source: branches/1.1dev/bin/module_maker/skel/adm_list.ihtml @ 185

Last change on this file since 185 was 185, checked in by scdev, 18 years ago

Q - added oTxt() around all printed PHP_SELFs to avoid XSS attack. See: http://blog.phpdoc.info/archives/13-XSS-Woes.html
File size: 3.0 KB
Line 
1
2<?php include 'form_error_header.ihtml'; ?>
3
4<div id="commandbox">
5    <form action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>" method="get">
6        <?php printHiddenSession(false); ?>
7        <span class="nowrap commandtext"><a href="<?php echo ohref($_SERVER['PHP_SELF'] . '?op=add'); ?>"><?php echo _("Add %ITEM_TITLE%"); ?></a></span>
8        <br />
9   
10        <input type="text" class="forminputtext" size="20" name="search_query" value="<?php echo getFormData('search_query'); ?>" title="<?php echo oTxt(_("Fields searched: %SEARCH_FIELDS%.")); ?>" />
11        <select name="filter_<##>">
12            <?php // printSelectForm('<##>_tbl', "CONCAT(<##>_id, '&mdash;', city, '&mdash;', title)", '<##>_id', getFormData('filter_<##>'), array('Any <##>'), 'ORDER BY <##> ASC'); ?>
13        </select>
14        <input type="submit" name="list" value="<?php echo _("Search"); ?>" />
15    </form>
16</div>
17
18<?php include 'adm_list_info.ihtml'; ?>
19
20<form action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>" method="post">
21    <?php printHiddenSession(false); ?>
22    <table class="list">
23        <tr>
24            <th>&nbsp;</th>
25            <th>&nbsp;</th>
26    %ADM_LIST_HEADER_ROWS%
27            <th>&nbsp;</th>
28        </tr>
29        <?php for ($i = 0; $i <= $page->last_item - $page->first_item && $page->total_items > 0; $i++) { ?>
30        <tr>
31            <td class="padleft nowrap"><a title="<?php printf(_("Edit %s"), oTxt($list[$i]['______RECORD_NAME______'])) ?>" href="<?php echo ohref($_SERVER['PHP_SELF'] . '?op=edit&%PRIMARY_KEY%=' . $list[$i]['%PRIMARY_KEY%']); ?>"><img src="<?php echo $CFG->admin_url; ?>/_widgets/edit.gif" alt="Edit" width="14" height="18" border="0"></a> &nbsp;</td>
32            <td class="padleft nowrap"><a title="<?php printf(_("Versions of %s"), oTxt($list[$i]['______RECORD_NAME______'])) ?>" href="<?php echo ohref("$CFG->admin_url/record_versions.php?record_table=%DB_TBL%&record_key=%PRIMARY_KEY%&boomerang=true&record_val=" . $list[$i]['%PRIMARY_KEY%']); ?>"><img src="<?php echo $CFG->admin_url; ?>/_widgets/subcategory.gif" alt="" width="18" height="14" border="0" /></a> &nbsp;</td>
33    %ADM_LIST_ROWS%
34            <td class="padleft nowrap" align="right"><a title="<?php printf(_("Delete %s"), oTxt($list[$i]['______RECORD_NAME______'])) ?>" href="<?php echo ohref($_SERVER['PHP_SELF'] . "?op=del&%PRIMARY_KEY%=" . $list[$i]['%PRIMARY_KEY%']); ?>" onClick="javascript:return confirm('<?php printf(_("Are you sure you want to delete the record %s? This action is permanent and cannot be undone."), oTxt($list[$i]['______RECORD_NAME______'])) ?>')"><img src="<?php echo $CFG->admin_url; ?>/_widgets/delete.gif" alt="Delete" width="16" height="17" border="0"></a> &nbsp;</td>
35        </tr>
36        <?php } ?>
37    </table>
38
39    <?php if ($page->total_pages > 1) { ?>
40    <div class="nowrap commandtext" style="float: right;"><?php echo _("Pages:"); ?>&nbsp;<?php $page->printPageNumbers() ?></div>
41    <?php } ?>
42    <?php if ($page->total_items > 0) { ?>
43    <div class="commanditem"><input type="submit" name="op" value="<?php echo _("Save rank"); ?>" /></div>
44    <?php } ?>
45</form>
Note: See TracBrowser for help on using the repository browser.