&nbsp;</td>
+                       <td><b>${encodeHTML(entry.name)}</b>&nbsp;</td>
+                       <td>${encodeHTML(entry.place)}&nbsp;</td>
+                       <td>${encodeHTML(entry.comment)}&nbsp;</td>
+                       <td>${encodeHTML(entry.keywords)}&nbsp;</td>
+                       <td><font size="1"><a href="${encodeHTML(config.actionRoot)}?module=Mediafolder&do=delete&id=${encodeHTML(entry.id)}">${lang("delete")}</a>
+                       | <a href="${encodeHTML(config.actionRoot)}?module=Mediafolder&do=edit&id=${encodeHTML(entry.id)}">${lang("edit")}</a>
+                               | <a href="${encodeHTML(config.actionRoot)}?module=Images&do=list&query_media_folder=${encodeHTML(entry.id)}">${lang("list")}</a></font></td>
                  </tr>
          </list>
                <tr>
-       <td colspan="5" bgcolor="#006600"><font color="#ffffff">${data.count} ${lang("records")} /
+       <td colspan="5" bgcolor="#006600"><font color="#ffffff">${encodeHTML(data.count)} ${lang("records")} /
         ${lang("show_from_to", data.from, data.to)}</font></td>
        <td>&nbsp;</td>
                </tr>
        </table>
       <P>
        <if data.prev>
-       <a href="${config.actionRoot}?module=Mediafolder&do=list&where=${data.where}&prevoffset=${data.prev}&prev=zur&uuml;ck">${lang("list.previous")}</a>&nbsp;
+       <a href="${encodeHTML(config.actionRoot)}?module=Mediafolder&do=list&where=${encodeHTML(data.where)}&prevoffset=${encodeHTML(data.prev)}&prev=zur&uuml;ck">${lang("list.previous")}</a>&nbsp;
        </if>
        <if data.next>
-       <a href="${config.actionRoot}?module=Mediafolder&do=list&where=${data.where}&nextoffset=${data.next}&next=weiter">${lang("list.next")}</a>
+       <a href="${encodeHTML(config.actionRoot)}?module=Mediafolder&do=list&where=${encodeHTML(data.where)}&nextoffset=${encodeHTML(data.next)}&next=weiter">${lang("list.next")}</a>
        </if>
 <else>
   <P align="center">${lang("no_matches_found")}</p>
The Mir CMS