<html>
<head>
<title>${lang("commentlist.htmltitle")}</title>
- <link rel="stylesheet" type="text/css" href="${config.docRoot}/admin.css">
+ <link rel="stylesheet" type="text/css" href="${encodeHTML(config.docRoot)}/admin.css">
</head>
<table border="0" cellpadding="2" cellspacing="1">
<tr>
<td colspan="5">
- <form method="post" action="${config.actionRoot}">
+ <form method="post" action="${encodeHTML(config.actionRoot)}">
<input type="hidden" name="module" value="Comment">
<input type="hidden" name="do" value="list">
- <input type="hidden" name="offset" value="${data.offset}">
- <input type="text" size="10" maxlength="20" name="query_text" value="${data.query_text}">
+ <input type="text" size="10" maxlength="20" name="query_text" value="${encodeHTML(data.query_text)}">
<select name="query_field">
<option value="title"<if data.query_field=="title"> selected</if>>${lang("comment.title")}</option>
<option value="creator"<if data.query_field=="creator"> selected</if>>${lang("comment.creator")}</option>
<list data.contentlist as entry>
<tr <if grey=="1"><assign grey="0">class="list1"<else><assign grey="1">class="list2"</if>>
- <td>${entry.webdb_create_short}<br>
+ <td>${encodeHTML(entry.webdb_create_short)}<br>
<if entry.is_published=="0"><font color="Brown">V</font><else>-</if>
</td>
<td>
- <if entry.title><b>${entry.title}</b><br></if>
- <if entry.creator>Von: ${entry.creator}<br></if>
- <font size="-1">${entry.description}</font>
- <if entry.main_url><br>URL: ${entry.main_url}</if>
- <br><a href="${config.actionRoot}?module=Comment&do=edit&order=${data.order}&offset=${data.offset}&id=${entry.id}">${lang("edit")}</a>
+ <if entry.title><b>${encodeHTML(entry.title)}</b><br></if>
+ <if entry.creator>Von: ${encodeHTML(entry.creator)}<br></if>
+ <font size="-1">${encodeHTML(entry.description)}</font>
+ <if entry.main_url><br>URL: ${encodeHTML(entry.main_url)}</if>
+ <br><a href="${encodeHTML(config.actionRoot)}?module=Comment&do=edit&order=${encodeHTML(data.order)}&offset=${encodeHTML(data.offset)}&id=${encodeHTML(entry.id)}">${lang("edit")}</a>
</td>
<td>
${data.articleHash[entry.to_media]["title"]}<br>
- <a href="${config.actionRoot}?module=Content&do=edit&id=${data.articleHash[entry.to_media]["id"]}">
+ <a href="${encodeHTML(config.actionRoot)}?module=Content&do=edit&id=${data.articleHash[entry.to_media]["id"]}">
edit</a> |
- <a href="${config.productionHost}${config.producerDocRoot}${data.articleHash[entry.to_media]["publish_path"]}${data.articleHash[entry.to_media]["id"]}.shtml">
+ <a href="${encodeHTML(config.productionHost)}${encodeHTML(config.producerDocRoot)}${data.articleHash[entry.to_media]["publish_path"]}${data.articleHash[entry.to_media]["id"]}.shtml">
view</a>
</td>
- <td><font size="1"> <a href="${config.actionRoot}?module=Comment&do=delete&id=${entry.id}">${lang("delete")}</a>
+ <td><font size="1"> <a href="${config.actionRoot}?module=Comment&do=delete&id=${entry.id}&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&query_is_published=${data.query_is_published}&query_media_folder=${data.query_media_folder}&offset=${data.offset}&order=${data.order}">${lang("delete")}</a>
</font></td>
</tr>
</list>
<tr>
- <td colspan="3" bgcolor="#006600"><font color="#ffffff">${data.count} ${lang("records")}
+ <td colspan="3" bgcolor="#006600"><font color="#ffffff">${encodeHTML(data.count)} ${lang("records")}
/ ${lang("show_from_to", data.from, data.to)}</font></td>
<td> </td>
</tr>
<tr><td>
<if data.prev>
-<a href="${config.actionRoot}?module=Comment&do=list&order=${data.order}&query_text=${data.query_text_encoded}&query_field=${data.query_field}&query_is_published=${data.query_is_published}&query_media_folder=${data.query_media_folder}&offset=${data.prev}&prev=zurück">zurueck</a>
+<a href="${encodeHTML(config.actionRoot)}?module=Comment&do=list&order=${encodeHTML(data.order)}&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&query_is_published=${encodeHTML(data.query_is_published)}&query_media_folder=${encodeHTML(data.query_media_folder)}&offset=${encodeHTML(data.prev)}&prev=zurück">zurueck</a>
</if>
<if data.next>
-<a href="${config.actionRoot}?module=Comment&do=list&order=${data.order}&query_text=${data.query_text_encoded}&query_field=${data.query_field}&query_is_published=${data.query_is_published}&query_media_folder=${data.query_media_folder}&offset=${data.next}&next=weiter">weiter</a>
+<a href="${encodeHTML(config.actionRoot)}?module=Comment&do=list&order=${encodeHTML(data.order)}&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&query_is_published=${encodeHTML(data.query_is_published)}&query_media_folder=${encodeHTML(data.query_media_folder)}&offset=${encodeHTML(data.next)}&next=weiter">weiter</a>
</if>
</td></tr>
<else>
projects / mir.git / commitdiff