projects / mir.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
wrap pretty much all freemarker variables (i.e the data) in encodeHTML(data..). this...
[mir.git] / templates-dist / admin / topic.template
diff --git a/templates-dist/admin/topic.template b/templates-dist/admin/topic.template
index 9ed1cd7..6d52a49 100755 (executable)
--- a/templates-dist/admin/topic.template
+++ b/templates-dist/admin/topic.template
@@ -7,9 +7,9 @@ ${lang("topic.htmltitle")}
 
 <body bgcolor="#FFFFFF">
 <include "admin/head.template">
-<form action="${config.actionRoot}" method="post">
+<form action="${encodeHTML(config.actionRoot)}" method="post">
        <input type=hidden name=module value=Topics>
-       <input type="hidden" name="id" value="${data.id}">
+       <input type="hidden" name="id" value="${encodeHTML(data.id)}">
        <if data.new><input type="hidden" name="do" value="insert">
        <else><input type="hidden" name="do" value="update"></if>
 <table border="0">
@@ -17,32 +17,32 @@ ${lang("topic.htmltitle")}
     <td align="right" bgcolor="#006600"><font face="Verdana, Arial, Helvetica, sans-serif" size="-1" color="#ffffff">
                <B>${lang("topic.title")}:</B></font></td>
     <td>
-      <input type="text" size="40" name="title" value="${data.title}">
+      <input type="text" size="40" name="title" value="${encodeHTML(data.title)}">
     </td>
   </tr>
     <tr>
       <td align="right" valign="top" bgcolor="#006600"><font color="#ffffff"><B>${lang("topic.description")}:</B></font></td>
       <td>
-        <textarea cols="40" rows="3" name="description">${data.description}</textarea>
+        <textarea cols="40" rows="3" name="description">${encodeHTML(data.description)}</textarea>
       </td>
   </tr>
   <tr>
     <td align="right" bgcolor="#006600"><font color="#ffffff"><B>${lang("topic.filename")}:</B></font></td>
     <td>
-      <input type="text" size="20" name="filename" value="${data.filename}">
+      <input type="text" size="20" name="filename" value="${encodeHTML(data.filename)}">
     </td>
   </tr>
   <tr>
     <td align="right" bgcolor="#006600"><font color="#ffffff"><B>${lang("topic.main_url")}
       </B></font></td>
     <td>
-      <input type="text" size="40" name="main_url" value="${data.main_url}">
+      <input type="text" size="40" name="main_url" value="${encodeHTML(data.main_url)}">
     </td>
   </tr>
   <tr>
     <td align="right" bgcolor="#006600"><font color="#ffffff"><B>${lang("topic.archive_url")}:</B></font></td>
     <td>
-      <input type="text" size="40" name="archiv_url" value="${data.archiv_url}">
+      <input type="text" size="40" name="archiv_url" value="${encodeHTML(data.archiv_url)}">
     </td>
   </tr>
   <tr>
The Mir CMS