<table border="0" cellpadding="2" cellspacing="1">
<tr>
- <td colspan="5"><form method="post" action="${config.actionRoot}">
+ <td colspan="5"><form method="post" action="${encodeHTML(config.actionRoot)}">
<input type="hidden" name="module" value="Audio">
<input type="hidden" name="do" value="list">
- <input type="hidden" name="cid" value="${data.cid}">
+ <input type="hidden" name="cid" value="${encodeHTML(data.cid)}">
<table border="0">
<tr bgcolor="Pink">
<td>${lang("medialist.search_text_in")}:</td>
<tr>
<td>
- <input type="text" size="10" maxlength="20" name="query_text" value="${data.query_text}">
+ <input type="text" size="10" maxlength="20" name="query_text" value="${encodeHTML(data.query_text)}">
<select name="query_field">
<option value="title"<if data.query_field=="title"> selected</if>>${lang("media.title")}</option>
<option value="creator"<if data.query_field=="creator"> selected</if>>${lang("media.creator")}</option>
<td>
<select name="query_media_folder">
<list extra.mediafolderPopupData as m>
- <option value="${m.key}" <if m.key == query_media_folder>selected</if>>${m.value}</option>
+ <option value="${encodeHTML(m.key)}" <if m.key == data.query_media_folder>selected</if>>${encodeHTML(m.value)}</option>
</list>
</select>
</td>
<list data.contentlist as entry>
<tr <if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"> </if>>
<td>
- <a href="${config.actionRoot}?module=Audio&do=getMedia&id=${entry.id}">
- <img src="${config.docRoot}/img/${entry.big_icon}" border=0></a></font></td>
- <td>${entry.title}
- <if entry.description><br>${entry.description}</if></td>
- <td>${entry.media_descr} </td>
- <td>${entry.human_readable_size} </td>
+ <a href="${encodeHTML(config.actionRoot)}?module=Audio&do=getMedia&id=${encodeHTML(entry.id)}">
+ <img src="${encodeHTML(config.docRoot)}/img/${encodeHTML(entry.big_icon)}" border=0></a></font></td>
+ <td>${encodeHTML(entry.title)}
+ <if entry.description><br>${encodeHTML(entry.description)}</if></td>
+ <td>${encodeHTML(entry.media_descr)} </td>
+ <td>${encodeHTML(entry.human_readable_size)} </td>
<td>${data.mediafolderHashdata[entry.to_media_folder]["name"]} </td>
- <td>${entry.creator} </td>
+ <td>${encodeHTML(entry.creator)} </td>
<td><font size="1">
- <if data.cid><a href="${config.actionRoot}?module=Content&do=attach&mid=${entry.id}&cid=${data.cid}">${lang("attach")}</a>
+ <if data.cid><a href="${encodeHTML(config.actionRoot)}?module=Content&do=attach&mid=${encodeHTML(entry.id)}&cid=${encodeHTML(data.cid)}">${lang("attach")}</a>
<else>
- <a href="${config.actionRoot}?module=Audio&do=delete&id=${entry.id}">${lang("delete")}</a>
- | <a href="${config.actionRoot}?module=Audio&do=edit&id=${entry.id}">${lang("edit")}</a>
+ <a href="${config.actionRoot}?module=Audio&do=delete&id=${entry.id}&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&query_is_published=${data.query_is_published}&query_media_folder=${data.query_media_folder}&offset=${data.offset}&order=${data.order}">${lang("delete")}</a>
+ | <a href="${encodeHTML(config.actionRoot)}?module=Audio&do=edit&id=${encodeHTML(entry.id)}">${lang("edit")}</a>
</if>
</font></td>
</tr>
</list>
<tr>
- <td colspan="4" bgcolor="#006600"><font color="#ffffff">${data.count} ${lang("records")}
+ <td colspan="4" bgcolor="#006600"><font color="#ffffff">${encodeHTML(data.count)} ${lang("records")}
/ ${lang("show_from_to", data.from, data.to)}</font></td>
<td> </td>
</tr>
<tr><td>
<if data.prev>
- <a href="${config.actionRoot}?module=Audio&do=list&query_text=${data.query_text_encoded}&query_field=${data.query_field}&query_is_published=${data.query_is_published}&query_media_folder=${data.query_media_folder}&offset=${data.prev}&prev=zurück&cid=${data.cid}">zurueck</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Audio&do=list&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&query_is_published=${encodeHTML(data.query_is_published)}&query_media_folder=${encodeHTML(data.query_media_folder)}&offset=${encodeHTML(data.prev)}&prev=zurück&cid=${encodeHTML(data.cid)}">zurueck</a>
</if>
<if data.next>
-<a href="${config.actionRoot}?module=Audio&do=list&query_text=${data.query_text_encoded}&query_field=${data.query_field}&query_is_published=${data.query_is_published}&query_media_folder=${data.query_media_folder}&offset=${data.next}&next=weiter&cid=${data.cid}">weiter</a>
+<a href="${encodeHTML(config.actionRoot)}?module=Audio&do=list&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&query_is_published=${encodeHTML(data.query_is_published)}&query_media_folder=${encodeHTML(data.query_media_folder)}&offset=${encodeHTML(data.next)}&next=weiter&cid=${encodeHTML(data.cid)}">weiter</a>
</if>
</td></tr>
<else>
<table border="0" cellpadding="2" cellspacing="1">
<tr>
- <td colspan="5"><form method="post" action="${config.actionRoot}">
+ <td colspan="5"><form method="post" action="${encodeHTML(config.actionRoot)}">
<input type="hidden" name="module" value="Images">
<input type="hidden" name="do" value="list">
- <input type="hidden" name="cid" value="${data.cid}">
+ <input type="hidden" name="cid" value="${encodeHTML(data.cid)}">
<table border="0">
<tr bgcolor="Pink">
<td>${lang("medialist.search_text_in")}:</td>
<tr>
<td>
- <input type="text" size="10" maxlength="20" name="query_text" value="${data.query_text}">
+ <input type="text" size="10" maxlength="20" name="query_text" value="${encodeHTML(data.query_text)}">
<select name="query_field">
<option value="title"<if data.query_field=="title"> selected</if>>${lang("media.title")}</option>
<option value="creator"<if data.query_field=="creator"> selected</if>>${lang("media.creator")}</option>
<td>
<select name="query_media_folder">
<list extra.mediafolderPopupData as m>
- <option value="${m.key}" <if m.key == query_media_folder>selected</if>>${m.value}</option>
+ <option value="${encodeHTML(m.key)}" <if m.key == data.query_media_folder>selected</if>>${encodeHTML(m.value)}</option>
</list>
</select>
</td>
<tr <if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"> </if>>
<td>
<if entry.icon_data!="" && entry.icon_data!="0">
- <a href="${config.actionRoot}?module=Images&do=getMedia&id=${entry.id}" target="new">
- <img src="${config.actionRoot}?module=Images&do=getIcon&id=${entry.id}" border=0></a></font></td>
+ <a href="${encodeHTML(config.actionRoot)}?module=Images&do=getMedia&id=${encodeHTML(entry.id)}" target="new">
+ <img src="${encodeHTML(config.actionRoot)}?module=Images&do=getIcon&id=${encodeHTML(entry.id)}" border=0></a></font></td>
</if>
- <td>${entry.title}
- <if entry.description><br>${entry.description}</if></td>
- <td>${entry.media_descr} </td>
- <td>${entry.human_readable_size} </td>
+ <td>${encodeHTML(entry.title)}
+ <if entry.description><br>${encodeHTML(entry.description)}</if></td>
+ <td>${encodeHTML(entry.media_descr)} </td>
+ <td>${encodeHTML(entry.human_readable_size)} </td>
<td>${data.mediafolderHashdata[entry.to_media_folder]["name"]} </td>
- <td>${entry.creator} </td>
+ <td>${encodeHTML(entry.creator)} </td>
<td><font size="1">
- <if data.cid><a href="${config.actionRoot}?module=Content&do=attach&mid=${entry.id}&cid=${data.cid}">${lang("attach")}</a>
+ <if data.cid><a href="${encodeHTML(config.actionRoot)}?module=Content&do=attach&mid=${encodeHTML(entry.id)}&cid=${encodeHTML(data.cid)}">${lang("attach")}</a>
<else>
- <a href="${config.actionRoot}?module=Images&do=delete&id=${entry.id}">${lang("delete")}</a>
- | <a href="${config.actionRoot}?module=Images&do=edit&id=${entry.id}">${lang("edit")}</a>
+ <a href="${config.actionRoot}?module=Images&do=delete&id=${entry.id}&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&query_is_published=${data.query_is_published}&query_media_folder=${data.query_media_folder}&offset=${data.offset}&order=${data.order}">${lang("delete")}</a>
+ | <a href="${encodeHTML(config.actionRoot)}?module=Images&do=edit&id=${encodeHTML(entry.id)}">${lang("edit")}</a>
</if>
</font></td>
</tr>
</list>
<tr>
- <td colspan="4" bgcolor="#006600"><font color="#ffffff">${data.count} ${lang("records")}
+ <td colspan="4" bgcolor="#006600"><font color="#ffffff">${encodeHTML(data.count)} ${lang("records")}
/ ${lang("show_from_to", data.from, data.to)}</font></td>
<td> </td>
</tr>
<tr><td>
<if data.prev>
- <a href="${config.actionRoot}?module=Images&do=list&query_text=${data.query_text_encoded}&query_field=${data.query_field}&query_is_published=${data.query_is_published}&query_media_folder=${data.query_media_folder}&offset=${data.prev}&prev=zurück&cid=${data.cid}">zurueck</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Images&do=list&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&query_is_published=${encodeHTML(data.query_is_published)}&query_media_folder=${encodeHTML(data.query_media_folder)}&offset=${encodeHTML(data.prev)}&prev=zurück&cid=${encodeHTML(data.cid)}">zurueck</a>
</if>
<if data.next>
-<a href="${config.actionRoot}?module=Images&do=list&query_text=${data.query_text_encoded}&query_field=${data.query_field}&query_is_published=${data.query_is_published}&query_media_folder=${data.query_media_folder}&offset=${data.next}&next=weiter&cid=${data.cid}">weiter</a>
+<a href="${encodeHTML(config.actionRoot)}?module=Images&do=list&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&query_is_published=${encodeHTML(data.query_is_published)}&query_media_folder=${encodeHTML(data.query_media_folder)}&offset=${encodeHTML(data.next)}&next=weiter&cid=${encodeHTML(data.cid)}">weiter</a>
</if>
</td></tr>
<else>
<table border="0" cellpadding="2" cellspacing="1">
<tr>
- <td colspan="5"><form method="post" action="${config.actionRoot}">
+ <td colspan="5"><form method="post" action="${encodeHTML(config.actionRoot)}">
<input type="hidden" name="module" value="OtherMedia">
<input type="hidden" name="do" value="list">
- <input type="hidden" name="cid" value="${data.cid}">
+ <input type="hidden" name="cid" value="${encodeHTML(data.cid)}">
<table border="0">
<tr bgcolor="Pink">
<td>${lang("medialist.search_text_in")}:</td>
<tr>
<td>
- <input type="text" size="10" maxlength="20" name="query_text" value="${data.query_text}">
+ <input type="text" size="10" maxlength="20" name="query_text" value="${encodeHTML(data.query_text)}">
<select name="query_field">
<option value="title"<if data.query_field=="title"> selected</if>>${lang("media.title")}</option>
<option value="creator"<if data.query_field=="creator"> selected</if>>${lang("media.creator")}</option>
<td>
<select name="query_media_folder">
<list extra.mediafolderPopupData as m>
- <option value="${m.key}" <if m.key == query_media_folder>selected</if>>${m.value}</option>
+ <option value="${encodeHTML(m.key)}" <if m.key == data.query_media_folder>selected</if>>${encodeHTML(m.value)}</option>
</list>
</select>
</td>
<list data.contentlist as entry>
<tr <if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"> </if>>
<td>
- <a href="${config.actionRoot}?module=OtherMedia&do=getMedia&id=${entry.id}">
- <img src="${config.docRoot}/img/${entry.big_icon}" border=0></a></font></td>
- <td>${entry.title}
- <if entry.description><br>${entry.description}</if></td>
- <td>${entry.media_descr} </td>
- <td>${entry.human_readable_size} </td>
+ <a href="${encodeHTML(config.actionRoot)}?module=OtherMedia&do=getMedia&id=${encodeHTML(entry.id)}">
+ <img src="${encodeHTML(config.docRoot)}/img/${encodeHTML(entry.big_icon)}" border=0></a></font></td>
+ <td>${encodeHTML(entry.title)}
+ <if entry.description><br>${encodeHTML(entry.description)}</if></td>
+ <td>${encodeHTML(entry.media_descr)} </td>
+ <td>${encodeHTML(entry.human_readable_size)} </td>
<td>${data.mediafolderHashdata[entry.to_media_folder]["name"]} </td>
- <td>${entry.creator} </td>
+ <td>${encodeHTML(entry.creator)} </td>
<td><font size="1">
- <if data.cid><a href="${config.actionRoot}?module=Content&do=attach&mid=${entry.id}&cid=${data.cid}">${lang("attach")}</a>
+ <if data.cid><a href="${encodeHTML(config.actionRoot)}?module=Content&do=attach&mid=${encodeHTML(entry.id)}&cid=${encodeHTML(data.cid)}">${lang("attach")}</a>
<else>
- <a href="${config.actionRoot}?module=OtherMedia&do=delete&id=${entry.id}">${lang("delete")}</a>
- | <a href="${config.actionRoot}?module=OtherMedia&do=edit&id=${entry.id}">${lang("edit")}</a>
+ <a href="${config.actionRoot}?module=OtherMedia&do=delete&id=${entry.id}&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&query_is_published=${data.query_is_published}&query_media_folder=${data.query_media_folder}&offset=${data.offset}&order=${data.order}">${lang("delete")}</a>
+ | <a href="${encodeHTML(config.actionRoot)}?module=OtherMedia&do=edit&id=${encodeHTML(entry.id)}">${lang("edit")}</a>
</if>
</font></td>
</tr>
</list>
<tr>
- <td colspan="4" bgcolor="#006600"><font color="#ffffff">${data.count} ${lang("records")}
+ <td colspan="4" bgcolor="#006600"><font color="#ffffff">${encodeHTML(data.count)} ${lang("records")}
/ ${lang("show_from_to", data.from, data.to)}</font></td>
<td> </td>
</tr>
<tr><td>
<if data.prev>
- <a href="${config.actionRoot}?module=OtherMedia&do=list&query_text=${data.query_text_encoded}&query_field=${data.query_field}&query_is_published=${data.query_is_published}&query_media_folder=${data.query_media_folder}&offset=${data.prev}&prev=zurück&cid=${data.cid}">zurueck</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=OtherMedia&do=list&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&query_is_published=${encodeHTML(data.query_is_published)}&query_media_folder=${encodeHTML(data.query_media_folder)}&offset=${encodeHTML(data.prev)}&prev=zurück&cid=${encodeHTML(data.cid)}">zurueck</a>
</if>
<if data.next>
-<a href="${config.actionRoot}?module=OtherMedia&do=list&query_text=${data.query_text_encoded}&query_field=${data.query_field}&query_is_published=${data.query_is_published}&query_media_folder=${data.query_media_folder}&offset=${data.next}&next=weiter&cid=${data.cid}">weiter</a>
+<a href="${encodeHTML(config.actionRoot)}?module=OtherMedia&do=list&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&query_is_published=${encodeHTML(data.query_is_published)}&query_media_folder=${encodeHTML(data.query_media_folder)}&offset=${encodeHTML(data.next)}&next=weiter&cid=${encodeHTML(data.cid)}">weiter</a>
</if>
</td></tr>
<else>
<table border="0" cellpadding="2" cellspacing="1">
<tr>
- <td colspan="5"><form method="post" action="${config.actionRoot}">
+ <td colspan="5"><form method="post" action="${encodeHTML(config.actionRoot)}">
<input type="hidden" name="module" value="Video">
<input type="hidden" name="do" value="list">
- <input type="hidden" name="cid" value="${data.cid}">
+ <input type="hidden" name="cid" value="${encodeHTML(data.cid)}">
<table border="0">
<tr bgcolor="Pink">
<td>${lang("medialist.search_text_in")}:</td>
<tr>
<td>
- <input type="text" size="10" maxlength="20" name="query_text" value="${data.query_text}">
+ <input type="text" size="10" maxlength="20" name="query_text" value="${encodeHTML(data.query_text)}">
<select name="query_field">
<option value="title"<if data.query_field=="title"> selected</if>>${lang("media.title")}</option>
<option value="creator"<if data.query_field=="creator"> selected</if>>${lang("media.creator")}</option>
<td>
<select name="query_media_folder">
<list extra.mediafolderPopupData as m>
- <option value="${m.key}" <if m.key == query_media_folder>selected</if>>${m.value}</option>
+ <option value="${encodeHTML(m.key)}" <if m.key == data.query_media_folder>selected</if>>${encodeHTML(m.value)}</option>
</list>
</select>
</td>
<list data.contentlist as entry>
<tr <if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"> </if>>
<td>
- <a href="${config.actionRoot}?module=Video&do=getMedia&id=${entry.id}">
- <img src="${config.docRoot}/img/${entry.big_icon}" border=0></a></font></td>
- <td>${entry.title}
- <if entry.description><br>${entry.description}</if></td>
- <td>${entry.media_descr} </td>
- <td>${entry.human_readable_size} </td>
+ <a href="${encodeHTML(config.actionRoot)}?module=Video&do=getMedia&id=${encodeHTML(entry.id)}">
+ <img src="${encodeHTML(config.docRoot)}/img/${encodeHTML(entry.big_icon)}" border=0></a></font></td>
+ <td>${encodeHTML(entry.title)}
+ <if entry.description><br>${encodeHTML(entry.description)}</if></td>
+ <td>${encodeHTML(entry.media_descr)} </td>
+ <td>${encodeHTML(entry.human_readable_size)} </td>
<td>${data.mediafolderHashdata[entry.to_media_folder]["name"]} </td>
- <td>${entry.creator} </td>
+ <td>${encodeHTML(entry.creator)} </td>
<td><font size="1">
- <if data.cid><a href="${config.actionRoot}?module=Content&do=attach&mid=${entry.id}&cid=${data.cid}">${lang("attach")}</a>
+ <if data.cid><a href="${encodeHTML(config.actionRoot)}?module=Content&do=attach&mid=${encodeHTML(entry.id)}&cid=${encodeHTML(data.cid)}">${lang("attach")}</a>
<else>
- <a href="${config.actionRoot}?module=Video&do=delete&id=${entry.id}">${lang("delete")}</a>
- | <a href="${config.actionRoot}?module=Video&do=edit&id=${entry.id}">${lang("edit")}</a>
+ <a href="${config.actionRoot}?module=Video&do=delete&id=${entry.id}&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&query_is_published=${data.query_is_published}&query_media_folder=${data.query_media_folder}&offset=${data.offset}&order=${data.order}">${lang("delete")}</a>
+ | <a href="${encodeHTML(config.actionRoot)}?module=Video&do=edit&id=${encodeHTML(entry.id)}">${lang("edit")}</a>
</if>
</font></td>
</tr>
</list>
<tr>
- <td colspan="4" bgcolor="#006600"><font color="#ffffff">${data.count} ${lang("records")}
+ <td colspan="4" bgcolor="#006600"><font color="#ffffff">${encodeHTML(data.count)} ${lang("records")}
/ ${lang("show_from_to", data.from, data.to)}</font></td>
<td> </td>
</tr>
<tr><td>
<if data.prev>
- <a href="${config.actionRoot}?module=Video&do=list&query_text=${data.query_text_encoded}&query_field=${data.query_field}&query_is_published=${data.query_is_published}&query_media_folder=${data.query_media_folder}&offset=${data.prev}&prev=zurück&cid=${data.cid}">zurueck</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Video&do=list&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&query_is_published=${encodeHTML(data.query_is_published)}&query_media_folder=${encodeHTML(data.query_media_folder)}&offset=${encodeHTML(data.prev)}&prev=zurück&cid=${encodeHTML(data.cid)}">zurueck</a>
</if>
<if data.next>
-<a href="${config.actionRoot}?module=Video&do=list&query_text=${data.query_text_encoded}&query_field=${data.query_field}&query_is_published=${data.query_is_published}&query_media_folder=${data.query_media_folder}&offset=${data.next}&next=weiter&cid=${data.cid}">weiter</a>
+<a href="${encodeHTML(config.actionRoot)}?module=Video&do=list&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&query_is_published=${encodeHTML(data.query_is_published)}&query_media_folder=${encodeHTML(data.query_media_folder)}&offset=${encodeHTML(data.next)}&next=weiter&cid=${encodeHTML(data.cid)}">weiter</a>
</if>
</td></tr>
<else>
projects / mir.git / commitdiff