</head>
<SCRIPT LANGUAGE="JavaScript">
function openWin(url) {
- window.open(url,"vc","scrollbars=0,height=${data.img_height},width=${data.img_width}");
+ window.open(url,"vc","scrollbars=0,height=${encodeHTML(data.img_height)},width=${encodeHTML(data.img_width)}");
}
</SCRIPT>
<body bgcolor="#FFFFFF">
<include "admin/head.template">
<if data.new>
-<form action="${config.actionRoot}?module=Audio&do=add" method="post">
+<form action="${encodeHTML(config.actionRoot)}?module=Audio&do=add" method="post">
<table border="0">
<tr>
<td align="right" bgcolor="#006600">
</font>
</td>
<td>
- <input type="text" size="3" name="medianum" value="${medianum}"> <input type="submit" value="${lang("open.posting.nr_of_media.submit")}">
+ <input type="text" size="3" name="medianum" value="${encodeHTML(medianum)}"> <input type="submit" value="${lang("open.posting.nr_of_media.submit")}">
</td>
</tr>
</table>
</form>
</if>
-<form enctype="multipart/form-data" method="post" action="${config.actionRoot}?module=Audio&do=<if data.new>insert<else>update</if>&id=${data.id}">
- <input type="hidden" name="where" value="${data.where}">
- <input type="hidden" name="offset" value="${data.offset}">
- <input type="hidden" name="order" value="${data.order}">
- <input type="hidden" name="id" value="${data.id}">
+<form enctype="multipart/form-data" method="post" action="${encodeHTML(config.actionRoot)}?module=Audio&do=<if data.new>insert<else>update</if>&id=${encodeHTML(data.id)}">
+ <input type="hidden" name="where" value="${encodeHTML(data.where)}">
+ <input type="hidden" name="offset" value="${encodeHTML(data.offset)}">
+ <input type="hidden" name="order" value="${encodeHTML(data.order)}">
+ <input type="hidden" name="id" value="${encodeHTML(data.id)}">
<table border="0">
<if !data.new>
<tr>
<td align="right" bgcolor="#006600">
<font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
- <a href="${config.actionRoot}?module=Audio&do=getMedia&id=${data.id}">
- <img src="${config.docRoot}/img/${data.big_icon}" border=0></a></font></td>
+ <a href="${encodeHTML(config.actionRoot)}?module=Audio&do=getMedia&id=${encodeHTML(data.id)}">
+ <img src="${encodeHTML(config.docRoot)}/img/${encodeHTML(data.big_icon)}" border=0></a></font></td>
<td valign="bottom"><font color="Silver" face="Verdana, Arial, Helvetica, sans-serif" size=1>
- ${lang("media.created")}: ${data.webdb_create}
- <if data.webdb_lastchange>/ ${lang("media.changed")} ${data.webdb_lastchange}</if><br>
- <if data.is_published=="1">${lang("media.published")}: ${data.publish_date} / ${data.publish_server}${data.publish_path}<br></if>
- ${lang("media.format")}: ${data.mimetype} / ${data.media_descr} / ${data.human_readable_size}<br>
+ ${lang("media.created")}: ${encodeHTML(data.webdb_create)}
+ <if data.webdb_lastchange>/ ${lang("media.changed")} ${encodeHTML(data.webdb_lastchange)}</if><br>
+ <if data.is_published=="1">${lang("media.published")}: ${encodeHTML(data.publish_date)} / ${encodeHTML(data.publish_server)}${encodeHTML(data.publish_path)}<br></if>
+ ${lang("media.format")}: ${encodeHTML(data.mimetype)} / ${encodeHTML(data.media_descr)} / ${encodeHTML(data.human_readable_size)}<br>
${lang("media.rights")}: <b>${data.rightsHashdata[to_rights]["name"]}</b><br>
</td>
</tr>
<td>
<select name="to_media_folder">
<list extra.mediafolderPopupData as m>
- <option value="${m.key}" <if m.key == data.to_media_folder>selected</if>>${m.value}</option>
+ <option value="${encodeHTML(m.key)}" <if m.key == data.to_media_folder>selected</if>>${encodeHTML(m.value)}</option>
</list>
</select>
</td>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.description")}:</B></font></td>
- <td><input type="text" size="40" maxlength="255" name="description" value="${data.description}"></td>
+ <td><input type="text" size="40" maxlength="255" name="description" value="${encodeHTML(data.description)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.date")}:</B></font></td>
- <td><input type="text" size="8" maxlength="8" name="date" value="${data.date}">
- <input type="text" size="20" maxlength="40" name="year" value="${data.year}"></td>
+ <td><input type="text" size="8" maxlength="8" name="date" value="${encodeHTML(data.date)}">
+ <input type="text" size="20" maxlength="40" name="year" value="${encodeHTML(data.year)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.location")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="place" value="${data.place}"></td>
+ <td><input type="text" size="40" maxlength="80" name="place" value="${encodeHTML(data.place)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.creator")}:</B></font></td>
<td>
- <input type="text" size="40" maxlength="80" name="creator" value="${data.creator}">
+ <input type="text" size="40" maxlength="80" name="creator" value="${encodeHTML(data.creator)}">
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.keywords")}:</B></font></td>
- <td><textarea cols="40" rows="2" name="keywords">${data.keywords}</textarea></td>
+ <td><textarea cols="40" rows="2" name="keywords">${encodeHTML(data.keywords)}</textarea></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.comment")}:</B></font></td>
- <td><textarea cols="40" rows="2" name="comment">${data.comment}</textarea></td>
+ <td><textarea cols="40" rows="2" name="comment">${encodeHTML(data.comment)}</textarea></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.source")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="source" value="${data.source}"></td>
+ <td><input type="text" size="40" maxlength="80" name="source" value="${encodeHTML(data.source)}"></td>
</tr>
<tr>
<td colspan="2" align="right"> <font color="black">
<B>${lang("media.title")}:<B>
</font> </td>
<td>
- <input type="text" name="media_title${m}" size="40" maxlength="80" value="">
+ <input type="text" name="media_title${encodeHTML(m)}" size="40" maxlength="80" value="">
</td>
</tr>
<tr>
<td bgcolor="#006600"></td>
<td>
- <INPUT TYPE="file" NAME="mpfile${m}"><br>
+ <INPUT TYPE="file" NAME="mpfile${encodeHTML(m)}"><br>
</td>
</tr>
</list>
<B>${lang("media.title")}:<B>
</font> </td>
<td>
- <input type="text" name="title" size="40" maxlength="80" value="${data.title}">
+ <input type="text" name="title" size="40" maxlength="80" value="${encodeHTML(data.title)}">
</td>
</tr>
</if>
<body bgcolor="#FFFFFF">
<include "admin/head.template">
-<form action="${config.actionRoot}" method="post">
+<form action="${encodeHTML(config.actionRoot)}" method="post">
<input type="hidden" name="module" value="Breaking">
- <input type="hidden" name="id" value="${data.id}">
+ <input type="hidden" name="id" value="${encodeHTML(data.id)}">
<if data.new><input type="hidden" name="do" value="insert">
<else><input type="hidden" name="do" value="update"></if>
<table border="0">
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("breaking.date")}:</B></font></td>
<td>
- ${data.webdb_create_formatted}
+ ${encodeHTML(data.webdb_create_formatted)}
</td>
</tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("breaking.text")}:</B> ${lang("breaking.textinfo")}</font></td>
<td>
- <textarea cols="50" rows="3" name="text" wrap=virtual>${data.text}</textarea>
+ <textarea cols="50" rows="3" name="text" wrap=virtual>${encodeHTML(data.text)}</textarea>
</td>
</tr>
<tr
<if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"> </if>
>
- <td>${entry.webdb_create_formatted} </td>
- <td>${entry.text} </td>
- <td><font size="1"> <a href="${config.actionRoot}?module=Breaking&do=delete&id=${entry.id}">${lang("delete")}</a>
- | <a href="${config.actionRoot}?module=Breaking&do=edit&id=${entry.id}">${lang("edit")}</a></font></td>
+ <td>${encodeHTML(entry.webdb_create_formatted)} </td>
+ <td>${encodeHTML(entry.text)} </td>
+ <td><font size="1"> <a href="${encodeHTML(config.actionRoot)}?module=Breaking&do=delete&id=${encodeHTML(entry.id)}">${lang("delete")}</a>
+ | <a href="${encodeHTML(config.actionRoot)}?module=Breaking&do=edit&id=${encodeHTML(entry.id)}">${lang("edit")}</a></font></td>
</tr>
</list>
<tr>
- <td colspan="3" bgcolor="#006600"><font color="#ffffff">${data.count} ${lang("records")}
+ <td colspan="3" bgcolor="#006600"><font color="#ffffff">${encodeHTML(data.count)} ${lang("records")}
/ ${lang("show_from_to", data.from, data.to)}</font></td>
<td> </td>
</tr>
<P>
<if data.prev>
- <a href="${config.actionRoot}?module=Breaking&do=list&where=${data.where}&prevoffset=${data.prev}&prev=zurück">${lang("list.previous")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Breaking&do=list&where=${encodeHTML(data.where)}&prevoffset=${encodeHTML(data.prev)}&prev=zurück">${lang("list.previous")}</a>
</if>
<if data.next>
-<a href="${config.actionRoot}?module=Breaking&do=list&where=${data.where}&nextoffset=${data.next}&next=weiter">${lang("list.next")}</a>
+<a href="${encodeHTML(config.actionRoot)}?module=Breaking&do=list&where=${encodeHTML(data.where)}&nextoffset=${encodeHTML(data.next)}&next=weiter">${lang("list.next")}</a>
</if>
<else>
<body bgcolor="#FFFFFF">
<include "admin/head.template">
-<form method="post" action="${config.actionRoot}">
+<form method="post" action="${encodeHTML(config.actionRoot)}">
<input type="hidden" name="module" value="Comment">
- <input type="hidden" name="where" value="${data.where}">
- <input type="hidden" name="offset" value="${data.offset}">
- <input type="hidden" name="order" value="${data.order}">
- <input type="hidden" name="id" value="${data.id}">
- <input type="hidden" name="date" value="${data.date}">
- <input type="hidden" name="to_media" value="${data.to_media}">
+ <input type="hidden" name="where" value="${encodeHTML(data.where)}">
+ <input type="hidden" name="offset" value="${encodeHTML(data.offset)}">
+ <input type="hidden" name="order" value="${encodeHTML(data.order)}">
+ <input type="hidden" name="id" value="${encodeHTML(data.id)}">
+ <input type="hidden" name="date" value="${encodeHTML(data.date)}">
+ <input type="hidden" name="to_media" value="${encodeHTML(data.to_media)}">
<if new> <input type="hidden" name="do" value="insert">
<else> <input type="hidden" name="do" value="update">
</if>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.date")}:</B></font></td>
- <td>${data.date}</td>
+ <td>${encodeHTML(data.date)}</td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.title")}:</B></font></td>
- <td><input type="text" size="40" maxlength="255" name="title" value="${data.title}"></td>
+ <td><input type="text" size="40" maxlength="255" name="title" value="${encodeHTML(data.title)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.creator")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="creator" value="${data.creator}"></td>
+ <td><input type="text" size="40" maxlength="80" name="creator" value="${encodeHTML(data.creator)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.url")}:</B></font></td>
- <td><input type="text" size="40" maxlength="255" name="main_url" value="${data.main_url}"></td>
+ <td><input type="text" size="40" maxlength="255" name="main_url" value="${encodeHTML(data.main_url)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.email")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="email" value="${data.email}"></td>
+ <td><input type="text" size="40" maxlength="80" name="email" value="${encodeHTML(data.email)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.phone")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="phone" value="${data.phone}"></td>
+ <td><input type="text" size="40" maxlength="80" name="phone" value="${encodeHTML(data.phone)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.address")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="address" value="${data.address}"></td>
+ <td><input type="text" size="40" maxlength="80" name="address" value="${encodeHTML(data.address)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.text")}:</B></font></td>
- <td><textarea cols="40" rows="10" name="description" wrap="virtual">${data.description}</textarea></td>
+ <td><textarea cols="40" rows="10" name="description" wrap="virtual">${encodeHTML(data.description)}</textarea></td>
</tr>
<td colspan="2" align="right"> <font color="black">
<list data.contentlist as entry>
<tr <if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"></if>>
<td><font face="Verdana, Arial, Helvetica, sans-serif" size="-2">
- ${entry.webdb_create_formatted}<br>
- <if entry.webdb_lastchange>${entry.webdb_lastchange_formatted}<else>-</if><br>
+ ${encodeHTML(entry.webdb_create_formatted)}<br>
+ <if entry.webdb_lastchange>${encodeHTML(entry.webdb_lastchange_formatted)}<else>-</if><br>
<if entry.is_published!="0">F<else>-</if>
<if entry.is_html!="0">H<else>-</if>
</font></td>
<td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1"><b>
- <font size="-2">${articletypeHash[entry.to_article_type]["name"]} -- </font><if entry.place>${entry.place}: </if>${entry.title}</b><br>
- ${entry.creator}
- <a href="${config.actionRoot}?module=Content&do=edit&id=${entry.id}&where=${data.where_encoded}&order=${data.order_encoded}&offset=${data.offset}">${lang("edit")}</a>
- <if entry.to_article_type=="0"> | <a href="${config.actionRoot}?module=Content&do=newswire&id=${entry.id}&where=${data.where_encoded}&order=${data.order_encoded}&offset=${data.offset}">newswire</a></if></font></td>
+ <font size="-2">${articletypeHash[entry.to_article_type]["name"]} -- </font><if entry.place>${encodeHTML(entry.place)}: </if>${encodeHTML(entry.title)}</b><br>
+ ${encodeHTML(entry.creator)}
+ <a href="${encodeHTML(config.actionRoot)}?module=Content&do=edit&id=${encodeHTML(entry.id)}&where=${encodeHTML(data.where_encoded)}&order=${encodeHTML(data.order_encoded)}&offset=${encodeHTML(data.offset)}">${lang("edit")}</a>
+ <if entry.to_article_type=="0"> | <a href="${encodeHTML(config.actionRoot)}?module=Content&do=newswire&id=${encodeHTML(entry.id)}&where=${encodeHTML(data.where_encoded)}&order=${encodeHTML(data.order_encoded)}&offset=${encodeHTML(data.offset)}">newswire</a></if></font></td>
<td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<if entry.thema_id!="0">${themenHashData[entry.thema_id]["name"]}</if> <br>
<if entry.to_feature!="0">${schwerpunktHashData[entry.to_feature]["title"]}</if> </font></td>
<td width="20%" <if grey=="1">bgcolor="Pink"<else>bgcolor="Yellow"</if> valign="top"><font face="Verdana, Arial, Helvetica, sans-serif" size="-2">
- ${entry.comment} </font></td>
+ ${encodeHTML(entry.comment)} </font></td>
<td bgcolor="#888888"><font size="1">
- <a href="${config.actionRoot}?module=Content&do=delete&id=${entry.id}&where=${data.where_encoded}&order=${data.order_encoded}&offset=${data.offset}">${lang("delete")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Content&do=delete&id=${encodeHTML(entry.id)}&where=${encodeHTML(data.where_encoded)}&order=${encodeHTML(data.order_encoded)}&offset=${encodeHTML(data.offset)}">${lang("delete")}</a>
</font></td>
</tr>
</list>
<tr bgcolor="#006600">
- <td colspan="4"><font color="#ffffff">${data.count} ${lang("records")}
+ <td colspan="4"><font color="#ffffff">${encodeHTML(data.count)} ${lang("records")}
/ ${lang("show_from_to", data.from, data.to)}</font></td></tr>
</table>
<P>
<if data.prev || data.next>
- <form method="post" action="${config.actionRoot}">
+ <form method="post" action="${encodeHTML(config.actionRoot)}">
<input type="hidden" name="module" value="Content">
<input type="hidden" name="do" value="listop">
- <input type="hidden" name="where" value="${data.where}">
- <input type="hidden" name="order" value="${data.order}">
+ <input type="hidden" name="where" value="${encodeHTML(data.where)}">
+ <input type="hidden" name="order" value="${encodeHTML(data.order)}">
<if data.prev>
- <input type="hidden" name="prevoffset" value="${data.prev}">
+ <input type="hidden" name="prevoffset" value="${encodeHTML(data.prev)}">
<input type="submit" name="prev" value="${lang("list.previous")}">
</if>
<if data.next>
- <input type="hidden" name="nextoffset" value="${data.next}">
+ <input type="hidden" name="nextoffset" value="${encodeHTML(data.next)}">
<input type="submit" name="next" value="${lang("list.next")}">
</if>
</form>
<include "admin/head.template">
<table border="0">
- <form method="post" action="${config.actionRoot}">
+ <form method="post" action="${encodeHTML(config.actionRoot)}">
<input type="hidden" name="module" value="Schwerpunkt">
- <input type="hidden" name="where" value="${data.where}">
- <input type="hidden" name="offset" value="${data.offset}">
- <input type="hidden" name="order" value="${data.order}">
+ <input type="hidden" name="where" value="${encodeHTML(data.where)}">
+ <input type="hidden" name="offset" value="${encodeHTML(data.offset)}">
+ <input type="hidden" name="order" value="${encodeHTML(data.order)}">
<if data.new>
<input type="hidden" name="do" value="insert">
<else>
<input type="hidden" name="do" value="update">
</if>
- <input type="hidden" name="id" value="${data.id}">
+ <input type="hidden" name="id" value="${encodeHTML(data.id)}">
<tr>
<td align="right" valign="top" bgcolor="#006600"><font color="#ffffff"><B>${lang("feature.title")}:</B></font></td>
<td>
- <input type="text" size="40" name="title" value="${data.title}">
+ <input type="text" size="40" name="title" value="${encodeHTML(data.title)}">
<select name="is_published">
<option value="1"<if data.is_published!="0">selected</if>>${lang("feature.is_published")}</option>
<option value="0" <if data.is_published=="0">selected</if>>${lang("feature.is_not_published")}</option>
<tr>
<td align="right" valign="top" bgcolor="#006600"><font color="#ffffff"><B>${lang("feature.filename")}:</B></font></td>
<td>
- <input type="text" size="20" name="filename" value="${data.filename}">
+ <input type="text" size="20" name="filename" value="${encodeHTML(data.filename)}">
</td>
</tr>
<tr>
<td align="right" valign="top" bgcolor="#006600"><font color="#ffffff"><B>${lang("feature.abstract")}:</B></font></td>
<td>
- <textarea cols="40" rows="3" name="description">${data.description}</textarea>
+ <textarea cols="40" rows="3" name="description">${encodeHTML(data.description)}</textarea>
</td>
</tr>
<tr>
<td align="right" valign="top" bgcolor="#006600"><font color="#ffffff"><B>${lang("feature.link")}:</B></font></td>
<td>
- <input type="text" size="40" name="main_url" value="${data.main_url}">
+ <input type="text" size="40" name="main_url" value="${encodeHTML(data.main_url)}">
</td>
</tr>
<tr>
<if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"> </if>
>
<td align="center"><if entry.is_published!="0">X<else> </if></td>
- <td>${entry.title} </td>
- <td>${entry.filename} </td>
- <td>${entry.main_url} </td>
- <td>${entry.description} </td>
- <td><font size="1"> <a href="${config.actionRoot}?module=Schwerpunkt&do=delete&id=${entry.id}">${lang("delete")}</a>
- | <a href="${config.actionRoot}?module=Schwerpunkt&do=edit&id=${entry.id}">${lang("edit")}</a></font></td>
+ <td>${encodeHTML(entry.title)} </td>
+ <td>${encodeHTML(entry.filename)} </td>
+ <td>${encodeHTML(entry.main_url)} </td>
+ <td>${encodeHTML(entry.description)} </td>
+ <td><font size="1"> <a href="${encodeHTML(config.actionRoot)}?module=Schwerpunkt&do=delete&id=${encodeHTML(entry.id)}">${lang("delete")}</a>
+ | <a href="${encodeHTML(config.actionRoot)}?module=Schwerpunkt&do=edit&id=${encodeHTML(entry.id)}">${lang("edit")}</a></font></td>
</tr>
</list>
<tr>
<td align="center" colspan="5" bgcolor="#006600">
- <div align="left"><font color="#ffffff">${data.count} ${lang("records")} /
+ <div align="left"><font color="#ffffff">${encodeHTML(data.count)} ${lang("records")} /
${lang("show_from_to", data.from, data.to)}</font></div>
</td>
- <td><a href="${config.docRoot}"><font size="1"> ${lang("back")}</font></a></td>
+ <td><a href="${encodeHTML(config.docRoot)}"><font size="1"> ${lang("back")}</font></a></td>
</tr>
</table>
<P>
<if (data.prev || data.next)>
- <form method="post" action="${config.actionRoot}">
+ <form method="post" action="${encodeHTML(config.actionRoot)}">
<input type="hidden" name="module" value="Schwerpunkt">
- <input type="hidden" name="where" value="${data.where}">
+ <input type="hidden" name="where" value="${encodeHTML(data.where)}">
<if data.prev>
- <input type="hidden" name="prevoffset" value="${data.prev}">
+ <input type="hidden" name="prevoffset" value="${encodeHTML(data.prev)}">
<input type="submit" name="prev" value="${lang("list.previous")}">
</if>
<if data.next>
- <input type="hidden" name="nextoffset" value="${data.next}">
+ <input type="hidden" name="nextoffset" value="${encodeHTML(data.next)}">
<input type="submit" name="next" value="${lang("list.next")}">
</if>
</form>
<html>
<head>
<title>${lang("edit")} ${lang("edit")}</title>
- <link rel="stylesheet" type="text/css" href="${config.docRoot}/admin.css">
+ <link rel="stylesheet" type="text/css" href="${encodeHTML(config.docRoot)}/admin.css">
</head>
<include "admin/head.template">
<br>
-<b>${lang("edit")} ${lang("edit")} :</b> ${data.filename}
+<b>${lang("edit")} ${lang("edit")} :</b> ${encodeHTML(data.filename)}
<br>
-<form action="${config.actionRoot}" method="post">
+<form action="${encodeHTML(config.actionRoot)}" method="post">
<input type="hidden" name="module" value="FileEdit">
- <input type="hidden" name="filename" value="${data.filename}">
+ <input type="hidden" name="filename" value="${encodeHTML(data.filename)}">
<input type="hidden" name="do" value="update">
- <textarea cols="66" rows="40" name="text" wrap=virtual>${data.text}</textarea>
+ <textarea cols="66" rows="40" name="text" wrap=virtual>${encodeHTML(data.text)}</textarea>
<br>
<tr
<if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"> </if>
>
- <td>${entry} </td>
- <td><font size="1"><a href="${config.actionRoot}?module=FileEdit&do=edit&filename=${entry}">${lang("edit")}</a></font></td>
+ <td>${encodeHTML(entry)} </td>
+ <td><font size="1"><a href="${encodeHTML(config.actionRoot)}?module=FileEdit&do=edit&filename=${encodeHTML(entry)}">${lang("edit")}</a></font></td>
</tr>
</list>
<td align="left" bgcolor="#663399"><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<a href="#top"><font color="white"><b>${lang("foot.top")}</b></font></a></font></td>
<td align="right"><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">
- <a href="mailto:${lang("imc.contact-email.address")}"><font color="#663399"><b>${lang("imc.shortname")}</b></font></a> - ${config.mirVersion}</font></td>
+ <a href="mailto:${lang("imc.contact-email.address")}"><font color="#663399"><b>${lang("imc.shortname")}</b></font></a> - ${encodeHTML(config.mirVersion)}</font></td>
</tr>
</table>
<a name="top">
<table width="100%" cellspacing="0" cellpadding="0">
-<tr bgcolor="#006600"><td><img src="${config.docRoot}/img/head_small.gif" border="0" align="middle"> <font face="Verdana, Arial, Helvetica, sans-serif" size="-1" color="white">
+<tr bgcolor="#006600"><td><img src="${encodeHTML(config.docRoot)}/img/head_small.gif" border="0" align="middle"> <font face="Verdana, Arial, Helvetica, sans-serif" size="-1" color="white">
<b>${lang("imc.name")}</b></font></td></tr>
<tr><td align="right"><font face="Verdana, Arial, Helvetica, sans-serif" size="-1" color="#663399">
- <a href="${config.actionRoot}"><font color="#663399">${lang("head.start")}</font></a> |
- <a href="${config.actionRoot}?module=logout"><font color="#663399">${lang("head.logout")}</font></a> |
- <a href="${config.docRoot}/help/help.html"><font color="#663399">${lang("head.help")}</font></a> | ${lang("head.search")}</font></td></tr>
+ <a href="${encodeHTML(config.actionRoot)}"><font color="#663399">${lang("head.start")}</font></a> |
+ <a href="${encodeHTML(config.actionRoot)}?module=logout"><font color="#663399">${lang("head.logout")}</font></a> |
+ <a href="${encodeHTML(config.docRoot)}/help/help.html"><font color="#663399">${lang("head.help")}</font></a> | ${lang("head.search")}</font></td></tr>
<tr><td><hr></td></tr>
</table>
<a name="top">
<table width="100%" cellspacing="0" cellpadding="0">
-<tr bgcolor="#006600"><td><img src="${config.docRoot}/img/head_small.gif" border="0" align="middle"> <font face="Verdana, Arial, Helvetica, sans-serif" size="-1" color="white">
+<tr bgcolor="#006600"><td><img src="${encodeHTML(config.docRoot)}/img/head_small.gif" border="0" align="middle"> <font face="Verdana, Arial, Helvetica, sans-serif" size="-1" color="white">
<b>${lang("imc.name")}</b></font></td></tr>
<if login_user><tr><td align="right"><font face="Verdana, Arial, Helvetica, sans-serif" size="-1" color="#006600">
- <b>${login_user.login}</b> ${lang("head.logged_in")} /
- <a href="${actionRoot}?module=logout">${lang("head.logout")}</a></font>
+ <b>${encodeHTML(login_user.login)}</b> ${lang("head.logged_in")} /
+ <a href="${encodeHTML(actionRoot)}?module=logout">${lang("head.logout")}</a></font>
</td></tr>
</if>
<tr><td><hr></td></tr>
<html>
<head>
<title>${lang("start.content.hidden")}</title>
- <link rel="stylesheet" type="text/css" href="${config.docRoot}/admin.css">
+ <link rel="stylesheet" type="text/css" href="${encodeHTML(config.docRoot)}/admin.css">
</head>
<td>
-<form method="post" action="${config.actionRoot}">
+<form method="post" action="${encodeHTML(config.actionRoot)}">
<input type="hidden" name="module" value="Hidden">
<input type="hidden" name="do" value="list">
<table cellpadding="6" bgcolor="#dddddd" width="98%">
<tr>
<td>
- <p>${lang("start.content.hidden")} | ${lang("month")}: ${data.month} , ${lang("year")}:${data.year}</p>
+ <p>${lang("start.content.hidden")} | ${lang("month")}: ${encodeHTML(data.month)} , ${lang("year")}:${encodeHTML(data.year)}</p>
</td>
</tr>
</table>
<list data.contentlist as i>
<p>
-${lang("content.title")}: <b>${i.title}</b><br>
-${lang("content.creator")}: ${i.creator}<br>
-${lang("message.date")}: ${i.webdb_create_formatted}<br>
+${lang("content.title")}: <b>${encodeHTML(i.title)}</b><br>
+${lang("content.creator")}: ${encodeHTML(i.creator)}<br>
+${lang("message.date")}: ${encodeHTML(i.webdb_create_formatted)}<br>
<br>
<if i.to_media_audio >additional media, type: audio<br></if>
<if i.to_media_video >additional media, type: video<br></if>
<p>
${lang("content.abstract")}:<br>
-${i.description_parsed}</p>
+${encodeHTML(i.description_parsed)}</p>
<p>
${lang("content.content")}:<br>
-${i.content_data_parsed}
+${encodeHTML(i.content_data_parsed)}
</p>
<p> </p>
<hr size="4" width="98%" noshade>
</head>
<SCRIPT LANGUAGE="JavaScript">
function openWin(url) {
- window.open(url,"vc","scrollbars=0,height=${data.img_height},width=${data.img_width}");
+ window.open(url,"vc","scrollbars=0,height=${encodeHTML(data.img_height)},width=${encodeHTML(data.img_width)}");
}
</SCRIPT>
<body bgcolor="#FFFFFF">
<if data.new>
-<form action="${config.actionRoot}?module=Images&do=add" method="post">
+<form action="${encodeHTML(config.actionRoot)}?module=Images&do=add" method="post">
<table border="0">
<tr>
<td align="right" bgcolor="#006600">
</font>
</td>
<td>
- <input type="text" size="3" name="medianum" value="${medianum}"> <input type="submit" value="${lang("open.posting.nr_of_media.submit")}">
+ <input type="text" size="3" name="medianum" value="${encodeHTML(medianum)}"> <input type="submit" value="${lang("open.posting.nr_of_media.submit")}">
</td>
</tr>
</table>
</form>
</if>
-<form enctype="multipart/form-data" method="post" action="${config.actionRoot}?module=Images&do=<if data.new>insert<else>update</if>&id=${data.id}">
+<form enctype="multipart/form-data" method="post" action="${encodeHTML(config.actionRoot)}?module=Images&do=<if data.new>insert<else>update</if>&id=${encodeHTML(data.id)}">
<table border="0">
- <input type="hidden" name="where" value="${data.where}">
- <input type="hidden" name="offset" value="${data.offset}">
- <input type="hidden" name="order" value="${data.order}">
- <input type="hidden" name="id" value="${data.id}">
+ <input type="hidden" name="where" value="${encodeHTML(data.where)}">
+ <input type="hidden" name="offset" value="${encodeHTML(data.offset)}">
+ <input type="hidden" name="order" value="${encodeHTML(data.order)}">
+ <input type="hidden" name="id" value="${encodeHTML(data.id)}">
<if !data.new>
<tr>
<td align="right" bgcolor="#006600">
<if (data.icon_data!="" && data.icon_data!="0") && !new>
<font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
- <a href="JavaScript:openWin('${config.actionRoot}?module=Images&do=getMedia&id=${data.id}')">
- <img src="${config.actionRoot}?module=Images&do=getIcon&id=${data.id}" border=0></a></font></td>
+ <a href="JavaScript:openWin('${encodeHTML(config.actionRoot)}?module=Images&do=getMedia&id=${encodeHTML(data.id)}')">
+ <img src="${encodeHTML(config.actionRoot)}?module=Images&do=getIcon&id=${encodeHTML(data.id)}" border=0></a></font></td>
</if>
<td valign="bottom"><font color="Silver" face="Verdana, Arial, Helvetica, sans-serif" size=1>
- ${lang("media.created")}: ${data.webdb_create} <if data.webdb_lastchange>/ ${lang("media.changed")} ${data.webdb_lastchange}</if><br>
- <if data.is_published=="1">${lang("media.published")}: ${data.publish_date} / ${data.publish_server}${data.publish_path}<br></if>
- ${lang("media.format")}: ${data.media_descr} / ${data.img_width}x${data.img_height} / ${data.imgformatHashdata[to_img_format]["name"]} / ${data.imglayoutHashdata[to_img_layout]["name"]} / ${data.imgcolorHashdata[to_img_color]["name"]}<br>
+ ${lang("media.created")}: ${encodeHTML(data.webdb_create)} <if data.webdb_lastchange>/ ${lang("media.changed")} ${encodeHTML(data.webdb_lastchange)}</if><br>
+ <if data.is_published=="1">${lang("media.published")}: ${encodeHTML(data.publish_date)} / ${encodeHTML(data.publish_server)}${encodeHTML(data.publish_path)}<br></if>
+ ${lang("media.format")}: ${encodeHTML(data.media_descr)} / ${encodeHTML(data.img_width)}x${encodeHTML(data.img_height)} / ${data.imgformatHashdata[to_img_format]["name"]} / ${data.imglayoutHashdata[to_img_layout]["name"]} / ${data.imgcolorHashdata[to_img_color]["name"]}<br>
${lang("media.rights")}: <b>${data.rightsHashdata[to_rights]["name"]}</b><br>
${lang("media.type")}: <b>${data.imgtypeHashdata[to_img_type]["name"]}</b><br>
</td>
<td>
<select name="to_media_folder">
<list extra.mediafolderPopupData as m>
- <option value="${m.key}" <if m.key == data.to_media_folder>selected</if>>${m.value}</option>
+ <option value="${encodeHTML(m.key)}" <if m.key == data.to_media_folder>selected</if>>${encodeHTML(m.value)}</option>
</list>
</select>
</td>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.description")}:</B></font></td>
- <td><input type="text" size="40" maxlength="255" name="description" value="${data.description} ${data.human_readable_size}"></td>
+ <td><input type="text" size="40" maxlength="255" name="description" value="${encodeHTML(data.description)} ${encodeHTML(data.human_readable_size)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.date")}:</B></font></td>
- <td><input type="text" size="8" maxlength="8" name="date" value="${data.date}">
- <input type="text" size="20" maxlength="40" name="year" value="${data.year}"></td>
+ <td><input type="text" size="8" maxlength="8" name="date" value="${encodeHTML(data.date)}">
+ <input type="text" size="20" maxlength="40" name="year" value="${encodeHTML(data.year)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.location")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="place" value="${data.place}"></td>
+ <td><input type="text" size="40" maxlength="80" name="place" value="${encodeHTML(data.place)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.creator")}:</B></font></td>
<td>
- <input type="text" size="40" maxlength="80" name="creator" value="${data.creator}">
+ <input type="text" size="40" maxlength="80" name="creator" value="${encodeHTML(data.creator)}">
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.keywords")}:</B></font></td>
- <td><textarea cols="40" rows="2" name="keywords">${data.keywords}</textarea></td>
+ <td><textarea cols="40" rows="2" name="keywords">${encodeHTML(data.keywords)}</textarea></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.comment")}:</B></font></td>
- <td><textarea cols="40" rows="2" name="comment">${data.comment}</textarea></td>
+ <td><textarea cols="40" rows="2" name="comment">${encodeHTML(data.comment)}</textarea></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.source")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="source" value="${data.source}"></td>
+ <td><input type="text" size="40" maxlength="80" name="source" value="${encodeHTML(data.source)}"></td>
</tr>
<if data.new>
<tr>
<B>${lang("media.title")}:<B>
</font> </td>
<td>
- <input type="text" name="media_title${m}" size="40" maxlength="80" value="">
+ <input type="text" name="media_title${encodeHTML(m)}" size="40" maxlength="80" value="">
</td>
</tr>
<tr>
<td bgcolor="#006600"></td>
<td>
- <INPUT TYPE="file" NAME="mpfile${m}"><br>
+ <INPUT TYPE="file" NAME="mpfile${encodeHTML(m)}"><br>
</td>
</tr>
</list>
<B>${lang("media.title")}:<B>
</font> </td>
<td>
- <input type="text" name="title" size="40" maxlength="80" value="${data.title}">
+ <input type="text" name="title" size="40" maxlength="80" value="${encodeHTML(data.title)}">
</td>
</tr>
</if>
<body bgcolor="#FFFFFF">
<include "admin/head.template">
-<form action="${config.actionRoot}" method="post">
+<form action="${encodeHTML(config.actionRoot)}" method="post">
<input type="hidden" name="module" value="Language">
- <input type="hidden" name="id" value="${id}">
+ <input type="hidden" name="id" value="${encodeHTML(id)}">
<if data.new><input type="hidden" name="do" value="insert">
<else><input type="hidden" name="do" value="update"></if>
<table border="0">
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("language.name")}:</B></font></td>
<td>
- <input type="text" name="name" size="30" value="${data.name}">
+ <input type="text" name="name" size="30" value="${encodeHTML(data.name)}">
</td>
</tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("language.code")}:</B></font></td>
<td>
- <input type="text" name="code" size="2" maxlength="2" value="${data.code}">
+ <input type="text" name="code" size="2" maxlength="2" value="${encodeHTML(data.code)}">
</td>
</tr>
<tr
<if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"> </if>
>
- <td>${entry.name} </td>
- <td>${entry.code} </td>
- <td><font size="1"> <a href="${config.actionRoot}?module=Language&do=delete&id=${entry.id}">${lang("delete")}</a>
- | <a href="${config.actionRoot}?module=Language&do=edit&id=${entry.id}">${lang("edit")}</a></font></td>
+ <td>${encodeHTML(entry.name)} </td>
+ <td>${encodeHTML(entry.code)} </td>
+ <td><font size="1"> <a href="${encodeHTML(config.actionRoot)}?module=Language&do=delete&id=${encodeHTML(entry.id)}">${lang("delete")}</a>
+ | <a href="${encodeHTML(config.actionRoot)}?module=Language&do=edit&id=${encodeHTML(entry.id)}">${lang("edit")}</a></font></td>
</tr>
</list>
<tr>
- <td colspan="3" bgcolor="#006600"><font color="#ffffff">${data.count} ${lang("records")}
+ <td colspan="3" bgcolor="#006600"><font color="#ffffff">${encodeHTML(data.count)} ${lang("records")}
/ ${lang("show_from_to", data.from, data.to)}</font></td>
<td> </td>
</tr>
<P>
<if data.prev>
- <a href="${config.actionRoot}?module=Language&do=list&where=${data.where}&prevoffset=${data.prev}&prev=zurück">${lang("list.previous")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Language&do=list&where=${encodeHTML(data.where)}&prevoffset=${encodeHTML(data.prev)}&prev=zurück">${lang("list.previous")}</a>
</if>
<if data.next>
-<a href="${config.actionRoot}?module=Language&do=list&where=${data.where}&nextoffset=${data.next}&next=weiter">${lang("list.next")}</a>
+<a href="${encodeHTML(config.actionRoot)}?module=Language&do=list&where=${encodeHTML(data.where)}&nextoffset=${encodeHTML(data.next)}&next=weiter">${lang("list.next")}</a>
</if>
<else>
<head>
<body bgcolor="#FFFFFF">
<include "admin/head.template">
-<form action="${config.actionRoot}" method="post">
+<form action="${encodeHTML(config.actionRoot)}" method="post">
<input type=hidden name=module value=LinksImcs>
- <input type="hidden" name="id" value="${data.entity.id}">
+ <input type="hidden" name="id" value="${encodeHTML(data.entity.id)}">
<if data.new><input type="hidden" name="do" value="insert">
<else><input type="hidden" name="do" value="update"></if>
<table border="0">
<td align="right" bgcolor="#006600"><font face="Verdana, Arial, Helvetica, sans-serif" size="-1" color="#ffffff">
<B>${lang("linkimcs.name")}:</B></font></td>
<td>
- <input type="text" size="40" name="title" value="${data.entity.title}">
+ <input type="text" size="40" name="title" value="${encodeHTML(data.entity.title)}">
</td>
</tr>
<tr>
<if data.parentlist>
<select name="to_parent_id" size="1">
<option value=NULL> ${lang("linkimcs.new_parent")}
- <list data.parentlist as entry><option value="${entry.id}"<if entry.id == data.entity.to_parent_id> selected</if>> ${entry.title}</list>
+ <list data.parentlist as entry><option value="${encodeHTML(entry.id)}"<if entry.id == data.entity.to_parent_id> selected</if>> ${encodeHTML(entry.title)}</list>
</select>
</if>
</td>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff"><B>${lang("linkimcs.url")}:</B></font></td>
<td>
- <input type="text" size="40" name="url" value="${data.entity.url}">
+ <input type="text" size="40" name="url" value="${encodeHTML(data.entity.url)}">
</td>
</tr>
<tr>
<td>
<select name="to_language" size="1">
<list data.languagelist as language>
- <option value="${language.id}"<if data.entity.to_language == language.id> selected</if>> ${language.name}
+ <option value="${encodeHTML(language.id)}"<if data.entity.to_language == language.id> selected</if>> ${encodeHTML(language.name)}
</list>
</select>
</td>
<body bgcolor="#FFFFFF">\r
<include "admin/head.template">\r
\r
-<form method="post" action="${config.actionRoot}">\r
+<form method="post" action="${encodeHTML(config.actionRoot)}">\r
<input type="hidden" name="module" value="LinksImcs">\r
<input type="hidden" name="do" value="list">\r
<input type="hidden" name="cid" value="">\r
\r
<tr>\r
<td>\r
- <input type="text" size="10" maxlength="20" name="query_text" value="${data.query_text}">\r
+ <input type="text" size="10" maxlength="20" name="query_text" value="${encodeHTML(data.query_text)}">\r
<select name="query_field">\r
<option value="title"<if data.query_field == "title"> selected</if>>${lang("linkimcs.name")}\r
<option value="url"<if data.query_field == "url"> selected</if>>${lang("linkimcs.url")}\r
<td>\r
<select name="to_parent_id">\r
<option value=""></option>\r
- <list data.parentlist as parent><option value="${parent.id}"<if to_parent_id == parent.id> selected</if>>${parent.title}</option>\r
+ <list data.parentlist as parent><option value="${encodeHTML(parent.id)}"<if to_parent_id == parent.id> selected</if>>${encodeHTML(parent.title)}</option>\r
</list>\r
</select>\r
</td>\r
<td>\r
<select name="to_language">\r
<option value="">${lang("all")}</option>\r
- <list data.languagelist as language><option value="${language.id}"<if to_language == language.id> selected</if>>${language.name}</option>\r
+ <list data.languagelist as language><option value="${encodeHTML(language.id)}"<if to_language == language.id> selected</if>>${encodeHTML(language.name)}</option>\r
</list> \r
</select>\r
</td>\r
</list>\r
\r
<tr <if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"> </if>>\r
- <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${entry.title} </font></td>\r
- <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${parent}</font></td>\r
- <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${entry.url}</font></td>\r
- <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${entry.sortpriority}</font></td>\r
- <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${data.language}</font></td>\r
- <td><font size="1"> <a href="${actionRoot}?module=LinksImcs&do=delete&id=${entry.id}">${lang("delete")}</a>\r
- | <a href="${actionRoot}?module=LinksImcs&do=edit&id=${entry.id}">${lang("edit")}</a></font>\r
+ <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${encodeHTML(entry.title)} </font></td>\r
+ <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${encodeHTML(parent)}</font></td>\r
+ <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${encodeHTML(entry.url)}</font></td>\r
+ <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${encodeHTML(entry.sortpriority)}</font></td>\r
+ <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${encodeHTML(data.language)}</font></td>\r
+ <td><font size="1"> <a href="${encodeHTML(actionRoot)}?module=LinksImcs&do=delete&id=${encodeHTML(entry.id)}">${lang("delete")}</a>\r
+ | <a href="${encodeHTML(actionRoot)}?module=LinksImcs&do=edit&id=${encodeHTML(entry.id)}">${lang("edit")}</a></font>\r
</td>\r
</tr>\r
</list>\r
<tr>\r
<td colspan="6" bgcolor="#006600"><font face="Verdana, Arial, Helvetica, sans-serif" size="-1" color="#ffffff">\r
- ${data.count} ${lang("records")} / ${lang("show_from_to", data.from, data.to)}</font></td>\r
+ ${encodeHTML(data.count)} ${lang("records")} / ${lang("show_from_to", data.from, data.to)}</font></td>\r
<td> </td>\r
</tr>\r
</table>\r
<P>\r
<if data.prev>\r
- <a href="${config.actionRoot}?module=LinksImcs&do=list&order=${data.order}&query_text=${data.query_text_encoded}&query_field=${data.query_field}&to_parent_id=${data.to_parent_id}&to_language=${data.to_language}&prevoffset=${data.prev}&prev=zurück">${lang("list.previous")}</a> \r
+ <a href="${encodeHTML(config.actionRoot)}?module=LinksImcs&do=list&order=${encodeHTML(data.order)}&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&to_parent_id=${encodeHTML(data.to_parent_id)}&to_language=${encodeHTML(data.to_language)}&prevoffset=${encodeHTML(data.prev)}&prev=zurück">${lang("list.previous")}</a> \r
</if>\r
<if data.next>\r
-<a href="${config.actionRoot}?module=LinksImcs&do=list&order=${data.order}&query_text=${data.query_text_encoded}&query_field=${data.query_field}&to_parent_id=${data.to_parent_id}&to_language=${data.to_language}&nextoffset=${data.next}&next=weiter">${lang("list.next")}</a>\r
+<a href="${encodeHTML(config.actionRoot)}?module=LinksImcs&do=list&order=${encodeHTML(data.order)}&query_text=${encodeHTML(data.query_text_encoded)}&query_field=${encodeHTML(data.query_field)}&to_parent_id=${encodeHTML(data.to_parent_id)}&to_language=${encodeHTML(data.to_language)}&nextoffset=${encodeHTML(data.next)}&next=weiter">${lang("list.next")}</a>\r
</if>\r
\r
<else>\r
<a href="mailto:${lang("imc.contact-email.address")}"><font color="#663399">${lang("imc.contact-email.name")}</font></a>.
</font></p>
<hr>
- <form method="post" action="${config.actionRootLogin}">
+ <form method="post" action="${encodeHTML(config.actionRootLogin)}">
<input type="hidden" name="module" value="login">
<table border="0" cellpadding="2" cellspacing="0" bgcolor="#006600">
<tr bgcolor="#663399">
<head>
<SCRIPT LANGUAGE="JavaScript">
function openWin(url) {
- window.open(url,"vc","scrollbars=0,height=${data.img_height},width=${data.img_width}");
+ window.open(url,"vc","scrollbars=0,height=${encodeHTML(data.img_height)},width=${encodeHTML(data.img_width)}");
}
</SCRIPT>
<body bgcolor="#FFFFFF">
<include "admin/head.template">
<if data.new>
-<form action="${config.actionRoot}?module=OtherMedia&do=add" method="post">
+<form action="${encodeHTML(config.actionRoot)}?module=OtherMedia&do=add" method="post">
<table border="0">
<tr>
<td align="right" bgcolor="#006600">
</font>
</td>
<td>
- <input type="text" size="3" name="medianum" value="${medianum}"> <input type="submit" value="${lang("open.posting.nr_of_media.submit")}">
+ <input type="text" size="3" name="medianum" value="${encodeHTML(medianum)}"> <input type="submit" value="${lang("open.posting.nr_of_media.submit")}">
</td>
</tr>
</table>
</form>
</if>
-<form enctype="multipart/form-data" method="post" action="${config.actionRoot}?module=OtherMedia&do=<if data.new>insert<else>update</if>&id=${data.id}">
+<form enctype="multipart/form-data" method="post" action="${encodeHTML(config.actionRoot)}?module=OtherMedia&do=<if data.new>insert<else>update</if>&id=${encodeHTML(data.id)}">
- <input type="hidden" name="where" value="${data.where}">
- <input type="hidden" name="offset" value="${data.offset}">
- <input type="hidden" name="order" value="${data.order}">
- <input type="hidden" name="id" value="${data.id}">
+ <input type="hidden" name="where" value="${encodeHTML(data.where)}">
+ <input type="hidden" name="offset" value="${encodeHTML(data.offset)}">
+ <input type="hidden" name="order" value="${encodeHTML(data.order)}">
+ <input type="hidden" name="id" value="${encodeHTML(data.id)}">
<table border="0">
<if !data.new>
<tr>
<td align="right" bgcolor="#006600">
<font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
- <a href="${config.actionRoot}?module=OtherMedia&do=getMedia&id=${data.id}">
- <img src="${config.docRoot}/img/${data.big_icon}" border=0></a></font></td>
+ <a href="${encodeHTML(config.actionRoot)}?module=OtherMedia&do=getMedia&id=${encodeHTML(data.id)}">
+ <img src="${encodeHTML(config.docRoot)}/img/${encodeHTML(data.big_icon)}" border=0></a></font></td>
<td valign="bottom"><font color="Silver" face="Verdana, Arial, Helvetica, sans-serif" size=1>
- ${lang("media.created")}: ${data.webdb_create}
- <if data.webdb_lastchange>/ ${lang("media.changed")} ${data.webdb_lastchange}</if><br>
- <if data.is_published=="1">${lang("media.published")}: ${data.publish_date} / ${data.publish_server}${data.publish_path}<br></if>
- ${lang("media.format")}: ${data.mimetype} / ${data.human_readable_size}<br>
+ ${lang("media.created")}: ${encodeHTML(data.webdb_create)}
+ <if data.webdb_lastchange>/ ${lang("media.changed")} ${encodeHTML(data.webdb_lastchange)}</if><br>
+ <if data.is_published=="1">${lang("media.published")}: ${encodeHTML(data.publish_date)} / ${encodeHTML(data.publish_server)}${encodeHTML(data.publish_path)}<br></if>
+ ${lang("media.format")}: ${encodeHTML(data.mimetype)} / ${encodeHTML(data.human_readable_size)}<br>
${lang("media.rights")}: <b>${data.rightsHashdata[to_rights]["name"]}</b><br>
</td>
</tr>
<td>
<select name="to_media_folder">
<list extra.mediafolderPopupData as m>
- <option value="${m.key}" <if m.key == data.to_media_folder>selected</if>>${m.value}</option>
+ <option value="${encodeHTML(m.key)}" <if m.key == data.to_media_folder>selected</if>>${encodeHTML(m.value)}</option>
</list>
</select>
</td>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.description")}:</B></font></td>
- <td><input type="text" size="40" maxlength="255" name="description" value="${data.description}"></td>
+ <td><input type="text" size="40" maxlength="255" name="description" value="${encodeHTML(data.description)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.date")}:</B></font></td>
- <td><input type="text" size="8" maxlength="8" name="date" value="${data.date}">
- <input type="text" size="20" maxlength="40" name="year" value="${data.year}"></td>
+ <td><input type="text" size="8" maxlength="8" name="date" value="${encodeHTML(data.date)}">
+ <input type="text" size="20" maxlength="40" name="year" value="${encodeHTML(data.year)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.location")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="place" value="${data.place}"></td>
+ <td><input type="text" size="40" maxlength="80" name="place" value="${encodeHTML(data.place)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.creator")}:</B></font></td>
<td>
- <input type="text" size="40" maxlength="80" name="creator" value="${data.creator}">
+ <input type="text" size="40" maxlength="80" name="creator" value="${encodeHTML(data.creator)}">
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.keywords")}:</B></font></td>
- <td><textarea cols="40" rows="2" name="keywords">${data.keywords}</textarea></td>
+ <td><textarea cols="40" rows="2" name="keywords">${encodeHTML(data.keywords)}</textarea></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.comment")}:</B></font></td>
- <td><textarea cols="40" rows="2" name="comment">${data.comment}</textarea></td>
+ <td><textarea cols="40" rows="2" name="comment">${encodeHTML(data.comment)}</textarea></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.source")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="source" value="${data.source}"></td>
+ <td><input type="text" size="40" maxlength="80" name="source" value="${encodeHTML(data.source)}"></td>
</tr>
<tr>
<td colspan="2" align="right"> <font color="black">
<B>${lang("media.title")}:<B>
</font> </td>
<td>
- <input type="text" name="media_title${m}" size="40" maxlength="80" value="">
+ <input type="text" name="media_title${encodeHTML(m)}" size="40" maxlength="80" value="">
</td>
</tr>
<tr>
<td bgcolor="#006600"></td>
<td>
- <INPUT TYPE="file" NAME="mpfile${m}"><br>
+ <INPUT TYPE="file" NAME="mpfile${encodeHTML(m)}"><br>
</td>
</tr>
</list>
<B>${lang("media.title")}:<B>
</font> </td>
<td>
- <input type="text" name="title" size="40" maxlength="80" value="${data.title}">
+ <input type="text" name="title" size="40" maxlength="80" value="${encodeHTML(data.title)}">
</td>
</tr>
</if>
<body bgcolor="#FFFFFF">
<include "admin/head.template">
-<form method="post" action="${config.actionRoot}">
+<form method="post" action="${encodeHTML(config.actionRoot)}">
<input type=hidden name=module value=Mediafolder>
- <input type="hidden" name="id" value="${data.id}">
+ <input type="hidden" name="id" value="${encodeHTML(data.id)}">
<if data.new> <input type="hidden" name="do" value="insert">
<else> <input type="hidden" name="do" value="update"></if>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff"><B>${lang("mediafolder.date")}:</B></font></td>
- <td><input type="text" size="8" maxsize="8" name="date" value="${data.date}"></td>
+ <td><input type="text" size="8" maxsize="8" name="date" value="${encodeHTML(data.date)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff"><B>${lang("mediafolder.name")}:</B></font></td>
- <td><input type="text" size="40" name="name" value="${data.name}"></td>
+ <td><input type="text" size="40" name="name" value="${encodeHTML(data.name)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff"><B>${lang("mediafolder.location")}:</B></font></td>
- <td><input type="text" size="40" name="place" value="${data.place}"></td>
+ <td><input type="text" size="40" name="place" value="${encodeHTML(data.place)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff"><B>${lang("mediafolder.comment")}:</B></font></td>
- <td><textarea cols="40" rows="5" name="comment">${data.comment}</textarea></td>
+ <td><textarea cols="40" rows="5" name="comment">${encodeHTML(data.comment)}</textarea></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff"><B>${lang("mediafolder.keywords")}:</B></font></td>
- <td><textarea cols="40" rows="4" name="keywords">${data.keywords}</textarea></td>
+ <td><textarea cols="40" rows="4" name="keywords">${encodeHTML(data.keywords)}</textarea></td>
</tr>
<tr>
</tr>
<list data.contentlist as entry>
<tr <if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"> </if> >
- <td>${entry.date} </td>
- <td><b>${entry.name}</b> </td>
- <td>${entry.place} </td>
- <td>${entry.comment} </td>
- <td>${entry.keywords} </td>
- <td><font size="1"><a href="${config.actionRoot}?module=Mediafolder&do=delete&id=${entry.id}">${lang("delete")}</a>
- | <a href="${config.actionRoot}?module=Mediafolder&do=edit&id=${entry.id}">${lang("edit")}</a>
- | <a href="${config.actionRoot}?module=Images&do=list&query_media_folder=${entry.id}">${lang("list")}</a></font></td>
+ <td>${encodeHTML(entry.date)} </td>
+ <td><b>${encodeHTML(entry.name)}</b> </td>
+ <td>${encodeHTML(entry.place)} </td>
+ <td>${encodeHTML(entry.comment)} </td>
+ <td>${encodeHTML(entry.keywords)} </td>
+ <td><font size="1"><a href="${encodeHTML(config.actionRoot)}?module=Mediafolder&do=delete&id=${encodeHTML(entry.id)}">${lang("delete")}</a>
+ | <a href="${encodeHTML(config.actionRoot)}?module=Mediafolder&do=edit&id=${encodeHTML(entry.id)}">${lang("edit")}</a>
+ | <a href="${encodeHTML(config.actionRoot)}?module=Images&do=list&query_media_folder=${encodeHTML(entry.id)}">${lang("list")}</a></font></td>
</tr>
</list>
<tr>
- <td colspan="5" bgcolor="#006600"><font color="#ffffff">${data.count} ${lang("records")} /
+ <td colspan="5" bgcolor="#006600"><font color="#ffffff">${encodeHTML(data.count)} ${lang("records")} /
${lang("show_from_to", data.from, data.to)}</font></td>
<td> </td>
</tr>
</table>
<P>
<if data.prev>
- <a href="${config.actionRoot}?module=Mediafolder&do=list&where=${data.where}&prevoffset=${data.prev}&prev=zurück">${lang("list.previous")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Mediafolder&do=list&where=${encodeHTML(data.where)}&prevoffset=${encodeHTML(data.prev)}&prev=zurück">${lang("list.previous")}</a>
</if>
<if data.next>
- <a href="${config.actionRoot}?module=Mediafolder&do=list&where=${data.where}&nextoffset=${data.next}&next=weiter">${lang("list.next")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Mediafolder&do=list&where=${encodeHTML(data.where)}&nextoffset=${encodeHTML(data.next)}&next=weiter">${lang("list.next")}</a>
</if>
<else>
<P align="center">${lang("no_matches_found")}</p>
<body bgcolor="#FFFFFF">
<include "admin/head.template">
-<form action="${config.actionRoot}" method="post">
+<form action="${encodeHTML(config.actionRoot)}" method="post">
<input type="hidden" name="module" value="Message">
- <input type="hidden" name="id" value="${data.id}">
+ <input type="hidden" name="id" value="${encodeHTML(data.id)}">
<if data.new><input type="hidden" name="do" value="insert">
<else><input type="hidden" name="do" value="update"></if>
<table border="0">
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("message.date")}:</B></font></td>
<td>
- ${data.date}
+ ${encodeHTML(data.date)}
</td>
</tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("message.title")}:</B></td>
<td>
- <input type=text name="title" maxlength=40 value="${data.title}">
+ <input type=text name="title" maxlength=40 value="${encodeHTML(data.title)}">
</td>
</tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("message.creator")}:</B></td>
<td>
- <input type=text name="creator" maxlength=40 value="${data.creator}">
+ <input type=text name="creator" maxlength=40 value="${encodeHTML(data.creator)}">
</td>
</tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("message.text")}:</B> ${lang("message.textinfo")}</font></td>
<td>
- <textarea cols="50" rows="3" name="description" wrap=virtual>${data.description}</textarea>
+ <textarea cols="50" rows="3" name="description" wrap=virtual>${encodeHTML(data.description)}</textarea>
</td>
</tr>
<tr
<if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"> </if>
>
- <td>${entry.webdb_create} </td>
- <td><b>${entry.title}</b><br>
- <i>${entry.creator}</i></td>
- <td bgcolor="Pink">${entry.description} </td>
- <td><font size="1"> <a href="${config.actionRoot}?module=Message&do=delete&id=${entry.id}">${lang("delete")}</a>
- | <a href="${config.actionRoot}?module=Message&do=edit&id=${entry.id}">${lang("edit")}</a></font></td>
+ <td>${encodeHTML(entry.webdb_create)} </td>
+ <td><b>${encodeHTML(entry.title)}</b><br>
+ <i>${encodeHTML(entry.creator)}</i></td>
+ <td bgcolor="Pink">${encodeHTML(entry.description)} </td>
+ <td><font size="1"> <a href="${encodeHTML(config.actionRoot)}?module=Message&do=delete&id=${encodeHTML(entry.id)}">${lang("delete")}</a>
+ | <a href="${encodeHTML(config.actionRoot)}?module=Message&do=edit&id=${encodeHTML(entry.id)}">${lang("edit")}</a></font></td>
</tr>
</list>
<tr>
- <td colspan="3" bgcolor="#006600"><font color="#ffffff">${data.count} ${lang("records")} /
+ <td colspan="3" bgcolor="#006600"><font color="#ffffff">${encodeHTML(data.count)} ${lang("records")} /
${lang("show_from_to", data.from, data.to)}</font></td>
<td> </td>
</tr>
<P>
<if data.prev>
- <a href="${config.actionRoot}?module=Users&do=list&where=${data.where}&prevoffset=${data.prev}&prev=zurück">${lang("list.previous")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Users&do=list&where=${encodeHTML(data.where)}&prevoffset=${encodeHTML(data.prev)}&prev=zurück">${lang("list.previous")}</a>
</if>
<if data.next>
-<a href="${config.actionRoot}?module=Users&do=list&where=${data.where}&nextoffset=${data.next}&next=weiter">${lang("list.next")}</a>
+<a href="${encodeHTML(config.actionRoot)}?module=Users&do=list&where=${encodeHTML(data.where)}&nextoffset=${encodeHTML(data.next)}&next=weiter">${lang("list.next")}</a>
</if>
<else>
<b>${lang("start.openpostings.title")}</b></font>
<p>
- <a href="${config.actionRoot}?module=Content&do=listop&order=webdb_create+desc">
- <img src="${config.docRoot}/img/pointgris.gif" border=0>${lang("edit")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Content&do=listop&order=webdb_create+desc">
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>${lang("edit")}</a>
<p>
<font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#663399">
<b>${lang("start.comments.title")}</b></font>
<p>
- <a href="${config.actionRoot}?module=Comment&do=list">
- <img src="${config.docRoot}/img/pointgris.gif" border=0>${lang("edit")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Comment&do=list">
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>${lang("edit")}</a>
<p>
<font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#663399">
<b>${lang("start.breaking.title")}</b></font>
<p>
- <img src="${config.docRoot}/img/pointgris.gif" border=0>
- <a href="${config.actionRoot}?module=Breaking&do=list">${lang("edit")}</a>
- <img src="${config.docRoot}/img/pointgris.gif" border=0>
- <a href="${config.actionRoot}?module=Breaking&do=add">${lang("start.breaking.new")}</a>
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>
+ <a href="${encodeHTML(config.actionRoot)}?module=Breaking&do=list">${lang("edit")}</a>
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>
+ <a href="${encodeHTML(config.actionRoot)}?module=Breaking&do=add">${lang("start.breaking.new")}</a>
<table width="100%" border="0">
<tr><td bgcolor="white"> </td></tr>
<b>${lang("start.content.title")}</b></font>
<p>
- <img src="${config.docRoot}/img/pointgris.gif" border=0>
- <a href="${config.actionRoot}?module=Content&do=add&where=aktuell">${lang("start.content.new")}</a>
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>
+ <a href="${encodeHTML(config.actionRoot)}?module=Content&do=add&where=aktuell">${lang("start.content.new")}</a>
<p>
<b>${lang("start.show")}:</b><br>
- <img src="${config.docRoot}/img/pointgris.gif" border=0>
- <a href="${config.actionRoot}?module=Content&do=list&where=newswire">${lang("start.content.newswire")}</a><br>
- <img src="${config.docRoot}/img/pointgris.gif" border=0>
- <a href="${config.actionRoot}?module=Content&do=list&where=feature">${lang("start.content.feature")}</a><br>
- <img src="${config.docRoot}/img/pointgris.gif" border=0>
- <a href="${config.actionRoot}?module=Content&do=list&where=themenspecial">${lang("start.content.topicspecial")}</a><br>
- <img src="${config.docRoot}/img/pointgris.gif" border=0>
- <a href="${config.actionRoot}?module=Content&do=list&where=special">${lang("start.content.startspecial")}</a><br>
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>
+ <a href="${encodeHTML(config.actionRoot)}?module=Content&do=list&where=newswire">${lang("start.content.newswire")}</a><br>
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>
+ <a href="${encodeHTML(config.actionRoot)}?module=Content&do=list&where=feature">${lang("start.content.feature")}</a><br>
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>
+ <a href="${encodeHTML(config.actionRoot)}?module=Content&do=list&where=themenspecial">${lang("start.content.topicspecial")}</a><br>
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>
+ <a href="${encodeHTML(config.actionRoot)}?module=Content&do=list&where=special">${lang("start.content.startspecial")}</a><br>
<br>
- <img src="${config.docRoot}/img/pointgris.gif" border=0>
- <a href="${config.actionRoot}?module=Content&do=list&where=nfrei" >${lang("start.content.not_published")}</a><br>
- <img src="${config.docRoot}/img/pointgris.gif" border=0>
- <a href="${config.actionRoot}?module=Content&do=list&where=media">${lang("start.content.with_media")}</a><br>
- <img src="${config.docRoot}/img/pointgris.gif" border=0>
- <a href="${config.actionRoot}?module=Content&do=list&where=lastchange">${lang("start.content.last_changes")}</a><br>
- <img src="${config.docRoot}/img/pointgris.gif" border=0>
- <a href="${config.actionRoot}?module=Content&do=list&where=comments">${lang("start.content.with_comments")}</a><br>
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>
+ <a href="${encodeHTML(config.actionRoot)}?module=Content&do=list&where=nfrei" >${lang("start.content.not_published")}</a><br>
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>
+ <a href="${encodeHTML(config.actionRoot)}?module=Content&do=list&where=media">${lang("start.content.with_media")}</a><br>
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>
+ <a href="${encodeHTML(config.actionRoot)}?module=Content&do=list&where=lastchange">${lang("start.content.last_changes")}</a><br>
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>
+ <a href="${encodeHTML(config.actionRoot)}?module=Content&do=list&where=comments">${lang("start.content.with_comments")}</a><br>
<br>
- <img src="${config.docRoot}/img/pointgris.gif" border=0>
- <a href="${config.actionRoot}?module=Hidden&do=list">${lang("start.content.hidden")}</a>
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>
+ <a href="${encodeHTML(config.actionRoot)}?module=Hidden&do=list">${lang("start.content.hidden")}</a>
<br><br>
<b>here to edit all the include files:</b>
<br>
- <img src="${config.docRoot}/img/pointgris.gif" border=0>
- <a href="${config.actionRoot}?module=FileEdit&do=list">${lang("edit")}
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>
+ <a href="${encodeHTML(config.actionRoot)}?module=FileEdit&do=list">${lang("edit")}
${lang("file")}</a>
<br><br>
- <form action="${config.actionRoot}" method="post">
+ <form action="${encodeHTML(config.actionRoot)}" method="post">
<input type="hidden" name="module" value="Content">
<input type="hidden" name="do" value="search">
<input type="hidden" name="order" value="date desc">
<br>
${lang("start.generate.all.title")}:
<br>
- <img src="${config.docRoot}/img/pointgris.gif" border=0>
- <a href="${config.actionRoot}?module=Producer&task=All">${lang("start.generate.all.new")}</a> |
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>
+ <a href="${encodeHTML(config.actionRoot)}?module=Producer&task=All">${lang("start.generate.all.new")}</a> |
<!--
<br>
- <a href="${config.actionRoot}?module=Producer&task=All&forced=1">alles (!)(forced, update auf www > 5min.)</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Producer&task=All&forced=1">alles (!)(forced, update auf www > 5min.)</a>
|
<br>
- <a href="${config.actionRoot}?module=Producer&task=All&forced=1&sync=1">alles (!)(www sofort, nur im Notfall)</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Producer&task=All&forced=1&sync=1">alles (!)(www sofort, nur im Notfall)</a>
|
<br>
-->
<br>${lang("start.generate.parts.title")}:
<br>
- <img src="${config.docRoot}/img/pointgris.gif" border=0>
- <a href="${config.actionRoot}?module=Producer&task=StartPage">${lang("start.generate.startpages.new")}</a>
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>
+ <a href="${encodeHTML(config.actionRoot)}?module=Producer&task=StartPage">${lang("start.generate.startpages.new")}</a>
|
- <a href="${config.actionRoot}?module=Producer&task=StartPage&forced=1">${lang("start.generate.all_forced")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Producer&task=StartPage&forced=1">${lang("start.generate.all_forced")}</a>
|
- <a href="${config.actionRoot}?module=Producer&task=StartPage&forced=1&sync=1">${lang("start.generate.all_sync")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Producer&task=StartPage&forced=1&sync=1">${lang("start.generate.all_sync")}</a>
<br>
- <img src="${config.docRoot}/img/pointgris.gif" border=0>
- <a href="${config.actionRoot}?module=Producer&task=Content">${lang("start.generate.content.new")}</a>
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>
+ <a href="${encodeHTML(config.actionRoot)}?module=Producer&task=Content">${lang("start.generate.content.new")}</a>
|
- <a href="${config.actionRoot}?module=Producer&task=Content&forced=1">${lang("start.generate.all_forced")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Producer&task=Content&forced=1">${lang("start.generate.all_forced")}</a>
<br>
- <img src="${config.docRoot}/img/pointgris.gif" border=0>
- <a href="${config.actionRoot}?module=Producer&task=Topics">${lang("start.generate.topics.new")}</a>
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>
+ <a href="${encodeHTML(config.actionRoot)}?module=Producer&task=Topics">${lang("start.generate.topics.new")}</a>
|
- <a href="${config.actionRoot}?module=Producer&task=Topics&forced=1">${lang("start.generate.all_forced")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Producer&task=Topics&forced=1">${lang("start.generate.all_forced")}</a>
<br>
- <a href="${config.actionRoot}?module=Producer&task=OpenPosting">
- <img src="${config.docRoot}/img/pointgris.gif" border=0>${lang("start.generate.postings.new")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Producer&task=OpenPosting">
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>${lang("start.generate.postings.new")}</a>
|
- <a href="${config.actionRoot}?module=Producer&task=OpenPosting&forced=1">${lang("start.generate.all_forced")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Producer&task=OpenPosting&forced=1">${lang("start.generate.all_forced")}</a>
<br>
- <a href="${config.actionRoot}?module=Producer&task=Images">
- <img src="${config.docRoot}/img/pointgris.gif" border=0>${lang("start.generate.images.new")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Producer&task=Images">
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>${lang("start.generate.images.new")}</a>
|
- <a href="${config.actionRoot}?module=Producer&task=Images&forced=1">${lang("start.generate.all_forced")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Producer&task=Images&forced=1">${lang("start.generate.all_forced")}</a>
<br>
- <a href="${config.actionRoot}?module=Producer&task=Audio">
- <img src="${config.docRoot}/img/pointgris.gif" border=0>${lang("start.generate.audio.new")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Producer&task=Audio">
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>${lang("start.generate.audio.new")}</a>
|
- <a href="${config.actionRoot}?module=Producer&task=Audio&forced=1">${lang("start.generate.all_forced")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Producer&task=Audio&forced=1">${lang("start.generate.all_forced")}</a>
<br>
- <a href="${config.actionRoot}?module=Producer&task=Video">
- <img src="${config.docRoot}/img/pointgris.gif" border=0>${lang("start.generate.video.new")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Producer&task=Video">
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>${lang("start.generate.video.new")}</a>
|
- <a href="${config.actionRoot}?module=Producer&task=Video&forced=1">${lang("start.generate.all_forced")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Producer&task=Video&forced=1">${lang("start.generate.all_forced")}</a>
<br>
- <a href="${config.actionRoot}?module=Producer&task=Other">
- <img src="${config.docRoot}/img/pointgris.gif" border=0>${lang("start.generate.other.new")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Producer&task=Other">
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>${lang("start.generate.other.new")}</a>
|
- <a href="${config.actionRoot}?module=Producer&task=Other&forced=1">${lang("start.generate.all_forced")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Producer&task=Other&forced=1">${lang("start.generate.all_forced")}</a>
<br>
- <a href="${config.actionRoot}?module=Producer&task=Navigation">
- <img src="${config.docRoot}/img/pointgris.gif" border=0>${lang("start.generate.navigation")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Producer&task=Navigation">
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0>${lang("start.generate.navigation")}</a>
<br>
<b>${lang("start.coverage.title")}</b></font>
<P>
- <a href="${config.actionRoot}?module=Schwerpunkt&do=list" >
- <img src="${config.docRoot}/img/pointgris.gif" border=0> ${lang("edit")}</a><br>
- <a href="${config.actionRoot}?module=Schwerpunkt&do=add" >
- <img src="${config.docRoot}/img/pointgris.gif" border=0> ${lang("add")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Schwerpunkt&do=list" >
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0> ${lang("edit")}</a><br>
+ <a href="${encodeHTML(config.actionRoot)}?module=Schwerpunkt&do=add" >
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0> ${lang("add")}</a>
<p>
-->
<font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#663399">
<b>${lang("start.topics.title")}</b></font>
<p>
- <a href="${config.actionRoot}?module=Topics&do=list">
- <img src="${config.docRoot}/img/pointgris.gif" border=0> ${lang("edit")}</a><br>
- <a href="${config.actionRoot}?module=Topics&do=add" >
- <img src="${config.docRoot}/img/pointgris.gif" border=0> ${lang("add")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Topics&do=list">
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0> ${lang("edit")}</a><br>
+ <a href="${encodeHTML(config.actionRoot)}?module=Topics&do=add" >
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0> ${lang("add")}</a>
<p>
<font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#663399">
<b>${lang("start.images.title")}</b></font>
<p>
- <a href="${config.actionRoot}?module=Images&do=list">
- <img src="${config.docRoot}/img/pointgris.gif" border=0> ${lang("edit")}</a><br>
- <a href="${config.actionRoot}?module=Images&do=add" >
- <img src="${config.docRoot}/img/pointgris.gif" border=0> ${lang("add")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Images&do=list">
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0> ${lang("edit")}</a><br>
+ <a href="${encodeHTML(config.actionRoot)}?module=Images&do=add" >
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0> ${lang("add")}</a>
<p>
<b>${lang("start.audio.title")}</b></font>
<p>
- <a href="${config.actionRoot}?module=Audio&do=list">
- <img src="${config.docRoot}/img/pointgris.gif" border=0> ${lang("edit")}</a><br>
- <a href="${config.actionRoot}?module=Audio&do=add" >
- <img src="${config.docRoot}/img/pointgris.gif" border=0> ${lang("add")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Audio&do=list">
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0> ${lang("edit")}</a><br>
+ <a href="${encodeHTML(config.actionRoot)}?module=Audio&do=add" >
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0> ${lang("add")}</a>
<p>
<b>${lang("start.video.title")}</b></font>
<p>
- <a href="${config.actionRoot}?module=Video&do=list">
- <img src="${config.docRoot}/img/pointgris.gif" border=0> ${lang("edit")}</a><br>
- <a href="${config.actionRoot}?module=Video&do=add" >
- <img src="${config.docRoot}/img/pointgris.gif" border=0> ${lang("add")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Video&do=list">
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0> ${lang("edit")}</a><br>
+ <a href="${encodeHTML(config.actionRoot)}?module=Video&do=add" >
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0> ${lang("add")}</a>
<p>
<b>${lang("start.other_media.title")}</b></font>
<p>
- <a href="${config.actionRoot}?module=OtherMedia&do=list">
- <img src="${config.docRoot}/img/pointgris.gif" border=0> ${lang("edit")}</a><br>
- <a href="${config.actionRoot}?module=OtherMedia&do=add" >
- <img src="${config.docRoot}/img/pointgris.gif" border=0> ${lang("add")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=OtherMedia&do=list">
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0> ${lang("edit")}</a><br>
+ <a href="${encodeHTML(config.actionRoot)}?module=OtherMedia&do=add" >
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0> ${lang("add")}</a>
<p>
<b>${lang("start.mediafolder.title")}</b></font>
<p>
- <a href="${config.actionRoot}?module=Mediafolder&do=list">
- <img src="${config.docRoot}/img/pointgris.gif" border=0> ${lang("edit")}</a><br>
- <a href="${config.actionRoot}?module=Mediafolder&do=add" >
- <img src="${config.docRoot}/img/pointgris.gif" border=0> ${lang("add")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Mediafolder&do=list">
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0> ${lang("edit")}</a><br>
+ <a href="${encodeHTML(config.actionRoot)}?module=Mediafolder&do=add" >
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0> ${lang("add")}</a>
<p>
<!--
<b>${lang("start.languages.title")}</b></font>
<p>
- <a href="${config.actionRoot}?module=Language&do=list">
- <img src="${config.docRoot}/img/pointgris.gif" border=0> ${lang("edit")}</a><br>
- <a href="${config.actionRoot}?module=Language&do=add" >
- <img src="${config.docRoot}/img/pointgris.gif" border=0> ${lang("add")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=Language&do=list">
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0> ${lang("edit")}</a><br>
+ <a href="${encodeHTML(config.actionRoot)}?module=Language&do=add" >
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0> ${lang("add")}</a>
<p>
-->
<b>${lang("start.imcs.title")}</b></font>
<p>
- <a href="${config.actionRoot}?module=LinksImcs&do=list">
- <img src="${config.docRoot}/img/pointgris.gif" border=0> ${lang("edit")}</a><br>
- <a href="${config.actionRoot}?module=LinksImcs&do=add" >
- <img src="${config.docRoot}/img/pointgris.gif" border=0> ${lang("add")}</a>
+ <a href="${encodeHTML(config.actionRoot)}?module=LinksImcs&do=list">
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0> ${lang("edit")}</a><br>
+ <a href="${encodeHTML(config.actionRoot)}?module=LinksImcs&do=add" >
+ <img src="${encodeHTML(config.docRoot)}/img/pointgris.gif" border=0> ${lang("add")}</a>
</td>
<font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#663399">
<b>${lang("start.messageboard.title")}</b>
- <font size="-1"><br><a href="${config.actionRoot}?module=Message&do=add">${lang("add")}</a></font>
+ <font size="-1"><br><a href="${encodeHTML(config.actionRoot)}?module=Message&do=add">${lang("add")}</a></font>
<if data.messages>
<list data.messages as m>
<p>
- <if m.title><b>${m.title}</b><br></if>
- ${m.description}<br>
+ <if m.title><b>${encodeHTML(m.title)}</b><br></if>
+ ${encodeHTML(m.description)}<br>
<font size="-2">
- <if m.creator><i>von: ${m.creator}</i> / </if>${m.webdb_create}<br>
+ <if m.creator><i>von: ${encodeHTML(m.creator)}</i> / </if>${encodeHTML(m.webdb_create)}<br>
</font>
</list>
<else>
<body bgcolor="#FFFFFF">
<include "admin/head.template">
-<form action="${config.actionRoot}" method="post">
+<form action="${encodeHTML(config.actionRoot)}" method="post">
<input type=hidden name=module value=Topics>
- <input type="hidden" name="id" value="${data.id}">
+ <input type="hidden" name="id" value="${encodeHTML(data.id)}">
<if data.new><input type="hidden" name="do" value="insert">
<else><input type="hidden" name="do" value="update"></if>
<table border="0">
<td align="right" bgcolor="#006600"><font face="Verdana, Arial, Helvetica, sans-serif" size="-1" color="#ffffff">
<B>${lang("topic.title")}:</B></font></td>
<td>
- <input type="text" size="40" name="title" value="${data.title}">
+ <input type="text" size="40" name="title" value="${encodeHTML(data.title)}">
</td>
</tr>
<tr>
<td align="right" valign="top" bgcolor="#006600"><font color="#ffffff"><B>${lang("topic.description")}:</B></font></td>
<td>
- <textarea cols="40" rows="3" name="description">${data.description}</textarea>
+ <textarea cols="40" rows="3" name="description">${encodeHTML(data.description)}</textarea>
</td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff"><B>${lang("topic.filename")}:</B></font></td>
<td>
- <input type="text" size="20" name="filename" value="${data.filename}">
+ <input type="text" size="20" name="filename" value="${encodeHTML(data.filename)}">
</td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff"><B>${lang("topic.main_url")}
</B></font></td>
<td>
- <input type="text" size="40" name="main_url" value="${data.main_url}">
+ <input type="text" size="40" name="main_url" value="${encodeHTML(data.main_url)}">
</td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff"><B>${lang("topic.archive_url")}:</B></font></td>
<td>
- <input type="text" size="40" name="archiv_url" value="${data.archiv_url}">
+ <input type="text" size="40" name="archiv_url" value="${encodeHTML(data.archiv_url)}">
</td>
</tr>
<tr>
</tr>
<list data.contentlist as entry>
<tr <if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"> </if>>
- <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${entry.title} </font></td>
- <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${entry.description} </font></td>
+ <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${encodeHTML(entry.title)} </font></td>
+ <td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">${encodeHTML(entry.description)} </font></td>
<td><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">
- ${entry.main_url}<br>
- ${entry.archiv_url}</font></td>
- <td><font size="1"> <a href="${config.actionRoot}?module=Topics&do=delete&id=${entry.id}">${lang("delete")}</a>
- | <a href="${config.actionRoot}?module=Topics&do=edit&id=${entry.id}">${lang("edit")}</a></font></td>
+ ${encodeHTML(entry.main_url)}<br>
+ ${encodeHTML(entry.archiv_url)}</font></td>
+ <td><font size="1"> <a href="${encodeHTML(config.actionRoot)}?module=Topics&do=delete&id=${encodeHTML(entry.id)}">${lang("delete")}</a>
+ | <a href="${encodeHTML(config.actionRoot)}?module=Topics&do=edit&id=${encodeHTML(entry.id)}">${lang("edit")}</a></font></td>
</tr>
</list>
<tr>
<td colspan="4" bgcolor="#006600"><font face="Verdana, Arial, Helvetica, sans-serif" size="-1" color="#ffffff">
- ${data.count} ${lang("records")} / ${lang("show_from_to", data.from, data.to)}</font></td>
+ ${encodeHTML(data.count)} ${lang("records")} / ${lang("show_from_to", data.from, data.to)}</font></td>
<td> </td>
</tr>
</table>
<P>
<if (data.prev || data.next)>
- <form method="post" action="${config.actionRoot}">
+ <form method="post" action="${encodeHTML(config.actionRoot)}">
<input type="hidden" name="module" value="Topics">
- <input type="hidden" name="where" value="${data.where}">
+ <input type="hidden" name="where" value="${encodeHTML(data.where)}">
<if data.prev>
<input type="hidden" name="do" value="list">
- <input type="hidden" name="prevoffset" value="${data.prev}">
+ <input type="hidden" name="prevoffset" value="${encodeHTML(data.prev)}">
<input type="submit" name="prev" value="${lang("list.previous")}">
</if>
<if data.next>
<input type="hidden" name="do" value="list">
- <input type="hidden" name="nextoffset" value="${data.next}">
+ <input type="hidden" name="nextoffset" value="${encodeHTML(data.next)}">
<input type="submit" name="next" value="${lang("list.next")}">
</if>
</form>
<body bgcolor="#FFFFFF">
<include "admin/head.template">
-<form action="${config.actionRoot}" method="post">
+<form action="${encodeHTML(config.actionRoot)}" method="post">
<input type="hidden" name="module" value="Users">
- <input type="hidden" name="id" value="${id}">
+ <input type="hidden" name="id" value="${encodeHTML(id)}">
<if new><input type="hidden" name="do" value="insert">
<else><input type="hidden" name="do" value="update"></if>
<table border="0">
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("user.login")}:</B></font></td>
<td>
- <input type="text" size="40" name="login" value="${login}">
+ <input type="text" size="40" name="login" value="${encodeHTML(login)}">
</td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("user.password")}:</B></font></td>
<td>
- <input type="text" size="20" name="password" value="${password}">
+ <input type="text" size="20" name="password" value="${encodeHTML(password)}">
</td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
- <B>${lang("user.admin")}:</B><font color="#CCCCCC">(<a href="${docRoot}/help/users.html#admin" target="_help">?</a>)</font></font></td>
+ <B>${lang("user.admin")}:</B><font color="#CCCCCC">(<a href="${encodeHTML(docRoot)}/help/users.html#admin" target="_help">?</a>)</font></font></td>
<td>
<input type="checkbox" name="is_admin" value="1"<if is_admin=="1"> checked</if>>
</td>
<tr
<if grey=="1"><assign grey="0">bgcolor="#dddddd" <else><assign grey="1"> </if>
>
- <td>${entry.login} </td>
- <td>${entry.is_admin} </td>
- <td><font size="1"> <a href="${config.actionRoot}?module=Users&do=delete&id=${entry.id}">${lang("delete")}</a>
- | <a href="${config.actionRoot}?module=Users&do=edit&id=${entry.id}">${lang("edit")}</a></font></td>
+ <td>${encodeHTML(entry.login)} </td>
+ <td>${encodeHTML(entry.is_admin)} </td>
+ <td><font size="1"> <a href="${encodeHTML(config.actionRoot)}?module=Users&do=delete&id=${encodeHTML(entry.id)}">${lang("delete")}</a>
+ | <a href="${encodeHTML(config.actionRoot)}?module=Users&do=edit&id=${encodeHTML(entry.id)}">${lang("edit")}</a></font></td>
</tr>
</list>
<tr>
- <td colspan="3" bgcolor="#006600"><font color="#ffffff">${data.count} ${lang("records")}
+ <td colspan="3" bgcolor="#006600"><font color="#ffffff">${encodeHTML(data.count)} ${lang("records")}
/ ${lang("show_from_to", data.from, data.to)}</font></td>
<td> </td>
</tr>
<P>
<if data.prev>
- <a href="${actionRoot}?module=Users&do=list&where=${where}&prevoffset=${prev}&prev=zurück">${lang("list.previous")}</a>
+ <a href="${encodeHTML(actionRoot)}?module=Users&do=list&where=${encodeHTML(where)}&prevoffset=${encodeHTML(prev)}&prev=zurück">${lang("list.previous")}</a>
</if>
<if data.next>
-<a href="${actionRoot}?module=Users&do=list&where=${where}&nextoffset=${next}&next=weiter">${lang("list.next")}</a>
+<a href="${encodeHTML(actionRoot)}?module=Users&do=list&where=${encodeHTML(where)}&nextoffset=${encodeHTML(next)}&next=weiter">${lang("list.next")}</a>
</if>
<else>
</head>
<SCRIPT LANGUAGE="JavaScript">
function openWin(url) {
- window.open(url,"vc","scrollbars=0,height=${data.img_height},width=${data.img_width}");
+ window.open(url,"vc","scrollbars=0,height=${encodeHTML(data.img_height)},width=${encodeHTML(data.img_width)}");
}
</SCRIPT>
<body bgcolor="#FFFFFF">
<include "admin/head.template">
<if data.new>
-<form action="${config.actionRoot}?module=Video&do=add" method="post">
+<form action="${encodeHTML(config.actionRoot)}?module=Video&do=add" method="post">
<table border="0">
<tr>
<td align="right" bgcolor="#006600">
</font>
</td>
<td>
- <input type="text" size="3" name="medianum" value="${medianum}"> <input type="submit" value="${lang("open.posting.nr_of_media.submit")}">
+ <input type="text" size="3" name="medianum" value="${encodeHTML(medianum)}"> <input type="submit" value="${lang("open.posting.nr_of_media.submit")}">
</td>
</tr>
</table>
</form>
</if>
-<form enctype="multipart/form-data" method="post" action="${config.actionRoot}?module=Video&do=<if data.new>insert<else>update</if>&id=${data.id}">
+<form enctype="multipart/form-data" method="post" action="${encodeHTML(config.actionRoot)}?module=Video&do=<if data.new>insert<else>update</if>&id=${encodeHTML(data.id)}">
- <input type="hidden" name="where" value="${data.where}">
- <input type="hidden" name="offset" value="${data.offset}">
- <input type="hidden" name="order" value="${data.order}">
- <input type="hidden" name="id" value="${data.id}">
+ <input type="hidden" name="where" value="${encodeHTML(data.where)}">
+ <input type="hidden" name="offset" value="${encodeHTML(data.offset)}">
+ <input type="hidden" name="order" value="${encodeHTML(data.order)}">
+ <input type="hidden" name="id" value="${encodeHTML(data.id)}">
<table border="0">
<if !data.new>
<tr>
<td align="right" bgcolor="#006600">
<font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
- <a href="${config.actionRoot}?module=Video&do=getMedia&id=${data.id}">
- <img src="${config.docRoot}/img/${data.big_icon}" border=0></a></font></td>
+ <a href="${encodeHTML(config.actionRoot)}?module=Video&do=getMedia&id=${encodeHTML(data.id)}">
+ <img src="${encodeHTML(config.docRoot)}/img/${encodeHTML(data.big_icon)}" border=0></a></font></td>
<td valign="bottom"><font color="Silver" face="Verdana, Arial, Helvetica, sans-serif" size=1>
- ${lang("media.created")}: ${data.webdb_create}
- <if data.webdb_lastchange>/ ${lang("media.changed")} ${data.webdb_lastchange}</if><br>
- <if data.is_published=="1">${lang("media.published")}: ${data.publish_date} / ${data.publish_server}${data.publish_path}<br></if>
- ${lang("media.format")}: ${data.mimetype} / ${data.media_descr} / ${data.human_readable_size}<br>
+ ${lang("media.created")}: ${encodeHTML(data.webdb_create)}
+ <if data.webdb_lastchange>/ ${lang("media.changed")} ${encodeHTML(data.webdb_lastchange)}</if><br>
+ <if data.is_published=="1">${lang("media.published")}: ${encodeHTML(data.publish_date)} / ${encodeHTML(data.publish_server)}${encodeHTML(data.publish_path)}<br></if>
+ ${lang("media.format")}: ${encodeHTML(data.mimetype)} / ${encodeHTML(data.media_descr)} / ${encodeHTML(data.human_readable_size)}<br>
${lang("media.rights")}: <b>${data.rightsHashdata[to_rights]["name"]}</b><br>
</td>
</tr>
<td>
<select name="to_media_folder">
<list extra.mediafolderPopupData as m>
- <option value="${m.key}" <if m.key == data.to_media_folder>selected</if>>${m.value}</option>
+ <option value="${encodeHTML(m.key)}" <if m.key == data.to_media_folder>selected</if>>${encodeHTML(m.value)}</option>
</list>
</select>
</td>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.description")}:</B></font></td>
- <td><input type="text" size="40" maxlength="255" name="description" value="${data.description}"></td>
+ <td><input type="text" size="40" maxlength="255" name="description" value="${encodeHTML(data.description)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.date")}:</B></font></td>
- <td><input type="text" size="8" maxlength="8" name="date" value="${data.date}">
- <input type="text" size="20" maxlength="40" name="year" value="${data.year}"></td>
+ <td><input type="text" size="8" maxlength="8" name="date" value="${encodeHTML(data.date)}">
+ <input type="text" size="20" maxlength="40" name="year" value="${encodeHTML(data.year)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.location")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="place" value="${data.place}"></td>
+ <td><input type="text" size="40" maxlength="80" name="place" value="${encodeHTML(data.place)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.creator")}:</B></font></td>
<td>
- <input type="text" size="40" maxlength="80" name="creator" value="${data.creator}">
+ <input type="text" size="40" maxlength="80" name="creator" value="${encodeHTML(data.creator)}">
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.keywords")}:</B></font></td>
- <td><textarea cols="40" rows="2" name="keywords">${data.keywords}</textarea></td>
+ <td><textarea cols="40" rows="2" name="keywords">${encodeHTML(data.keywords)}</textarea></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.comment")}:</B></font></td>
- <td><textarea cols="40" rows="2" name="comment">${data.comment}</textarea></td>
+ <td><textarea cols="40" rows="2" name="comment">${encodeHTML(data.comment)}</textarea></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("media.source")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="source" value="${data.source}"></td>
+ <td><input type="text" size="40" maxlength="80" name="source" value="${encodeHTML(data.source)}"></td>
</tr>
<tr>
<td colspan="2" align="right"> <font color="black">
<B>${lang("media.title")}:<B>
</font> </td>
<td>
- <input type="text" name="media_title${m}" size="40" maxlength="80" value="">
+ <input type="text" name="media_title${encodeHTML(m)}" size="40" maxlength="80" value="">
</td>
</tr>
<tr>
<td bgcolor="#006600"></td>
<td>
- <INPUT TYPE="file" NAME="mpfile${m}"><br>
+ <INPUT TYPE="file" NAME="mpfile${encodeHTML(m)}"><br>
</td>
</tr>
</list>
<B>${lang("media.title")}:<B>
</font> </td>
<td>
- <input type="text" name="title" size="40" maxlength="80" value="${data.title}">
+ <input type="text" name="title" size="40" maxlength="80" value="${encodeHTML(data.title)}">
</td>
</tr>
</if>
projects / mir.git / commitdiff