Merge pull request #1395 from fabrixxm/escape_input_values

Escape values to input fields (and some 'title' and 'alt')
This commit is contained in:
Tobias Diekershoff 2015-02-16 09:56:00 +01:00
commit b86b6e8e77
64 changed files with 209 additions and 186 deletions

View File

@ -40,3 +40,8 @@
<li class='admin link button {{$admin.logs.2}}'><a href='{{$admin.logs.0}}'>{{$admin.logs.1}}</a></li>
</ul>
<h4>{{$diagnosticstxt}}</h4>
<ul class='admin linklist'>
<li class='admin link {{$admin.diagnostics_probe.2}}'><a href="{{$admin.diagnostics_probe.0}}">{{$admin.diagnostics_probe.1}}</a></li>
<li class='admin link {{$admin.diagnostics_webfinger.2}}'><a href="{{$admin.diagnostics_webfinger.0}}">{{$admin.diagnostics_webfinger.1}}</a></li>
</ul>

View File

@ -2,13 +2,13 @@
<h1>{{$title}} - {{$page}}</h1>
<form action="{{$baseurl}}/admin/logs" method="post">
<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
<input type='hidden' name='form_security_token' value="{{$form_security_token|escape:'html'}}">
{{include file="field_checkbox.tpl" field=$debugging}}
{{include file="field_input.tpl" field=$logfile}}
{{include file="field_select.tpl" field=$loglevel}}
<div class="submit"><input type="submit" name="page_logs" value="{{$submit}}" /></div>
<div class="submit"><input type="submit" name="page_logs" value="{{$submit|escape:'html'}}" /></div>
</form>

View File

@ -66,7 +66,7 @@
<h1>Friendica Update</h1>
<div class="panel_text"></div>
<div class="panel_actions">
<input type="button" value="{{$close}}" class="panel_action_close">
<input type="button" value="{{$close|escape:'html'}}" class="panel_action_close">
</div>
</div>
</div>
@ -77,10 +77,10 @@
<dl> <dt>New version:</dt><dd>{{$remoteversion}}</dd> </dl>
<form id="remoteupdate_form" method="POST" action="{{$baseurl}}/admin/update">
<input type="hidden" name="{{$remotefile.0}}" value="{{$remotefile.2}}">
<input type="hidden" name="{{$remotefile.0}}" value="{{$remotefile.2|escape:'html'}}">
{{if $canwrite}}
<div class="submit"><input type="submit" name="remoteupdate" value="{{$submit}}" /></div>
<div class="submit"><input type="submit" name="remoteupdate" value="{{$submit|escape:'html'}}" /></div>
{{else}}
<h3>Your friendica installation is not writable by web server.</h3>
{{if $canftp}}
@ -89,7 +89,7 @@
{{include file="field_input.tpl" field=$ftppath}}
{{include file="field_input.tpl" field=$ftpuser}}
{{include file="field_password.tpl" field=$ftppwd}}
<div class="submit"><input type="submit" name="remoteupdate" value="{{$submit}}" /></div>
<div class="submit"><input type="submit" name="remoteupdate" value="{{$submit|escape:'html'}}" /></div>
{{/if}}
{{/if}}
</form>

View File

@ -46,7 +46,10 @@
{{include file="field_input.tpl" field=$sitename}}
{{include file="field_input.tpl" field=$hostname}}
{{include file="field_input.tpl" field=$sender_email}}
{{include file="field_textarea.tpl" field=$banner}}
{{include file="field_input.tpl" field=$shortcut_icon}}
{{include file="field_input.tpl" field=$touch_icon}}
{{include file="field_textarea.tpl" field=$info}}
{{include file="field_select.tpl" field=$language}}
{{include file="field_select.tpl" field=$theme}}
@ -58,7 +61,7 @@
{{include file="field_select.tpl" field=$singleuser}}
<div class="submit"><input type="submit" name="page_site" value="{{$submit}}" /></div>
<div class="submit"><input type="submit" name="page_site" value="{{$submit|escape:'html'}}" /></div>
<h3>{{$registration}}</h3>
{{include file="field_input.tpl" field=$register_text}}
@ -68,7 +71,7 @@
{{include file="field_checkbox.tpl" field=$no_openid}}
{{include file="field_checkbox.tpl" field=$no_regfullname}}
<div class="submit"><input type="submit" name="page_site" value="{{$submit}}" /></div>
<div class="submit"><input type="submit" name="page_site" value="{{$submit|escape:'html'}}" /></div>
<h3>{{$upload}}</h3>
{{include file="field_input.tpl" field=$maximagesize}}
@ -80,7 +83,8 @@
{{include file="field_input.tpl" field=$allowed_email}}
{{include file="field_checkbox.tpl" field=$block_public}}
{{include file="field_checkbox.tpl" field=$force_publish}}
{{include file="field_checkbox.tpl" field=$no_community_page}}
{{include file="field_select.tpl" field=$community_page_style}}
{{include file="field_input.tpl" field=$max_author_posts_community_page}}
{{include file="field_checkbox.tpl" field=$ostatus_disabled}}
{{include file="field_select.tpl" field=$ostatus_poll_interval}}
{{include file="field_checkbox.tpl" field=$diaspora_enabled}}
@ -92,7 +96,7 @@
{{include file="field_checkbox.tpl" field=$private_addons}}
{{include file="field_checkbox.tpl" field=$disable_embedded}}
{{include file="field_checkbox.tpl" field=$allow_users_remote_self}}
<div class="submit"><input type="submit" name="page_site" value="{{$submit}}" /></div>
<div class="submit"><input type="submit" name="page_site" value="{{$submit|escape:'html'}}" /></div>
<h3>{{$advanced}}</h3>
{{include file="field_checkbox.tpl" field=$no_utf}}
@ -108,15 +112,17 @@
{{include file="field_input.tpl" field=$temppath}}
{{include file="field_input.tpl" field=$basepath}}
{{include file="field_checkbox.tpl" field=$suppress_language}}
{{include file="field_checkbox.tpl" field=$suppress_tags}}
<h3>{{$performance}}</h3>
{{include file="field_checkbox.tpl" field=$disable_noscrape}}
{{include file="field_checkbox.tpl" field=$use_fulltext_engine}}
{{include file="field_checkbox.tpl" field=$only_tag_search}}
{{include file="field_input.tpl" field=$itemcache}}
{{include file="field_input.tpl" field=$itemcache_duration}}
{{include file="field_input.tpl" field=$max_comments}}
{{include file="field_checkbox.tpl" field=$proxy_disabled}}
<div class="submit"><input type="submit" name="page_site" value="{{$submit}}" /></div>
{{include file="field_checkbox.tpl" field=$old_pager}}
<div class="submit"><input type="submit" name="page_site" value="{{$submit|escape:'html'}}" /></div>
</form>
@ -125,8 +131,8 @@
<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
<h3>{{$relocate}}</h3>
{{include file="field_input.tpl" field=$relocate_url}}
<input type="hidden" name="page_site" value="{{$submit}}">
<div class="submit"><input type="submit" name="relocate" value="{{$submit}}" /></div>
<input type="hidden" name="page_site" value="{{$submit|escape:'html'}}">
<div class="submit"><input type="submit" name="relocate" value="{{$submit|escape:'html'}}" /></div>
</form>
</div>

View File

@ -43,7 +43,7 @@
</tbody>
</table>
<div class='selectall'><a href='#' onclick="return selectall('pending_ckbx');">{{$select_all}}</a></div>
<div class="submit"><input type="submit" name="page_users_deny" value="{{$deny}}"/> <input type="submit" name="page_users_approve" value="{{$approve}}" /></div>
<div class="submit"><input type="submit" name="page_users_deny" value="{{$deny|escape:'html'}}"/> <input type="submit" name="page_users_approve" value="{{$approve|escape:'html'}}" /></div>
{{else}}
<p>{{$no_pending}}</p>
{{/if}}
@ -88,7 +88,7 @@
</tbody>
</table>
<div class='selectall'><a href='#' onclick="return selectall('users_ckbx');">{{$select_all}}</a></div>
<div class="submit"><input type="submit" name="page_users_block" value="{{$block}}/{{$unblock}}" /> <input type="submit" name="page_users_delete" value="{{$delete}}" onclick="return confirm_delete_multi()" /></div>
<div class="submit"><input type="submit" name="page_users_block" value="{{$block|escape:'html'}}/{{$unblock|escape:'html'}}" /> <input type="submit" name="page_users_delete" value="{{$delete|escape:'html'}}" onclick="return confirm_delete_multi()" /></div>
{{else}}
NO USERS?!?
{{/if}}
@ -133,6 +133,6 @@
</tr>
</tbody>
</table>
<div class="submit"><input type="submit" name="add_new_user_submit" value="{{$submit}}" /></div>
<div class="submit"><input type="submit" name="add_new_user_submit" value="{{$submit|escape:'html'}}" /></div>
</form>
</div>

View File

@ -4,12 +4,12 @@
<label id="photo-album-edit-name-label" for="photo-album-edit-name" >{{$nametext}}</label>
<input type="text" size="64" name="albumname" value="{{$album}}" >
<input type="text" size="64" name="albumname" value="{{$album|escape:'html'}}" >
<div id="photo-album-edit-name-end"></div>
<input id="photo-album-edit-submit" type="submit" name="submit" value="{{$submit}}" />
<input id="photo-album-edit-drop" type="submit" name="dropalbum" value="{{$dropsubmit}}" onclick="return confirmDelete();" />
<input id="photo-album-edit-submit" type="submit" name="submit" value="{{$submit|escape:'html'}}" />
<input id="photo-album-edit-drop" type="submit" name="dropalbum" value="{{$dropsubmit|escape:'html'}}" onclick="return confirmDelete();" />
</form>
</div>

View File

@ -26,9 +26,9 @@
<label id="dfrn-url-label" for="dfrn-url" >{{$your_address}}</label>
{{if $myaddr}}
{{$myaddr}}
<input type="hidden" name="dfrn_url" id="dfrn-url" size="32" value="{{$myaddr}}" />
<input type="hidden" name="dfrn_url" id="dfrn-url" size="32" value="{{$myaddr|escape:'html'}}" />
{{else}}
<input type="text" name="dfrn_url" id="dfrn-url" size="32" value="{{$myaddr}}" />
<input type="text" name="dfrn_url" id="dfrn-url" size="32" value="{{$myaddr|escape:'html'}}" />
{{/if}}
<div id="dfrn-request-url-end"></div>
</div>
@ -39,7 +39,7 @@
</div>
<div id="dfrn-request-submit-wrapper">
<input type="submit" name="submit" id="dfrn-request-submit-button" value="{{$submit}}" />
<input type="submit" name="cancel" id="dfrn-request-cancel-button" value="{{$cancel}}" />
<input type="submit" name="submit" id="dfrn-request-submit-button" value="{{$submit|escape:'html'}}" />
<input type="submit" name="cancel" id="dfrn-request-cancel-button" value="{{$cancel|escape:'html'}}" />
</div>
</form>

View File

@ -22,14 +22,14 @@
<select id="qcomment-select-{{$id}}" name="qcomment-{{$id}}" class="qcomment" onchange="qCommentInsert(this,{{$id}});" >
<option value=""></option>
{{foreach $qcomment as $qc}}
<option value="{{$qc}}">{{$qc}}</option>
<option value="{{$qc|escape:'html'}}">{{$qc}}</option>
{{/foreach}}
</select>
{{/if}}
<div class="comment-edit-text-end"></div>
<div class="comment-edit-submit-wrapper" id="comment-edit-submit-wrapper-{{$id}}" style="display: none;" >
<input type="submit" onclick="post_comment({{$id}}); return false;" id="comment-edit-submit-{{$id}}" class="comment-edit-submit" name="submit" value="{{$submit}}" />
<input type="submit" onclick="post_comment({{$id}}); return false;" id="comment-edit-submit-{{$id}}" class="comment-edit-submit" name="submit" value="{{$submit|escape:'html'}}" />
{{if $preview}}<span onclick="preview_comment({{$id}});" id="comment-edit-preview-link-{{$id}}" class="fakelink">{{$preview}}</span>{{/if}}
<div id="comment-edit-preview-{{$id}}" class="comment-edit-preview" style="display:none;"></div>
</div>

View File

@ -4,11 +4,11 @@
<span id="confirm-message">{{$message}}</span>
{{foreach $extra_inputs as $input}}
<input type="hidden" name="{{$input.name}}" value="{{$input.value}}" />
<input type="hidden" name="{{$input.name}}" value="{{$input.value|escape:'html'}}" />
{{/foreach}}
<input class="confirm-button" id="confirm-submit-button" type="submit" name="{{$confirm_name}}" value="{{$confirm}}" />
<input class="confirm-button" id="confirm-cancel-button" type="submit" name="canceled" value="{{$cancel}}" />
<input class="confirm-button" id="confirm-submit-button" type="submit" name="{{$confirm_name}}" value="{{$confirm|escape:'html'}}" />
<input class="confirm-button" id="confirm-cancel-button" type="submit" name="canceled" value="{{$cancel|escape:'html'}}" />
</form>
</center>

View File

@ -73,7 +73,7 @@
<div id="contact-edit-info-wrapper">
<h4>{{$lbl_info1}}</h4>
<textarea id="contact-edit-info" rows="8" cols="60" name="info">{{$info}}</textarea>
<input class="contact-edit-submit" type="submit" name="submit" value="{{$submit}}" />
<input class="contact-edit-submit" type="submit" name="submit" value="{{$submit|escape:'html'}}" />
</div>
<div id="contact-edit-info-end"></div>
@ -85,7 +85,7 @@
{{$profile_select}}
<div id="contact-edit-profile-select-end"></div>
<input class="contact-edit-submit" type="submit" name="submit" value="{{$submit}}" />
<input class="contact-edit-submit" type="submit" name="submit" value="{{$submit|escape:'html'}}" />
</form>
</div>

View File

@ -6,8 +6,8 @@
<div id="contacts-search-wrapper">
<form id="contacts-search-form" action="{{$cmd}}" method="get" >
<span class="contacts-search-desc">{{$desc}}</span>
<input type="text" name="search" id="contacts-search" class="search-input" onfocus="this.select();" value="{{$search}}" />
<input type="submit" name="submit" id="contacts-search-submit" value="{{$submit}}" />
<input type="text" name="search" id="contacts-search" class="search-input" onfocus="this.select();" value="{{$search|escape:'html'}}" />
<input type="submit" name="submit" id="contacts-search-submit" value="{{$submit|escape:'html'}}" />
</form>
</div>
<div id="contacts-search-end"></div>
@ -21,7 +21,7 @@
<div id="contact-edit-end"></div>
<div id="contacts-actions">
{{foreach $batch_actions as $n=>$l}}
<input class="batch-action" name="{{$n}}" value="{{$l}}" type="submit">
<input class="batch-action" name="{{$n}}" value="{{$l|escape:'html'}}" type="submit">
{{/foreach}}
</div>
</form>

View File

@ -3,35 +3,35 @@
<h4>{{$contact_name}}</h4>
<label id="crepair-name-label" class="crepair-label" for="crepair-name">{{$label_name}}</label>
<input type="text" id="crepair-name" class="crepair-input" name="name" value="{{$contact_name}}" />
<input type="text" id="crepair-name" class="crepair-input" name="name" value="{{$contact_name|escape:'html'}}" />
<div class="clear"></div>
<label id="crepair-nick-label" class="crepair-label" for="crepair-nick">{{$label_nick}}</label>
<input type="text" id="crepair-nick" class="crepair-input" name="nick" value="{{$contact_nick}}" />
<input type="text" id="crepair-nick" class="crepair-input" name="nick" value="{{$contact_nick|escape:'html'}}" />
<div class="clear"></div>
<label id="crepair-attag-label" class="crepair-label" for="crepair-attag">{{$label_attag}}</label>
<input type="text" id="crepair-attag" class="crepair-input" name="attag" value="{{$contact_attag}}" />
<input type="text" id="crepair-attag" class="crepair-input" name="attag" value="{{$contact_attag|escape:'html'}}" />
<div class="clear"></div>
<label id="crepair-url-label" class="crepair-label" for="crepair-url">{{$label_url}}</label>
<input type="text" id="crepair-url" class="crepair-input" name="url" value="{{$contact_url}}" />
<input type="text" id="crepair-url" class="crepair-input" name="url" value="{{$contact_url|escape:'html'}}" />
<div class="clear"></div>
<label id="crepair-request-label" class="crepair-label" for="crepair-request">{{$label_request}}</label>
<input type="text" id="crepair-request" class="crepair-input" name="request" value="{{$request}}" />
<input type="text" id="crepair-request" class="crepair-input" name="request" value="{{$request|escape:'html'}}" />
<div class="clear"></div>
<label id="crepair-confirm-label" class="crepair-label" for="crepair-confirm">{{$label_confirm}}</label>
<input type="text" id="crepair-confirm" class="crepair-input" name="confirm" value="{{$confirm}}" />
<input type="text" id="crepair-confirm" class="crepair-input" name="confirm" value="{{$confirm|escape:'html'}}" />
<div class="clear"></div>
<label id="crepair-notify-label" class="crepair-label" for="crepair-notify">{{$label_notify}}</label>
<input type="text" id="crepair-notify" class="crepair-input" name="notify" value="{{$notify}}" />
<input type="text" id="crepair-notify" class="crepair-input" name="notify" value="{{$notify|escape:'html'}}" />
<div class="clear"></div>
<label id="crepair-poll-label" class="crepair-label" for="crepair-poll">{{$label_poll}}</label>
<input type="text" id="crepair-poll" class="crepair-input" name="poll" value="{{$poll}}" />
<input type="text" id="crepair-poll" class="crepair-input" name="poll" value="{{$poll|escape:'html'}}" />
<div class="clear"></div>
<label id="crepair-photo-label" class="crepair-label" for="crepair-photo">{{$label_photo}}</label>
@ -42,7 +42,7 @@
{{include file="field_select.tpl" field=$remote_self}}
{{/if}}
<input type="submit" name="submit" value="{{$lbl_submit}}" />
<input type="submit" name="submit" value="{{$lbl_submit|escape:'html'}}" />
</form>

View File

@ -52,7 +52,7 @@
<input type="hidden" name="width" id="width" />
<div id="crop-image-submit-wrapper" >
<input type="submit" name="submit" value="{{$done}}" />
<input type="submit" name="submit" value="{{$done|escape:'html'}}" />
</div>
</form>

View File

@ -17,6 +17,6 @@
<div id="dfrn-request-homecoming-submit-wrapper" >
<input id="dfrn-request-homecoming-submit" type="submit" name="submit" value="{{$submit}}" />
<input id="dfrn-request-homecoming-submit" type="submit" name="submit" value="{{$submit|escape:'html'}}" />
</div>
</form>

View File

@ -25,9 +25,9 @@
<label id="dfrn-url-label" for="dfrn-url" >{{$your_address}}</label>
{{if $myaddr}}
{{$myaddr}}
<input type="hidden" name="dfrn_url" id="dfrn-url" size="32" value="{{$myaddr}}" />
<input type="hidden" name="dfrn_url" id="dfrn-url" size="32" value="{{$myaddr|escape:'html'}}" />
{{else}}
<input type="text" name="dfrn_url" id="dfrn-url" size="32" value="{{$myaddr}}" />
<input type="text" name="dfrn_url" id="dfrn-url" size="32" value="{{$myaddr|escape:'html'}}" />
{{/if}}
<div id="dfrn-request-url-end"></div>
</div>
@ -69,7 +69,7 @@
</div>
<div id="dfrn-request-submit-wrapper">
<input type="submit" name="submit" id="dfrn-request-submit-button" value="{{$submit}}" />
<input type="submit" name="cancel" id="dfrn-request-cancel-button" value="{{$cancel}}" />
<input type="submit" name="submit" id="dfrn-request-submit-button" value="{{$submit|escape:'html'}}" />
<input type="submit" name="cancel" id="dfrn-request-cancel-button" value="{{$cancel|escape:'html'}}" />
</div>
</form>

View File

@ -9,8 +9,8 @@
<div id="directory-search-wrapper">
<form id="directory-search-form" action="directory" method="get" >
<span class="dirsearch-desc">{{$desc}}</span>
<input type="text" name="search" id="directory-search" class="search-input" onfocus="this.select();" value="{{$search}}" />
<input type="submit" name="submit" id="directory-search-submit" value="{{$submit}}" class="button" />
<input type="text" name="search" id="directory-search" class="search-input" onfocus="this.select();" value="{{$search|escape:'html'}}" />
<input type="submit" name="submit" id="directory-search-submit" value="{{$submit|escape:'html'}}" class="button" />
</form>
</div>
<div id="directory-search-end"></div>

View File

@ -28,7 +28,7 @@
<div id="event-adjust-break"></div>
<div id="event-summary-text">{{$t_text}}</div>
<input type="text" id="event-summary" name="summary" value="{{$t_orig}}" />
<input type="text" id="event-summary" name="summary" value="{{$t_orig|escape:'html'}}" />
<div id="event-desc-text">{{$d_text}}</div>
@ -44,7 +44,7 @@
{{$acl}}
<div class="clear"></div>
<input id="event-submit" type="submit" name="submit" value="{{$submit}}" />
<input id="event-submit" type="submit" name="submit" value="{{$submit|escape:'html'}}" />
</form>

View File

@ -4,13 +4,13 @@
{{* html5 don't work on Chrome, Safari and IE9
<input id="id_{{$field.0}}" type="text" list="data_{{$field.0}}" >
<datalist id="data_{{$field.0}}" >
{{foreach $field.4 as $opt=>$val}}<option value="{{$val}}">{{/foreach}}
{{foreach $field.4 as $opt=>$val}}<option value="{{$val|escape:'html'}}">{{/foreach}}
</datalist> *}}
<input id="id_{{$field.0}}" type="text" value="{{$field.2}}">
<select id="select_{{$field.0}}" onChange="$('#id_{{$field.0}}').val($(this).val())">
<option value="">{{$field.5}}</option>
{{foreach $field.4 as $opt=>$val}}<option value="{{$val}}">{{$val}}</option>{{/foreach}}
{{foreach $field.4 as $opt=>$val}}<option value="{{$val|escape:'html'}}">{{$val}}</option>{{/foreach}}
</select>
<span class='field_help'>{{$field.3}}</span>

View File

@ -1,6 +1,6 @@
<div class='field input' id='wrapper_{{$field.0}}'>
<label for='id_{{$field.0}}'>{{$field.1}}</label>
<input{{if $field.6 eq 'email'}} type='email'{{elseif $field.6 eq 'url'}} type='url'{{/if}} name='{{$field.0}}' id='id_{{$field.0}}' value="{{$field.2}}"{{if $field.4 eq 'required'}} required{{/if}}{{if $field.5 eq 'autofocus'}} autofocus{{/if}}>
<input{{if $field.6 eq 'email'}} type='email'{{elseif $field.6 eq 'url'}} type='url'{{/if}} name='{{$field.0}}' id='id_{{$field.0}}' value="{{$field.2|escape:'html'}}"{{if $field.4 eq 'required'}} required{{/if}}{{if $field.5 eq 'autofocus'}} autofocus{{/if}}>
<span class='field_help'>{{$field.3}}</span>
</div>

View File

@ -2,6 +2,6 @@
<div class='field checkbox'>
<label for='id_{{$field.0}}'>{{$field.1}}</label>
<input type="checkbox" name='{{$field.0}}' id='id_{{$field.0}}' value="{{$field.3}}" {{if $field.2}}checked="true"{{/if}}>
<input type="checkbox" name='{{$field.0}}' id='id_{{$field.0}}' value="{{$field.3|escape:'html'}}" {{if $field.2}}checked="true"{{/if}}>
<span class='field_help'>{{$field.4}}</span>
</div>

View File

@ -1,6 +1,6 @@
<div class='field input openid' id='wrapper_{{$field.0}}'>
<label for='id_{{$field.0}}'>{{$field.1}}</label>
<input name='{{$field.0}}' id='id_{{$field.0}}' value="{{$field.2}}">
<input name='{{$field.0}}' id='id_{{$field.0}}' value="{{$field.2|escape:'html'}}">
<span class='field_help'>{{$field.3}}</span>
</div>

View File

@ -1,6 +1,6 @@
<div class='field password' id='wrapper_{{$field.0}}'>
<label for='id_{{$field.0}}'>{{$field.1}}</label>
<input type='password' name='{{$field.0}}' id='id_{{$field.0}}' value="{{$field.2}}"{{if $field.4 eq 'required'}} required{{/if}}{{if $field.5 eq 'autofocus'}} autofocus{{/if}}>
<input type='password' name='{{$field.0}}' id='id_{{$field.0}}' value="{{$field.2|escape:'html'}}"{{if $field.4 eq 'required'}} required{{/if}}{{if $field.5 eq 'autofocus'}} autofocus{{/if}}>
<span class='field_help'>{{$field.3}}</span>
</div>

View File

@ -2,6 +2,6 @@
<div class='field radio'>
<label for='id_{{$field.0}}_{{$field.2}}'>{{$field.1}}</label>
<input type="radio" name='{{$field.0}}' id='id_{{$field.0}}_{{$field.2}}' value="{{$field.2}}" {{if $field.4}}checked="true"{{/if}}>
<input type="radio" name='{{$field.0}}' id='id_{{$field.0}}_{{$field.2}}' value="{{$field.2|escape:'html'}}" {{if $field.4}}checked="true"{{/if}}>
<span class='field_help'>{{$field.3}}</span>
</div>

View File

@ -3,7 +3,7 @@
<div class='field select'>
<label for='id_{{$field.0}}'>{{$field.1}}</label>
<select name='{{$field.0}}' id='id_{{$field.0}}'>
{{foreach $field.4 as $opt=>$val}}<option value="{{$opt}}" {{if $opt==$field.2}}selected="selected"{{/if}}>{{$val}}</option>{{/foreach}}
{{foreach $field.4 as $opt=>$val}}<option value="{{$opt|escape:'html'}}" {{if $opt==$field.2}}selected="selected"{{/if}}>{{$val}}</option>{{/foreach}}
</select>
<span class='field_help'>{{$field.3}}</span>
</div>

View File

@ -3,7 +3,7 @@
<div class='field select'>
<label for='id_{{$field.0}}'>{{$field.1}}</label>
<select name='{{$field.0}}' id='id_{{$field.0}}' {{if $field.5}}onchange="previewTheme(this);"{{/if}} >
{{foreach $field.4 as $opt=>$val}}<option value="{{$opt}}" {{if $opt==$field.2}}selected="selected"{{/if}}>{{$val}}</option>{{/foreach}}
{{foreach $field.4 as $opt=>$val}}<option value="{{$opt|escape:'html'}}" {{if $opt==$field.2}}selected="selected"{{/if}}>{{$val}}</option>{{/foreach}}
</select>
<span class='field_help'>{{$field.3}}</span>
{{if $field.5}}<div id="theme-preview"></div>{{/if}}

View File

@ -2,7 +2,7 @@
<div class='field yesno'>
<label for='id_{{$field.0}}'>{{$field.1}}</label>
<div class='onoff' id="id_{{$field.0}}_onoff">
<input type="hidden" name='{{$field.0}}' id='id_{{$field.0}}' value="{{$field.2}}">
<input type="hidden" name='{{$field.0}}' id='id_{{$field.0}}' value="{{$field.2|escape:'html'}}">
<a href="#" class='off'>
{{if $field.4}}{{$field.4.0}}{{else}}OFF{{/if}}
</a>

View File

@ -78,7 +78,7 @@
</div>
</div>
<div class="mceActionPanel">
<input type="button" id="cancel" name="cancel" value="{{$cancel}}" onclick="tinyMCEPopup.close();" />
<input type="button" id="cancel" name="cancel" value="{{$cancel|escape:'html'}}" onclick="tinyMCEPopup.close();" />
</div>
</body>

View File

@ -1,5 +1,5 @@
{{include file="field_combobox.tpl"}}
<div class="settings-submit-wrapper" >
<input id="filer_save" type="button" class="settings-submit" value="{{$submit}}" />
<input id="filer_save" type="button" class="settings-submit" value="{{$submit|escape:'html'}}" />
</div>

4
view/templates/files.tpl Normal file
View File

@ -0,0 +1,4 @@
{{foreach $items as $item }}
<p>{{$item.title}} ({{$item.mime}}) ({{$item.filename}})</p>
{{/foreach}}
{{include "paginate.tpl"}}

View File

@ -3,7 +3,7 @@
<h3>{{$connect}}</h3>
<div id="connect-desc">{{$desc}}</div>
<form action="follow" method="post" >
<input id="side-follow-url" type="text" name="url" value="{{$value}}" size="24" placeholder="{{$hint}}" title="{{$hint}}" /><input id="side-follow-submit" type="submit" name="submit" value="{{$follow}}" />
<input id="side-follow-url" type="text" name="url" value="{{$value|escape:'html'}}" size="24" placeholder="{{$hint|escape:'html'}}" title="{{$hint|escape:'html'}}" /><input id="side-follow-submit" type="submit" name="submit" value="{{$follow|escape:'html'}}" />
</form>
</div>

View File

@ -9,7 +9,7 @@
{{include file="field_input.tpl" field=$gname}}
{{if $drop}}{{$drop}}{{/if}}
<div id="group-edit-submit-wrapper" >
<input type="submit" name="submit" value="{{$submit}}" >
<input type="submit" name="submit" value="{{$submit|escape:'html'}}" >
</div>
<div id="group-edit-select-end" ></div>
</form>

View File

@ -12,14 +12,14 @@
</table>
{{if $phpath}}
<input type="hidden" name="phpath" value="{{$phpath}}">
<input type="hidden" name="phpath" value="{{$phpath|escape:'html'}}">
{{/if}}
{{if $passed}}
<input type="hidden" name="pass" value="2">
<input type="submit" value="{{$next}}">
<input type="submit" value="{{$next|escape:'html'}}">
{{else}}
<input type="hidden" name="pass" value="1">
<input type="submit" value="{{$reload}}">
<input type="submit" value="{{$reload|escape:'html'}}">
{{/if}}
</form>

View File

@ -16,7 +16,7 @@
<form id="install-form" action="{{$baseurl}}/install" method="post">
<input type="hidden" name="phpath" value="{{$phpath}}" />
<input type="hidden" name="phpath" value="{{$phpath|escape:'html'}}" />
<input type="hidden" name="pass" value="3" />
{{include file="field_input.tpl" field=$dbhost}}
@ -25,7 +25,7 @@
{{include file="field_input.tpl" field=$dbdata}}
<input id="install-submit" type="submit" name="submit" value="{{$submit}}" />
<input id="install-submit" type="submit" name="submit" value="{{$submit|escape:'html'}}" />
</form>

View File

@ -10,17 +10,17 @@
<form id="install-form" action="{{$baseurl}}/install" method="post">
<input type="hidden" name="phpath" value="{{$phpath}}" />
<input type="hidden" name="dbhost" value="{{$dbhost}}" />
<input type="hidden" name="dbuser" value="{{$dbuser}}" />
<input type="hidden" name="dbpass" value="{{$dbpass}}" />
<input type="hidden" name="dbdata" value="{{$dbdata}}" />
<input type="hidden" name="phpath" value="{{$phpath|escape:'html'}}" />
<input type="hidden" name="dbhost" value="{{$dbhost|escape:'html'}}" />
<input type="hidden" name="dbuser" value="{{$dbuser|escape:'html'}}" />
<input type="hidden" name="dbpass" value="{{$dbpass|escape:'html'}}" />
<input type="hidden" name="dbdata" value="{{$dbdata|escape:'html'}}" />
<input type="hidden" name="pass" value="4" />
{{include file="field_input.tpl" field=$adminmail}}
{{$timezone}}
<input id="install-submit" type="submit" name="submit" value="{{$submit}}" />
<input id="install-submit" type="submit" name="submit" value="{{$submit|escape:'html'}}" />
</form>

View File

@ -4,13 +4,13 @@
<p class="intro-desc">{{$str_notifytype}} {{$notify_type}}</p>
<div class="intro-fullname" id="intro-fullname-{{$contact_id}}" >{{$fullname}}</div>
<a class="intro-url-link" id="intro-url-link-{{$contact_id}}" href="{{$url}}" ><img id="photo-{{$contact_id}}" class="intro-photo" src="{{$photo}}" width="175" height=175" title="{{$fullname}}" alt="{{$fullname}}" /></a>
<a class="intro-url-link" id="intro-url-link-{{$contact_id}}" href="{{$url}}" ><img id="photo-{{$contact_id}}" class="intro-photo" src="{{$photo}}" width="175" height=175" title="{{$fullname|escape:'html'}}" alt="{{$fullname|escape:'html'}}" /></a>
<div class="intro-knowyou">{{$knowyou}}</div>
<div class="intro-note" id="intro-note-{{$contact_id}}">{{$note}}</div>
<div class="intro-wrapper-end" id="intro-wrapper-end-{{$contact_id}}"></div>
<form class="intro-form" action="notifications/{{$intro_id}}" method="post">
<input class="intro-submit-ignore" type="submit" name="submit" value="{{$ignore}}" />
<input class="intro-submit-discard" type="submit" name="submit" value="{{$discard}}" />
<input class="intro-submit-ignore" type="submit" name="submit" value="{{$ignore|escape:'html'}}" />
<input class="intro-submit-discard" type="submit" name="submit" value="{{$discard|escape:'html'}}" />
</form>
<div class="intro-form-end"></div>
@ -23,7 +23,7 @@
{{$dfrn_text}}
<input class="intro-submit-approve" type="submit" name="submit" value="{{$approve}}" />
<input class="intro-submit-approve" type="submit" name="submit" value="{{$approve|escape:'html'}}" />
</form>
</div>
<div class="intro-end"></div>

View File

@ -24,7 +24,7 @@
</div>
<div id="invite-submit-wrapper">
<input type="submit" name="submit" value="{{$submit}}" />
<input type="submit" name="submit" value="{{$submit|escape:'html'}}" />
</div>
</div>

View File

@ -10,15 +10,15 @@
<form id="profile-jot-form" action="{{$action}}" method="post" >
<input type="hidden" name="type" value="{{$ptyp}}" />
<input type="hidden" name="profile_uid" value="{{$profile_uid}}" />
<input type="hidden" name="return" value="{{$return_path}}" />
<input type="hidden" name="location" id="jot-location" value="{{$defloc}}" />
<input type="hidden" name="return" value="{{$return_path|escape:'html'}}" />
<input type="hidden" name="location" id="jot-location" value="{{$defloc|escape:'html'}}" />
<input type="hidden" name="coord" id="jot-coord" value="" />
<input type="hidden" name="post_id" value="{{$post_id}}" />
<input type="hidden" name="preview" id="jot-preview" value="0" />
<input type="hidden" name="post_id_random" value="{{$rand_num}}" />
<div id="jot-title-wrap"><input name="title" id="jot-title" type="text" placeholder="{{$placeholdertitle}}" value="{{$title}}" class="jothidden" style="display:none"></div>
<div id="jot-title-wrap"><input name="title" id="jot-title" type="text" placeholder="{{$placeholdertitle|escape:'html'}}" value="{{$title|escape:'html'}}" class="jothidden" style="display:none"></div>
{{if $placeholdercategory}}
<div id="jot-category-wrap"><input name="category" id="jot-category" type="text" placeholder="{{$placeholdercategory}}" value="{{$category}}" class="jothidden" style="display:none" /></div>
<div id="jot-category-wrap"><input name="category" id="jot-category" type="text" placeholder="{{$placeholdercategory|escape:'html'}}" value="{{$category|escape:'html'}}" class="jothidden" style="display:none" /></div>
{{/if}}
<div id="jot-text-wrap">
<img id="profile-jot-text-loading" src="images/rotator.gif" alt="{{$wait}}" title="{{$wait}}" style="display: none;" />
@ -26,37 +26,37 @@
</div>
<div id="profile-jot-submit-wrapper" class="jothidden">
<input type="submit" id="profile-jot-submit" name="submit" value="{{$share}}" />
<input type="submit" id="profile-jot-submit" name="submit" value="{{$share|escape:'html'}}" />
<div id="profile-upload-wrapper" style="display: {{$visitor}};" >
<div id="wall-image-upload-div" ><a href="#" onclick="return false;" id="wall-image-upload" class="icon camera" title="{{$upload}}"></a></div>
<div id="wall-image-upload-div" ><a href="#" onclick="return false;" id="wall-image-upload" class="icon camera" title="{{$upload|escape:'html'}}"></a></div>
</div>
<div id="profile-attach-wrapper" style="display: {{$visitor}};" >
<div id="wall-file-upload-div" ><a href="#" onclick="return false;" id="wall-file-upload" class="icon attach" title="{{$attach}}"></a></div>
<div id="wall-file-upload-div" ><a href="#" onclick="return false;" id="wall-file-upload" class="icon attach" title="{{$attach|escape:'html'}}"></a></div>
</div>
<div id="profile-link-wrapper" style="display: {{$visitor}};" ondragenter="linkdropper(event);" ondragover="linkdropper(event);" ondrop="linkdrop(event);" >
<a id="profile-link" class="icon link" title="{{$weblink}}" ondragenter="return linkdropper(event);" ondragover="return linkdropper(event);" ondrop="linkdrop(event);" onclick="jotGetLink(); return false;"></a>
</div>
<div id="profile-video-wrapper" style="display: {{$visitor}};" >
<a id="profile-video" class="icon video" title="{{$video}}" onclick="jotVideoURL();return false;"></a>
<a id="profile-video" class="icon video" title="{{$video|escape:'html'}}" onclick="jotVideoURL();return false;"></a>
</div>
<div id="profile-audio-wrapper" style="display: {{$visitor}};" >
<a id="profile-audio" class="icon audio" title="{{$audio}}" onclick="jotAudioURL();return false;"></a>
<a id="profile-audio" class="icon audio" title="{{$audio|escape:'html'}}" onclick="jotAudioURL();return false;"></a>
</div>
<div id="profile-location-wrapper" style="display: {{$visitor}};" >
<a id="profile-location" class="icon globe" title="{{$setloc}}" onclick="jotGetLocation();return false;"></a>
<a id="profile-location" class="icon globe" title="{{$setloc|escape:'html'}}" onclick="jotGetLocation();return false;"></a>
</div>
<div id="profile-nolocation-wrapper" style="display: none;" >
<a id="profile-nolocation" class="icon noglobe" title="{{$noloc}}" onclick="jotClearLocation();return false;"></a>
<a id="profile-nolocation" class="icon noglobe" title="{{$noloc|escape:'html'}}" onclick="jotClearLocation();return false;"></a>
</div>
<div id="profile-jot-perms" class="profile-jot-perms" style="display: {{$pvisit}};" >
<a href="#profile-jot-acl-wrapper" id="jot-perms-icon" class="icon {{$lockstate}}" title="{{$permset}}" ></a>{{$bang}}
<a href="#profile-jot-acl-wrapper" id="jot-perms-icon" class="icon {{$lockstate}}" title="{{$permset|escape:'html'}}" ></a>{{$bang}}
</div>
<!-- {{if $preview}}<span onclick="preview_post();" id="jot-preview-link" class="fakelink">{{$preview}}</span>{{/if}} -->
{{if $preview}}<input type="submit" onclick="preview_post(); return false;" id="jot-preview-link" value="{{$preview}}" />{{/if}}
{{if $preview}}<input type="submit" onclick="preview_post(); return false;" id="jot-preview-link" value="{{$preview|escape:'html'}}" />{{/if}}
<div id="profile-jot-perms-end"></div>
@ -66,7 +66,7 @@
</div>
<div id="profile-rotator-wrapper" style="display: {{$visitor}};" >
<img id="profile-rotator" src="images/rotator.gif" alt="{{$wait}}" title="{{$wait}}" style="display: none;" />
<img id="profile-rotator" src="images/rotator.gif" alt="{{$wait}}" title="{{$wait|escape:'html'}}" style="display: none;" />
</div>
<div id="jot-preview-content" style="display:none;"></div>
@ -75,7 +75,7 @@
<div id="profile-jot-acl-wrapper" style="width:auto;height:auto;overflow:auto;">
{{$acl}}
<hr style="clear:both"/>
<div id="profile-jot-email-label">{{$emailcc}}</div><input type="text" name="emailcc" id="profile-jot-email" title="{{$emtitle}}" />
<div id="profile-jot-email-label">{{$emailcc}}</div><input type="text" name="emailcc" id="profile-jot-email" title="{{$emtitle|escape:'html'}}" />
<div id="profile-jot-email-end"></div>
{{$jotnets}}
</div>

View File

@ -4,7 +4,7 @@
<form action="#" method="post" >
<select name="system_language" onchange="this.form.submit();" >
{{foreach $langs.0 as $v=>$l}}
<option value="{{$v}}" {{if $v==$langs.1}}selected="selected"{{/if}}>{{$l}}</option>
<option value="{{$v|escape:'html'}}" {{if $v==$langs.1}}selected="selected"{{/if}}>{{$l}}</option>
{{/foreach}}
</select>
</form>

View File

@ -17,16 +17,16 @@
{{include file="field_checkbox.tpl" field=$lremember}}
<div id="login-extra-links">
{{if $register}}<a href="register" title="{{$register.title}}" id="register-link">{{$register.desc}}</a>{{/if}}
<a href="lostpass" title="{{$lostpass}}" id="lost-password-link" >{{$lostlink}}</a>
{{if $register}}<a href="register" title="{{$register.title|escape:'html'}}" id="register-link">{{$register.desc}}</a>{{/if}}
<a href="lostpass" title="{{$lostpass|escape:'html'}}" id="lost-password-link" >{{$lostlink}}</a>
</div>
<div id="login-submit-wrapper" >
<input type="submit" name="submit" id="login-submit-button" value="{{$login}}" />
<input type="submit" name="submit" id="login-submit-button" value="{{$login|escape:'html'}}" />
</div>
{{foreach $hiddens as $k=>$v}}
<input type="hidden" name="{{$k}}" value="{{$v}}" />
<input type="hidden" name="{{$k}}" value="{{$v|escape:'html'}}" />
{{/foreach}}

View File

@ -2,6 +2,6 @@
<form action="{{$dest_url}}" method="post" >
<div class="logout-wrapper">
<input type="hidden" name="auth-params" value="logout" />
<input type="submit" name="submit" id="logout-button" value="{{$logout}}" />
<input type="submit" name="submit" id="logout-button" value="{{$logout|escape:'html'}}" />
</div>
</form>

View File

@ -12,7 +12,7 @@
</div>
<div id="login-extra-end"></div>
<div id="login-submit-wrapper" >
<input type="submit" name="submit" id="lostpass-submit-button" value="{{$submit}}" />
<input type="submit" name="submit" id="lostpass-submit-button" value="{{$submit|escape:'html'}}" />
</div>
<div id="login-submit-end"></div>
</form>

View File

@ -4,27 +4,27 @@
<input type="hidden" name="type" value="{{$type}}" />
<input type="hidden" name="profile_uid" value="{{$profile_uid}}" />
<input type="hidden" name="parent" value="{{$parent}}" />
<input type="hidden" name="return" value="{{$return_path}}" />
<input type="hidden" name="return" value="{{$return_path|escape:'html'}}" />
<input type="hidden" name="jsreload" value="{{$jsreload}}" />
<input type="hidden" name="preview" id="comment-preview-inp-{{$id}}" value="0" />
<div class="comment-edit-photo" id="comment-edit-photo-{{$id}}" >
<a class="comment-edit-photo-link" href="{{$mylink}}" title="{{$mytitle}}"><img class="my-comment-photo" src="{{$myphoto}}" alt="{{$mytitle}}" title="{{$mytitle}}" /></a>
<a class="comment-edit-photo-link" href="{{$mylink}}" title="{{$mytitle|escape:'html'}}"><img class="my-comment-photo" src="{{$myphoto}}" alt="{{$mytitle|escape:'html'}}" title="{{$mytitle|escape:'html'}}" /></a>
</div>
<div class="comment-edit-photo-end"></div>
<div id="mod-cmnt-wrap-{{$id}}" class="mod-cmnt-wrap" style="display:none">
<div id="mod-cmnt-name-lbl-{{$id}}" class="mod-cmnt-name-lbl">{{$lbl_modname}}</div>
<input type="text" id="mod-cmnt-name-{{$id}}" class="mod-cmnt-name" name="mod-cmnt-name" value="{{$modname}}" />
<input type="text" id="mod-cmnt-name-{{$id}}" class="mod-cmnt-name" name="mod-cmnt-name" value="{{$modname|escape:'html'}}" />
<div id="mod-cmnt-email-lbl-{{$id}}" class="mod-cmnt-email-lbl">{{$lbl_modemail}}</div>
<input type="text" id="mod-cmnt-email-{{$id}}" class="mod-cmnt-email" name="mod-cmnt-email" value="{{$modemail}}" />
<input type="text" id="mod-cmnt-email-{{$id}}" class="mod-cmnt-email" name="mod-cmnt-email" value="{{$modemail|escape:'html'}}" />
<div id="mod-cmnt-url-lbl-{{$id}}" class="mod-cmnt-url-lbl">{{$lbl_modurl}}</div>
<input type="text" id="mod-cmnt-url-{{$id}}" class="mod-cmnt-url" name="mod-cmnt-url" value="{{$modurl}}" />
<input type="text" id="mod-cmnt-url-{{$id}}" class="mod-cmnt-url" name="mod-cmnt-url" value="{{$modurl|escape:'html'}}" />
</div>
<textarea id="comment-edit-text-{{$id}}" class="comment-edit-text-empty" name="body" onFocus="commentOpen(this,{{$id}});" onBlur="commentClose(this,{{$id}});" >{{$comment}}</textarea>
<div class="comment-edit-text-end"></div>
<div class="comment-edit-submit-wrapper" id="comment-edit-submit-wrapper-{{$id}}" style="display: none;" >
<input type="submit" onclick="post_comment({{$id}}); return false;" id="comment-edit-submit-{{$id}}" class="comment-edit-submit" name="submit" value="{{$submit}}" />
<input type="submit" onclick="post_comment({{$id}}); return false;" id="comment-edit-submit-{{$id}}" class="comment-edit-submit" name="submit" value="{{$submit|escape:'html'}}" />
<span onclick="preview_comment({{$id}});" id="comment-edit-preview-link-{{$id}}" class="fakelink">{{$preview}}</span>
<div id="comment-edit-preview-{{$id}}" class="comment-edit-preview" style="display:none;"></div>
</div>

View File

@ -16,6 +16,6 @@
</select>
<br />
<br />
<input type="submit" name="submit" value="{{$submit}}" />
<input type="submit" name="submit" value="{{$submit|escape:'html'}}" />
</form>

View File

@ -7,5 +7,5 @@
</div>
<h3>{{$authorize}}</h3>
<form method="POST">
<div class="settings-submit-wrapper"><input class="settings-submit" type="submit" name="oauth_yes" value="{{$yes}}" /></div>
<div class="settings-submit-wrapper"><input class="settings-submit" type="submit" name="oauth_yes" value="{{$yes|escape:'html'}}" /></div>
</form>

View File

@ -3,7 +3,7 @@
<h3>{{$findpeople}}</h3>
<div id="peoplefind-desc">{{$desc}}</div>
<form action="dirfind" method="post" />
<input id="side-peoplefind-url" type="text" name="search" size="24" title="{{$hint}}" /><input id="side-peoplefind-submit" type="submit" name="submit" value="{{$findthem}}" />
<input id="side-peoplefind-url" type="text" name="search" size="24" title="{{$hint|escape:'html'}}" /><input id="side-peoplefind-submit" type="submit" name="submit" value="{{$findthem|escape:'html'}}" />
</form>
<div class="side-link" id="side-match-link"><a href="match" >{{$similar}}</a></div>
<div class="side-link" id="side-suggest-link"><a href="suggest" >{{$suggest}}</a></div>

View File

@ -5,12 +5,12 @@
<input type="hidden" name="item_id" value="{{$item_id}}" />
<label id="photo-edit-albumname-label" for="photo-edit-albumname">{{$newalbum}}</label>
<input id="photo-edit-albumname" type="text" size="32" name="albname" value="{{$album}}" />
<input id="photo-edit-albumname" type="text" size="32" name="albname" value="{{$album|escape:'html'}}" />
<div id="photo-edit-albumname-end"></div>
<label id="photo-edit-caption-label" for="photo-edit-caption">{{$capt_label}}</label>
<input id="photo-edit-caption" type="text" size="84" name="desc" value="{{$caption}}" />
<input id="photo-edit-caption" type="text" size="84" name="desc" value="{{$caption|escape:'html'}}" />
<div id="photo-edit-caption-end"></div>
@ -42,8 +42,8 @@
</div>
<div id="photo-edit-perms-end"></div>
<input id="photo-edit-submit-button" type="submit" name="submit" value="{{$submit}}" />
<input id="photo-edit-delete-button" type="submit" name="delete" value="{{$delete}}" onclick="return confirmDelete()"; />
<input id="photo-edit-submit-button" type="submit" name="submit" value="{{$submit|escape:'html'}}" />
<input id="photo-edit-delete-button" type="submit" name="delete" value="{{$delete|escape:'html'}}" onclick="return confirmDelete()"; />
<div id="photo-edit-end"></div>
</form>

View File

@ -1,4 +1,4 @@
<div class="photos-upload-submit-wrapper" >
<input type="submit" name="submit" value="{{$submit}}" id="photos-upload-submit" />
<input type="submit" name="submit" value="{{$submit|escape:'html'}}" id="photos-upload-submit" />
</div>

View File

@ -9,7 +9,7 @@
<div id="poke-recip-label">{{$clabel}}</div>
<br />
<input id="poke-recip" type="text" size="64" maxlength="255" value="{{$name}}" name="pokename" autocomplete="off" />
<input id="poke-recip" type="text" size="64" maxlength="255" value="{{$name|escape:'html'}}" name="pokename" autocomplete="off" />
<input id="poke-recip-complete" type="hidden" value="{{$id}}" name="cid" />
<input id="poke-parent" type="hidden" value="{{$parent}}" name="parent" />
<br />
@ -28,6 +28,6 @@
<input type="checkbox" name="private" {{if $parent}}disabled="disabled"{{/if}} value="1" />
<br />
<br />
<input type="submit" name="submit" value="{{$submit}}" />
<input type="submit" name="submit" value="{{$submit|escape:'html'}}" />
</form>

View File

@ -5,11 +5,11 @@
<div id="profile-edit-links">
<ul>
<li><a href="profile_photo" id="profile-photo_upload-link" title="{{$profpic}}">{{$profpic}}</a></li>
<li><a href="profile/{{$profile_id}}/view?tab=profile" id="profile-edit-view-link" title="{{$viewprof}}">{{$viewprof}}</a></li>
<li><a href="{{$profile_clone_link}}" id="profile-edit-clone-link" title="{{$cr_prof}}">{{$cl_prof}}</a></li>
<li><a href="profile_photo" id="profile-photo_upload-link" title="{{$profpic|escape:'html'}}">{{$profpic}}</a></li>
<li><a href="profile/{{$profile_id}}/view?tab=profile" id="profile-edit-view-link" title="{{$viewprof|escape:'html'}}">{{$viewprof}}</a></li>
<li><a href="{{$profile_clone_link}}" id="profile-edit-clone-link" title="{{$cr_prof|escape:'html'}}">{{$cl_prof}}</a></li>
<li></li>
<li><a href="{{$profile_drop_link}}" id="profile-edit-drop-link" title="{{$del_prof}}" {{$disabled}} >{{$del_prof}}</a></li>
<li><a href="{{$profile_drop_link}}" id="profile-edit-drop-link" title="{{$del_prof|escape:'html'}}" {{$disabled}} >{{$del_prof}}</a></li>
</ul>
</div>
@ -23,19 +23,19 @@
<div id="profile-edit-profile-name-wrapper" >
<label id="profile-edit-profile-name-label" for="profile-edit-profile-name" >{{$lbl_profname}} </label>
<input type="text" size="32" name="profile_name" id="profile-edit-profile-name" value="{{$profile_name}}" /><div class="required">*</div>
<input type="text" size="32" name="profile_name" id="profile-edit-profile-name" value="{{$profile_name|escape:'html'}}" /><div class="required">*</div>
</div>
<div id="profile-edit-profile-name-end"></div>
<div id="profile-edit-name-wrapper" >
<label id="profile-edit-name-label" for="profile-edit-name" >{{$lbl_fullname}} </label>
<input type="text" size="32" name="name" id="profile-edit-name" value="{{$name}}" />
<input type="text" size="32" name="name" id="profile-edit-name" value="{{$name|escape:'html'}}" />
</div>
<div id="profile-edit-name-end"></div>
<div id="profile-edit-pdesc-wrapper" >
<label id="profile-edit-pdesc-label" for="profile-edit-pdesc" >{{$lbl_title}} </label>
<input type="text" size="32" name="pdesc" id="profile-edit-pdesc" value="{{$pdesc}}" />
<input type="text" size="32" name="pdesc" id="profile-edit-pdesc" value="{{$pdesc|escape:'html'}}" />
</div>
<div id="profile-edit-pdesc-end"></div>
@ -64,20 +64,20 @@
<div id="profile-edit-address-wrapper" >
<label id="profile-edit-address-label" for="profile-edit-address" >{{$lbl_address}} </label>
<input type="text" size="32" name="address" id="profile-edit-address" value="{{$address}}" />
<input type="text" size="32" name="address" id="profile-edit-address" value="{{$address|escape:'html'}}" />
</div>
<div id="profile-edit-address-end"></div>
<div id="profile-edit-locality-wrapper" >
<label id="profile-edit-locality-label" for="profile-edit-locality" >{{$lbl_city}} </label>
<input type="text" size="32" name="locality" id="profile-edit-locality" value="{{$locality}}" />
<input type="text" size="32" name="locality" id="profile-edit-locality" value="{{$locality|escape:'html'}}" />
</div>
<div id="profile-edit-locality-end"></div>
<div id="profile-edit-postal-code-wrapper" >
<label id="profile-edit-postal-code-label" for="profile-edit-postal-code" >{{$lbl_zip}} </label>
<input type="text" size="32" name="postal_code" id="profile-edit-postal-code" value="{{$postal_code}}" />
<input type="text" size="32" name="postal_code" id="profile-edit-postal-code" value="{{$postal_code|escape:'html'}}" />
</div>
<div id="profile-edit-postal-code-end"></div>
@ -101,7 +101,7 @@
<div id="profile-edit-hometown-wrapper" >
<label id="profile-edit-hometown-label" for="profile-edit-hometown" >{{$lbl_hometown}} </label>
<input type="text" size="32" name="hometown" id="profile-edit-hometown" value="{{$hometown}}" />
<input type="text" size="32" name="hometown" id="profile-edit-hometown" value="{{$hometown|escape:'html'}}" />
</div>
<div id="profile-edit-hometown-end"></div>
@ -117,7 +117,7 @@
<label id="profile-edit-with-label" for="profile-edit-with" > {{$lbl_with}} </label>
<input type="text" size="32" name="with" id="profile-edit-with" title="{{$lbl_ex1}}" value="{{$with}}" />
<label id="profile-edit-howlong-label" for="profile-edit-howlong" > {{$lbl_howlong}} </label>
<input type="text" size="32" name="howlong" id="profile-edit-howlong" title="{{$lbl_howlong}}" value="{{$howlong}}" />
<input type="text" size="32" name="howlong" id="profile-edit-howlong" title="{{$lbl_howlong}}" value="{{$howlong|escape:'html'}}" />
<div id="profile-edit-marital-end"></div>
@ -131,31 +131,31 @@
<div id="profile-edit-homepage-wrapper" >
<label id="profile-edit-homepage-label" for="profile-edit-homepage" >{{$lbl_homepage}} </label>
<input type="url" size="32" name="homepage" id="profile-edit-homepage" value="{{$homepage}}" />
<input type="url" size="32" name="homepage" id="profile-edit-homepage" value="{{$homepage|escape:'html'}}" />
</div>
<div id="profile-edit-homepage-end"></div>
<div id="profile-edit-politic-wrapper" >
<label id="profile-edit-politic-label" for="profile-edit-politic" >{{$lbl_politic}} </label>
<input type="text" size="32" name="politic" id="profile-edit-politic" value="{{$politic}}" />
<input type="text" size="32" name="politic" id="profile-edit-politic" value="{{$politic|escape:'html'}}" />
</div>
<div id="profile-edit-politic-end"></div>
<div id="profile-edit-religion-wrapper" >
<label id="profile-edit-religion-label" for="profile-edit-religion" >{{$lbl_religion}} </label>
<input type="text" size="32" name="religion" id="profile-edit-religion" value="{{$religion}}" />
<input type="text" size="32" name="religion" id="profile-edit-religion" value="{{$religion|escape:'html'}}" />
</div>
<div id="profile-edit-religion-end"></div>
<div id="profile-edit-pubkeywords-wrapper" >
<label id="profile-edit-pubkeywords-label" for="profile-edit-pubkeywords" >{{$lbl_pubkey}} </label>
<input type="text" size="32" name="pub_keywords" id="profile-edit-pubkeywords" title="{{$lbl_ex2}}" value="{{$pub_keywords}}" />
<input type="text" size="32" name="pub_keywords" id="profile-edit-pubkeywords" title="{{$lbl_ex2}}" value="{{$pub_keywords|escape:'html'}}" />
</div><div id="profile-edit-pubkeywords-desc">{{$lbl_pubdsc}}</div>
<div id="profile-edit-pubkeywords-end"></div>
<div id="profile-edit-prvkeywords-wrapper" >
<label id="profile-edit-prvkeywords-label" for="profile-edit-prvkeywords" >{{$lbl_prvkey}} </label>
<input type="text" size="32" name="prv_keywords" id="profile-edit-prvkeywords" title="{{$lbl_ex2}}" value="{{$prv_keywords}}" />
<input type="text" size="32" name="prv_keywords" id="profile-edit-prvkeywords" title="{{$lbl_ex2}}" value="{{$prv_keywords|escape:'html'}}" />
</div><div id="profile-edit-prvkeywords-desc">{{$lbl_prvdsc}}</div>
<div id="profile-edit-prvkeywords-end"></div>

View File

@ -17,7 +17,7 @@
</select>
<div id="profile-photo-submit-wrapper">
<input type="submit" name="submit" id="profile-photo-submit" value="{{$submit}}">
<input type="submit" name="submit" id="profile-photo-submit" value="{{$submit|escape:'html'}}">
</div>
</form>

View File

@ -18,15 +18,15 @@
<div id="prvmail-submit-wrapper" >
<input type="submit" id="prvmail-submit" name="submit" value="{{$submit}}" tabindex="13" />
<input type="submit" id="prvmail-submit" name="submit" value="{{$submit|escape:'html'}}" tabindex="13" />
<div id="prvmail-upload-wrapper" >
<div id="prvmail-upload" class="icon border camera" title="{{$upload}}" ></div>
<div id="prvmail-upload" class="icon border camera" title="{{$upload|escape:'html'}}" ></div>
</div>
<div id="prvmail-link-wrapper" >
<div id="prvmail-link" class="icon border link" title="{{$insert}}" onclick="jotGetLink();" ></div>
<div id="prvmail-link" class="icon border link" title="{{$insert|escape:'html'}}" onclick="jotGetLink();" ></div>
</div>
<div id="prvmail-rotator-wrapper" >
<img id="prvmail-rotator" src="images/rotator.gif" alt="{{$wait}}" title="{{$wait}}" style="display: none;" />
<img id="prvmail-rotator" src="images/rotator.gif" alt="{{$wait|escape:'html'}}" title="{{$wait|escape:'html'}}" style="display: none;" />
</div>
</div>
<div id="prvmail-end"></div>

View File

@ -14,7 +14,7 @@
{{if $oidlabel}}
<div id="register-openid-wrapper" >
<label for="register-openid" id="label-register-openid" >{{$oidlabel}}</label><input type="text" maxlength="60" size="32" name="openid_url" class="openid" id="register-openid" value="{{$openid}}" >
<label for="register-openid" id="label-register-openid" >{{$oidlabel}}</label><input type="text" maxlength="60" size="32" name="openid_url" class="openid" id="register-openid" value="{{$openid|escape:'html'}}" >
</div>
<div id="register-openid-end" ></div>
{{/if}}
@ -33,14 +33,14 @@
<div id="register-name-wrapper" >
<label for="register-name" id="label-register-name" >{{$namelabel}}</label>
<input type="text" maxlength="60" size="32" name="username" id="register-name" value="{{$username}}" >
<input type="text" maxlength="60" size="32" name="username" id="register-name" value="{{$username|escape:'html'}}" >
</div>
<div id="register-name-end" ></div>
<div id="register-email-wrapper" >
<label for="register-email" id="label-register-email" >{{$addrlabel}}</label>
<input type="text" maxlength="60" size="32" name="email" id="register-email" value="{{$email}}" >
<input type="text" maxlength="60" size="32" name="email" id="register-email" value="{{$email|escape:'html'}}" >
</div>
<div id="register-email-end" ></div>
@ -48,14 +48,14 @@
<div id="register-nickname-wrapper" >
<label for="register-nickname" id="label-register-nickname" >{{$nicklabel}}</label>
<input type="text" maxlength="60" size="32" name="nickname" id="register-nickname" value="{{$nickname}}" ><div id="register-sitename">@{{$sitename}}</div>
<input type="text" maxlength="60" size="32" name="nickname" id="register-nickname" value="{{$nickname|escape:'html'}}" ><div id="register-sitename">@{{$sitename}}</div>
</div>
<div id="register-nickname-end" ></div>
{{$publish}}
<div id="register-submit-wrapper">
<input type="submit" name="submit" id="register-submit-button" value="{{$regbutt}}" />
<input type="submit" name="submit" id="register-submit-button" value="{{$regbutt|escape:'html'}}" />
</div>
<div id="register-submit-end" ></div>

View File

@ -14,7 +14,7 @@
</div>
<div id="remove-account-pass-end"></div>
<input type="submit" name="submit" value="{{$submit}}" />
<input type="submit" name="submit" value="{{$submit|escape:'html'}}" />
</form>
</div>

View File

@ -0,0 +1,8 @@
<div id="scroll-loader" class="pager" style="display: none;">
<img class="scroll_loader_image" src="images/rotator.gif" />
<span class="scroll_loader_text">{{$wait}}</span>
</div>
<div id="scroll-end" class="pager" style="display: none;">
<span class="scroll_loader_text">{{$end}}</span>
</div>

View File

@ -16,7 +16,7 @@
{{/if}}
<div class="settings-submit-wrapper" >
<input type="submit" name="submit" class="settings-submit" value="{{$submit}}" />
<input type="submit" name="submit" class="settings-submit" value="{{$submit|escape:'html'}}" />
</div>
</div>
@ -32,7 +32,7 @@
<div class="settings-submit-wrapper" >
<input type="submit" name="submit" class="settings-submit" value="{{$submit}}" />
<input type="submit" name="submit" class="settings-submit" value="{{$submit|escape:'html'}}" />
</div>
</div>
@ -102,7 +102,7 @@
<div class="settings-submit-wrapper" >
<input type="submit" name="submit" class="settings-submit" value="{{$submit}}" />
<input type="submit" name="submit" class="settings-submit" value="{{$submit|escape:'html'}}" />
</div>
</div>
@ -138,7 +138,7 @@
</div>
<div class="settings-submit-wrapper" >
<input type="submit" name="submit" class="settings-submit" value="{{$submit}}" />
<input type="submit" name="submit" class="settings-submit" value="{{$submit|escape:'html'}}" />
</div>
</div>
@ -150,7 +150,7 @@
{{$pagetype}}
<div class="settings-submit-wrapper" >
<input type="submit" name="submit" class="settings-submit" value="{{$submit}}" />
<input type="submit" name="submit" class="settings-submit" value="{{$submit|escape:'html'}}" />
</div>
</div>
@ -159,7 +159,7 @@
<div id="settings-pagetype-desc">{{$relocate_text}}</div>
<div class="settings-submit-wrapper" >
<input type="submit" name="resend_relocate" class="settings-submit" value="{{$relocate_button}}" />
<input type="submit" name="resend_relocate" class="settings-submit" value="{{$relocate_button|escape:'html'}}" />
</div>
</div>

View File

@ -32,7 +32,7 @@
{{include file="field_input.tpl" field=$mail_movetofolder}}
<div class="settings-submit-wrapper" >
<input type="submit" id="imap-submit" name="imap-submit" class="settings-submit" value="{{$submit}}" />
<input type="submit" id="imap-submit" name="imap-submit" class="settings-submit" value="{{$submit|escape:'html'}}" />
</div>
</div>
{{/if}}

View File

@ -16,7 +16,7 @@
<div class="settings-submit-wrapper" >
<input type="submit" name="submit" class="settings-submit" value="{{$submit}}" />
<input type="submit" name="submit" class="settings-submit" value="{{$submit|escape:'html'}}" />
</div>
{{if $theme_config}}

View File

@ -13,7 +13,7 @@
{{include file="field_yesno.tpl" field=$fcat}}
{{/foreach}}
<div class="settings-submit-wrapper" >
<input type="submit" name="submit" class="settings-features-submit" value="{{$submit}}" />
<input type="submit" name="submit" class="settings-features-submit" value="{{$submit|escape:'html'}}" />
</div>
</div>
{{/foreach}}

View File

@ -23,8 +23,8 @@
{{/if}}
{{/if}}
{{if $app.my}}
<a href="{{$baseurl}}/settings/oauth/edit/{{$app.client_id}}" class="icon s22 edit" title="{{$edit}}">&nbsp;</a>
<a href="{{$baseurl}}/settings/oauth/delete/{{$app.client_id}}?t={{$form_security_token}}" class="icon s22 delete" title="{{$delete}}">&nbsp;</a>
<a href="{{$baseurl}}/settings/oauth/edit/{{$app.client_id}}" class="icon s22 edit" title="{{$edit|escape:'html'}}">&nbsp;</a>
<a href="{{$baseurl}}/settings/oauth/delete/{{$app.client_id}}?t={{$form_security_token}}" class="icon s22 delete" title="{{$delete|escape:'html'}}">&nbsp;</a>
{{/if}}
</div>
{{/foreach}}

View File

@ -11,7 +11,7 @@
{{include file="field_input.tpl" field=$icon}}
<div class="settings-submit-wrapper" >
<input type="submit" name="submit" class="settings-submit" value="{{$submit}}" />
<input type="submit" name="submit" class="settings-submit" value="{{$submit|escape:'html'}}" />
<!-- <input type="submit" name="cancel" class="settings-submit" value="{{$cancel}}" /> -->
</div>

View File

@ -5,18 +5,18 @@
<p class="intro-desc">{{$str_notifytype}} {{$notify_type}}</p>
<div class="intro-madeby">{{$madeby}}</div>
<div class="intro-fullname" >{{$fullname}}</div>
<a class="intro-url-link" href="{{$url}}" ><img class="intro-photo lframe" src="{{$photo}}" width="175" height=175" title="{{$fullname}}" alt="{{$fullname}}" /></a>
<a class="intro-url-link" href="{{$url}}" ><img class="intro-photo lframe" src="{{$photo}}" width="175" height=175" title="{{$fullname|escape:'html'}}" alt="{{$fullname|escape:'html'}}" /></a>
<div class="intro-note" >{{$note}}</div>
<div class="intro-wrapper-end"></div>
<form class="intro-form" action="notifications/{{$intro_id}}" method="post">
<input class="intro-submit-ignore" type="submit" name="submit" value="{{$ignore}}" />
<input class="intro-submit-discard" type="submit" name="submit" value="{{$discard}}" />
<input class="intro-submit-ignore" type="submit" name="submit" value="{{$ignore|escape:'html'}}" />
<input class="intro-submit-discard" type="submit" name="submit" value="{{$discard|escape:'html'}}" />
</form>
<div class="intro-form-end"></div>
<form class="intro-approve-form" action="{{$request}}" method="get">
{{include file="field_checkbox.tpl" field=$hidden}}
<input class="intro-submit-approve" type="submit" name="submit" value="{{$approve}}" />
<input class="intro-submit-approve" type="submit" name="submit" value="{{$approve|escape:'html'}}" />
</form>
</div>
<div class="intro-end"></div>

View File

@ -8,7 +8,7 @@
<div id="register-submit-wrapper">
<input type="submit" name="submit" id="register-submit-button" value="{{$regbutt}}" />
<input type="submit" name="submit" id="register-submit-button" value="{{$regbutt|escape:'html'}}" />
</div>
<div id="register-submit-end" ></div>
</form>

View File

@ -12,7 +12,7 @@
<div class="wall-item-info{{if $item.owner_url}} wallwall{{/if}}" id="wall-item-info-{{$item.id}}">
{{if $item.owner_url}}
<div class="wall-item-photo-wrapper wwto" id="wall-item-ownerphoto-wrapper-{{$item.id}}" >
<a href="{{$item.owner_url}}" target="redir" title="{{$item.olinktitle}}" class="wall-item-photo-link" id="wall-item-ownerphoto-link-{{$item.id}}">
<a href="{{$item.owner_url}}" target="redir" title="{{$item.olinktitle|escape:'html'}}" class="wall-item-photo-link" id="wall-item-ownerphoto-link-{{$item.id}}">
<img src="{{$item.owner_photo}}" class="wall-item-photo{{$item.osparkle}}" id="wall-item-ownerphoto-{{$item.id}}" style="height: 80px; width: 80px;" alt="{{$item.owner_name}}" /></a>
</div>
<div class="wall-item-arrowphoto-wrapper" ><img src="images/larrow.gif" alt="{{$item.wall}}" /></div>
@ -20,7 +20,7 @@
<div class="wall-item-photo-wrapper{{if $item.owner_url}} wwfrom{{/if}}" id="wall-item-photo-wrapper-{{$item.id}}"
onmouseover="if (typeof t{{$item.id}} != 'undefined') clearTimeout(t{{$item.id}}); openMenu('wall-item-photo-menu-button-{{$item.id}}')"
onmouseout="t{{$item.id}}=setTimeout('closeMenu(\'wall-item-photo-menu-button-{{$item.id}}\'); closeMenu(\'wall-item-photo-menu-{{$item.id}}\');',200)">
<a href="{{$item.profile_url}}" target="redir" title="{{$item.linktitle}}" class="wall-item-photo-link" id="wall-item-photo-link-{{$item.id}}">
<a href="{{$item.profile_url}}" target="redir" title="{{$item.linktitle|escape:'html'}}" class="wall-item-photo-link" id="wall-item-photo-link-{{$item.id}}">
<img src="{{$item.thumb}}" class="wall-item-photo{{$item.sparkle}}" id="wall-item-photo-{{$item.id}}" style="height: 80px; width: 80px;" alt="{{$item.name}}" /></a>
<span onclick="openClose('wall-item-photo-menu-{{$item.id}}');" class="fakelink wall-item-photo-menu-button" id="wall-item-photo-menu-button-{{$item.id}}">menu</span>
<div class="wall-item-photo-menu" id="wall-item-photo-menu-{{$item.id}}">
@ -38,8 +38,8 @@
</div>
</div>
<div class="wall-item-author">
<a href="{{$item.profile_url}}" target="redir" title="{{$item.linktitle}}" class="wall-item-name-link"><span class="wall-item-name{{$item.sparkle}}" id="wall-item-name-{{$item.id}}" >{{$item.name}}</span></a>{{if $item.owner_url}} {{$item.to}} <a href="{{$item.owner_url}}" target="redir" title="{{$item.olinktitle}}" class="wall-item-name-link"><span class="wall-item-name{{$item.osparkle}}" id="wall-item-ownername-{{$item.id}}">{{$item.owner_name}}</span></a> {{$item.vwall}}{{/if}}<br />
<div class="wall-item-ago" id="wall-item-ago-{{$item.id}}" title="{{$item.localtime}}">{{$item.ago}}</div>
<a href="{{$item.profile_url}}" target="redir" title="{{$item.linktitle|escape:'html'}}" class="wall-item-name-link"><span class="wall-item-name{{$item.sparkle}}" id="wall-item-name-{{$item.id}}" >{{$item.name}}</span></a>{{if $item.owner_url}} {{$item.to}} <a href="{{$item.owner_url}}" target="redir" title="{{$item.olinktitle|escape:'html'}}" class="wall-item-name-link"><span class="wall-item-name{{$item.osparkle}}" id="wall-item-ownername-{{$item.id}}">{{$item.owner_name}}</span></a> {{$item.vwall}}{{/if}}<br />
<div class="wall-item-ago" id="wall-item-ago-{{$item.id}}" title="{{$item.localtime|escape:'html'}}">{{$item.ago}}</div>
</div>
<div class="wall-item-content" id="wall-item-content-{{$item.id}}" >
<div class="wall-item-title" id="wall-item-title-{{$item.id}}">{{$item.title}}</div>
@ -51,12 +51,12 @@
{{/foreach}}
</div>
{{if $item.has_cats}}
<div class="categorytags"><span>{{$item.txt_cats}} {{foreach $item.categories as $cat}}{{$cat.name}}{{if $cat.removeurl}} <a href="{{$cat.removeurl}}" title="{{$remove}}">[{{$remove}}]</a>{{/if}} {{if $cat.last}}{{else}}, {{/if}}{{/foreach}}
<div class="categorytags"><span>{{$item.txt_cats}} {{foreach $item.categories as $cat}}{{$cat.name}}{{if $cat.removeurl}} <a href="{{$cat.removeurl}}" title="{{$remove|escape:'html'}}">[{{$remove}}]</a>{{/if}} {{if $cat.last}}{{else}}, {{/if}}{{/foreach}}
</div>
{{/if}}
{{if $item.has_folders}}
<div class="filesavetags"><span>{{$item.txt_folders}} {{foreach $item.folders as $cat}}{{$cat.name}}{{if $cat.removeurl}} <a href="{{$cat.removeurl}}" title="{{$remove}}">[{{$remove}}]</a>{{/if}}{{if $cat.last}}{{else}}, {{/if}}{{/foreach}}
<div class="filesavetags"><span>{{$item.txt_folders}} {{foreach $item.folders as $cat}}{{$cat.name}}{{if $cat.removeurl}} <a href="{{$cat.removeurl}}" title="{{$remove|escape:'html'}}">[{{$remove}}]</a>{{/if}}{{if $cat.last}}{{else}}, {{/if}}{{/foreach}}
</div>
{{/if}}
</div>
@ -64,33 +64,33 @@
<div class="wall-item-tools" id="wall-item-tools-{{$item.id}}">
{{if $item.vote}}
<div class="wall-item-like-buttons" id="wall-item-like-buttons-{{$item.id}}">
<a href="#" class="icon like" title="{{$item.vote.like.0}}" onclick="dolike({{$item.id}},'like'); return false"></a>
{{if $item.vote.dislike}}<a href="#" class="icon dislike" title="{{$item.vote.dislike.0}}" onclick="dolike({{$item.id}},'dislike'); return false"></a>{{/if}}
{{if $item.vote.share}}<a href="#" class="icon recycle wall-item-share-buttons" title="{{$item.vote.share.0}}" onclick="jotShare({{$item.id}}); return false"></a>{{/if}}
<img id="like-rotator-{{$item.id}}" class="like-rotator" src="images/rotator.gif" alt="{{$item.wait}}" title="{{$item.wait}}" style="display: none;" />
<a href="#" class="icon like" title="{{$item.vote.like.0|escape:'html'}}" onclick="dolike({{$item.id}},'like'); return false"></a>
{{if $item.vote.dislike}}<a href="#" class="icon dislike" title="{{$item.vote.dislike.0|escape:'html'}}" onclick="dolike({{$item.id}},'dislike'); return false"></a>{{/if}}
{{if $item.vote.share}}<a href="#" class="icon recycle wall-item-share-buttons" title="{{$item.vote.share.0|escape:'html'}}" onclick="jotShare({{$item.id}}); return false"></a>{{/if}}
<img id="like-rotator-{{$item.id}}" class="like-rotator" src="images/rotator.gif" alt="{{$item.wait|escape:'html'}}" title="{{$item.wait|escape:'html'}}" style="display: none;" />
</div>
{{/if}}
{{if $item.plink}}
<div class="wall-item-links-wrapper"><a href="{{$item.plink.href}}" title="{{$item.plink.title}}" target="_blank" class="icon remote-link{{$item.sparkle}}"></a></div>
<div class="wall-item-links-wrapper"><a href="{{$item.plink.href}}" title="{{$item.plink.title|escape:'html'}}" target="_blank" class="icon remote-link{{$item.sparkle}}"></a></div>
{{/if}}
{{if $item.edpost}}
<a class="editpost icon pencil" href="{{$item.edpost.0}}" title="{{$item.edpost.1}}"></a>
<a class="editpost icon pencil" href="{{$item.edpost.0}}" title="{{$item.edpost.1|escape:'html'}}"></a>
{{/if}}
{{if $item.star}}
<a href="#" id="starred-{{$item.id}}" onclick="dostar({{$item.id}}); return false;" class="star-item icon {{$item.isstarred}}" title="{{$item.star.toggle}}"></a>
<a href="#" id="starred-{{$item.id}}" onclick="dostar({{$item.id}}); return false;" class="star-item icon {{$item.isstarred}}" title="{{$item.star.toggle|escape:'html'}}"></a>
{{/if}}
{{if $item.tagger}}
<a href="#" id="tagger-{{$item.id}}" onclick="itemTag({{$item.id}}); return false;" class="tag-item icon tagged" title="{{$item.tagger.add}}"></a>
<a href="#" id="tagger-{{$item.id}}" onclick="itemTag({{$item.id}}); return false;" class="tag-item icon tagged" title="{{$item.tagger.add|escape:'html'}}"></a>
{{/if}}
{{if $item.filer}}
<a href="#" id="filer-{{$item.id}}" onclick="itemFiler({{$item.id}}); return false;" class="filer-item filer-icon" title="{{$item.filer}}"></a>
<a href="#" id="filer-{{$item.id}}" onclick="itemFiler({{$item.id}}); return false;" class="filer-item filer-icon" title="{{$item.filer|escape:'html'}}"></a>
{{/if}}
<div class="wall-item-delete-wrapper" id="wall-item-delete-wrapper-{{$item.id}}" >
{{if $item.drop.dropping}}<a href="item/drop/{{$item.id}}" onclick="return confirmDelete();" class="icon drophide" title="{{$item.drop.delete}}" onmouseover="imgbright(this);" onmouseout="imgdull(this);" ></a>{{/if}}
{{if $item.drop.dropping}}<a href="item/drop/{{$item.id}}" onclick="return confirmDelete();" class="icon drophide" title="{{$item.drop.delete|escape:'html'}}" onmouseover="imgbright(this);" onmouseout="imgdull(this);" ></a>{{/if}}
</div>
{{if $item.drop.pagedrop}}<input type="checkbox" onclick="checkboxhighlight(this);" title="{{$item.drop.select}}" class="item-select" name="itemselected[]" value="{{$item.id}}" />{{/if}}
{{if $item.drop.pagedrop}}<input type="checkbox" onclick="checkboxhighlight(this);" title="{{$item.drop.select|escape:'html'}}" class="item-select" name="itemselected[]" value="{{$item.id}}" />{{/if}}
<div class="wall-item-delete-end"></div>
</div>
</div>

View File

@ -13,7 +13,7 @@
{{$recipname}}
<div id="prvmail-subject-label">{{$subject}}</div>
<input type="text" size="64" maxlength="255" id="prvmail-subject" name="subject" value="{{$subjtxt}}" {{$readonly}} tabindex="11" />
<input type="text" size="64" maxlength="255" id="prvmail-subject" name="subject" value="{{$subjtxt|escape:'html'}}" {{$readonly}} tabindex="11" />
<div id="prvmail-message-label">{{$yourmessage}}</div>
<textarea rows="8" cols="72" class="prvmail-text" id="prvmail-text" name="body" tabindex="12">{{$text}}</textarea>
@ -22,10 +22,10 @@
<div id="prvmail-submit-wrapper" >
<input type="submit" id="prvmail-submit" name="submit" value="Submit" tabindex="13" />
<div id="prvmail-link-wrapper" >
<div id="prvmail-link" class="icon border link" title="{{$insert}}" onclick="jotGetLink();" ></div>
<div id="prvmail-link" class="icon border link" title="{{$insert|escape:'html'}}" onclick="jotGetLink();" ></div>
</div>
<div id="prvmail-rotator-wrapper" >
<img id="prvmail-rotator" src="images/rotator.gif" alt="{{$wait}}" title="{{$wait}}" style="display: none;" />
<img id="prvmail-rotator" src="images/rotator.gif" alt="{{$wait|escape:'html'}}" title="{{$wait|escape:'html'}}" style="display: none;" />
</div>
</div>
<div id="prvmail-end"></div>