projects / mir.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
wrap pretty much all freemarker variables (i.e the data) in encodeHTML(data..). this...
[mir.git] / templates-dist / admin / topiclist.template
diff --git a/templates-dist/admin/topiclist.template b/templates-dist/admin/topiclist.template
index 0344195..9167864 100755 (executable)
--- a/templates-dist/admin/topiclist.template
+++ b/templates-dist/admin/topiclist.template
@@ -17,34 +17,34 @@
   </tr>
   <list data.contentlist as entry>
   <tr <if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"> </if>>
-  <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${entry.title}&nbsp;</font></td>
-  <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${entry.description}&nbsp;</font></td>
+  <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${encodeHTML(entry.title)}&nbsp;</font></td>
+  <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${encodeHTML(entry.description)}&nbsp;</font></td>
   <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">
-       ${entry.main_url}<br>
-       ${entry.archiv_url}</font></td>
-  <td><font size="1">&nbsp;<a href="${config.actionRoot}?module=Topics&do=delete&id=${entry.id}">${lang("delete")}</a>
-    | <a href="${config.actionRoot}?module=Topics&do=edit&id=${entry.id}">${lang("edit")}</a></font></td>
+       ${encodeHTML(entry.main_url)}<br>
+       ${encodeHTML(entry.archiv_url)}</font></td>
+  <td><font size="1">&nbsp;<a href="${encodeHTML(config.actionRoot)}?module=Topics&do=delete&id=${encodeHTML(entry.id)}">${lang("delete")}</a>
+    | <a href="${encodeHTML(config.actionRoot)}?module=Topics&do=edit&id=${encodeHTML(entry.id)}">${lang("edit")}</a></font></td>
   </tr>
   </list>
   <tr>
   <td colspan="4" bgcolor="#006600"><font face="Verdana, Arial, Helvetica, sans-serif" size="-1" color="#ffffff">
-       ${data.count} ${lang("records")} / ${lang("show_from_to", data.from, data.to)}</font></td>
+       ${encodeHTML(data.count)} ${lang("records")} / ${lang("show_from_to", data.from, data.to)}</font></td>
   <td>&nbsp;</td>
   </tr>
 </table>
 <P>
 <if (data.prev || data.next)>
- <form method="post" action="${config.actionRoot}">
+ <form method="post" action="${encodeHTML(config.actionRoot)}">
  <input type="hidden" name="module" value="Topics">
- <input type="hidden" name="where" value="${data.where}">
+ <input type="hidden" name="where" value="${encodeHTML(data.where)}">
 <if data.prev>
  <input type="hidden" name="do" value="list">
- <input type="hidden" name="prevoffset" value="${data.prev}">
+ <input type="hidden" name="prevoffset" value="${encodeHTML(data.prev)}">
  <input type="submit" name="prev" value="${lang("list.previous")}">
 </if>
 <if data.next>
  <input type="hidden" name="do" value="list">
- <input type="hidden" name="nextoffset" value="${data.next}">
+ <input type="hidden" name="nextoffset" value="${encodeHTML(data.next)}">
  <input type="submit" name="next" value="${lang("list.next")}">
 </if>
  </form>
The Mir CMS