<form method="post" action="${config.actionRoot}">
<input type="hidden" name="module" value="Comment">
- <input type="hidden" name="where" value="${data.where}">
- <input type="hidden" name="offset" value="${data.offset}">
- <input type="hidden" name="order" value="${data.order}">
- <input type="hidden" name="id" value="${data.id}">
- <input type="hidden" name="date" value="${data.date}">
- <input type="hidden" name="to_media" value="${data.to_media}">
+ <input type="hidden" name="where" value="${utility.encodeHTML(data.where)}">
+ <input type="hidden" name="offset" value="${utility.encodeHTML(data.offset)}">
+ <input type="hidden" name="order" value="${utility.encodeHTML(data.order)}">
+ <input type="hidden" name="id" value="${utility.encodeHTML(data.id)}">
+ <input type="hidden" name="date" value="${utility.encodeHTML(data.date)}">
+ <input type="hidden" name="to_media" value="${utility.encodeHTML(data.to_media)}">
<if new> <input type="hidden" name="do" value="insert">
<else> <input type="hidden" name="do" value="update">
</if>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.date")}:</B></font></td>
- <td>${data.date}</td>
+ <td>${utility.encodeHTML(utility.encodeHTML(data.date))}</td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.title")}:</B></font></td>
- <td><input type="text" size="40" maxlength="255" name="title" value="${data.title}"></td>
+ <td><input type="text" size="40" maxlength="255" name="title" value="${utility.encodeHTML(data.title)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.creator")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="creator" value="${data.creator}"></td>
+ <td><input type="text" size="40" maxlength="80" name="creator" value="${utility.encodeHTML(data.creator)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.url")}:</B></font></td>
- <td><input type="text" size="40" maxlength="255" name="main_url" value="${data.main_url}"></td>
+ <td><input type="text" size="40" maxlength="255" name="main_url" value="${utility.encodeHTML(data.main_url)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.email")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="email" value="${data.email}"></td>
+ <td><input type="text" size="40" maxlength="80" name="email" value="${utility.encodeHTML(data.email)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.phone")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="phone" value="${data.phone}"></td>
+ <td><input type="text" size="40" maxlength="80" name="phone" value="${utility.encodeHTML(data.phone)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.address")}:</B></font></td>
- <td><input type="text" size="40" maxlength="80" name="address" value="${data.address}"></td>
+ <td><input type="text" size="40" maxlength="80" name="address" value="${utility.encodeHTML(data.address)}"></td>
</tr>
<tr>
<td align="right" bgcolor="#006600"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="-1">
<B>${lang("comment.text")}:</B></font></td>
- <td><textarea cols="40" rows="10" name="description" wrap="virtual">${data.description}</textarea></td>
+ <td><textarea cols="40" rows="10" name="description" wrap="virtual">${utility.encodeHTML(data.description)}</textarea></td>
</tr>
<td colspan="2" align="right"> <font color="black">
<include "admin/head.template">
<form method="post" action="${config.actionRoot}">
<input type="hidden" name="module" value="Content">
- <input type="hidden" name="where" value="${data.where}">
- <input type="hidden" name="offset" value="${data.offset}">
- <input type="hidden" name="order" value="${data.order}">
- <input type="hidden" name="id" value="${data.id}">
+ <input type="hidden" name="where" value="${utility.encodeHTML(data.where)}">
+ <input type="hidden" name="offset" value="${utility.encodeHTML(data.offset)}">
+ <input type="hidden" name="order" value="${utility.encodeHTML(data.order)}">
+ <input type="hidden" name="id" value="${utility.encodeHTML(data.id)}">
<if data.new>
<input type="hidden" name="do" value="insert">
<else>
<b>${lang("content.owner")}:</b>
</td>
<td>
- ${data.login_user.login}
+ ${utility.encodeHTML(data.login_user.login)}
</td>
</font>
<td colspan="3"> </td>
<b>${lang("content.import_date")}:</b>
</td>
<td>
- ${data.date}
+ ${utility.encodeHTML(data.date)}
</td>
</font>
<td colspan="3"> </td>
<b>${lang("content.lastchange_date")}:</b>
</td>
<td>
- ${data.webdb_lastchange}
+ ${utility.encodeHTML(data.webdb_lastchange)}
<br>
</td>
</font>
<b>${lang("content.create_date")}:</b>
</td>
<td colspan="3">
- ${data.webdb_create}<br><br>${lang("edit")} (yyyy-mm-dd [HH:mm]):
+ ${utility.encodeHTML(data.webdb_create)}<br><br>${lang("edit")} (yyyy-mm-dd [HH:mm]):
<input type="text" size="10" maxlength="16" name="webdb_create" value="">
<br>
</td>
</font></B>
</td>
<td colspan="4">
- <input type="text" size="40" name="title" value="${data.title}"><br>
- <input type="text" size="20" name="subtitle" value="${data.subtitle}">
- <input type="text" size="20" name="edittitle" value="${data.edittitle}">
+ <input type="text" size="40" name="title" value="${utility.encodeHTML(data.title)}"><br>
+ <input type="text" size="20" name="subtitle" value="${utility.encodeHTML(data.subtitle)}">
+ <input type="text" size="20" name="edittitle" value="${utility.encodeHTML(data.edittitle)}">
</td>
</tr>
<tr>
</font></B>
</td>
<td colspan="4" >
- <input type="text" size="40" name="place" value="${data.place}">
+ <input type="text" size="40" name="place" value="${utility.encodeHTML(data.place)}">
</td>
</tr>
<tr>
<img src="${config.docRoot}/img/help.gif" border="0" align="absmiddle"></a></font>
</td>
<td colspan="4">
- <input type="text" size="40" name="creator" value="${data.creator}"><br>
+ <input type="text" size="40" name="creator" value="${utility.encodeHTML(data.creator)}"><br>
</td>
</tr>
<img src="${config.docRoot}/img/help.gif" border="0" align="absmiddle"></a></font>
</td>
<td colspan="4" >
- <input type="text" size="20" name="creator_email" value="${data.creator_email}">
- <input type="text" size="20" name="creator_main_url" value="${data.creator_main_url}">
+ <input type="text" size="20" name="creator_email" value="${utility.encodeHTML(data.creator_email)}">
+ <input type="text" size="20" name="creator_main_url" value="${utility.encodeHTML(data.creator_main_url)}">
</td>
</tr>
<tr>
<img src="${config.docRoot}/img/help.gif" border="0" align="absmiddle"></a></font>
</td>
<td colspan="4" >
- <input type="text" size="20" name="creator_address" value="${data.creator_address}">
- <input type="text" size="20" name="creator_phone" value="${data.creator_phone}">
+ <input type="text" size="20" name="creator_address" value="${utility.encodeHTML(data.creator_address)}">
+ <input type="text" size="20" name="creator_phone" value="${utility.encodeHTML(data.creator_phone)}">
</td>
</tr>
<tr>
<img src="${config.docRoot}/img/help.gif" border="0" align="absmiddle"></a>
</td>
<td colspan="4">
- <textarea cols="50" rows="15" name="description" wrap=virtual>${data.description}</textarea>
+ <textarea cols="50" rows="15" name="description" wrap=virtual>${utility.encodeHTML(data.description)}</textarea>
</td>
</tr>
<img src="${config.docRoot}/img/help.gif" border="0" align="absmiddle"></a>
</font></b></td>
<td colspan="4">
- <textarea cols="50" rows="20" name="content_data" wrap=virtual>${data.content_data}</textarea></td>
+ <textarea cols="50" rows="20" name="content_data" wrap=virtual>${utility.encodeHTML(data.content_data)}</textarea></td>
</tr>
-<!--
+<comment>
<tr>
<td align="right" valign="top" bgcolor="#aaaaaa"><B><font color="#ffffff">Termin (von/bis)
<font color="#000000">
<input type="text" size="25" name="date_name" value="${data.date_name}">
</td>
</tr>
--->
+</comment>
<tr>
<td align="right" valign="top" bgcolor="#aaaaaa">
<B><font color="#ffffff">${lang("content.comment")}:</B><br>
<i>${lang("content.internal")}</i></font>
</td>
<td colspan="4">
- <textarea cols="50" rows="6" name="comment" wrap=virtual>${data.comment}</textarea>
+ <textarea cols="50" rows="6" name="comment" wrap=virtual>${utility.encodeHTML(data.comment)}</textarea>
</td>
</tr>