source: branches/1.1dev/templates/adm_admin_form.ihtml

Last change on this file was 185, checked in by scdev, 18 years ago

Q - added oTxt() around all printed PHP_SELFs to avoid XSS attack. See: http://blog.phpdoc.info/archives/13-XSS-Woes.html
File size: 4.3 KB
Line 
1<?php include 'form_error_header.ihtml'; ?>
2
3<form method="post" action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>">
4<?php printHiddenSession(); ?>
5<input type="hidden" name="op" value="<?php echo $frm['new_op']; ?>">
6<input type="hidden" name="admin_id" value="<?php echo $frm['admin_id']; ?>">
7<input type="hidden" name="old_username" value="<?php echo $frm['old_username']; ?>">
8
9<table border="0" cellspacing="0" cellpadding="4">
10    <tr>
11        <td class="formlabel" align="right" valign="top">&nbsp;</td>
12        <td valign="top">
13        <?php if (!empty($frm['submit_caption'])) { ?><input type="submit" class="formsubmitbutton" name="submit" value="<?php echo oTxt($frm['submit_caption']); ?>" /><?php } ?>
14        <?php if (!empty($frm['repeat_caption'])) { ?><input type="submit" class="formsubmitbutton" name="repeat" value="<?php echo oTxt($frm['repeat_caption']); ?>" /><?php } ?>
15        <?php if (!empty($frm['reset_caption'])) { ?><input type="submit" class="formsubmitbutton" name="reset" value="<?php echo oTxt($frm['reset_caption']); ?>" /><?php } ?>
16        <?php if (!empty($frm['cancel_caption'])) { ?><input type="submit" class="formsubmitbutton" name="cancel" value="<?php echo oTxt($frm['cancel_caption']); ?>" /><?php } ?>
17        </td>
18    </tr>
19    <tr>
20        <td class="formlabel" align="right" valign="top"<?php $fv->err('username', ' style="color:#f33;"') ?>><?php echo _("Username"); ?></td>
21        <td valign="top">
22            <input type="text" class="forminputtext" size="50" name="username" value="<?php echo oTxt($frm['username']); ?>">
23        </td>
24    </tr>
25    <tr>
26        <td class="formlabel" align="right" valign="top"<?php $fv->err('userpass', ' style="color:#f33;"') ?>><?php echo _("Password"); ?></td>
27        <td valign="top">
28            <input type="password" class="forminputtext" size="50" name="userpass" value="<?php echo oTxt($frm['userpass']); ?>">
29        </td>
30    </tr>
31    <tr>
32        <td class="formlabel" align="right" valign="top"<?php $fv->err('first_name', ' style="color:#f33;"') ?>><?php echo _("First name"); ?></td>
33        <td valign="top">
34            <input type="text" class="forminputtext" size="50" name="first_name" value="<?php echo oTxt($frm['first_name']); ?>">
35        </td>
36    </tr>
37    <tr>
38        <td class="formlabel" align="right" valign="top"<?php $fv->err('last_name', ' style="color:#f33;"') ?>><?php echo _("Last name"); ?></td>
39        <td valign="top">
40            <input type="text" class="forminputtext" size="50" name="last_name" value="<?php echo oTxt($frm['last_name']); ?>">
41        </td>
42    </tr>
43    <tr>
44        <td class="formlabel" align="right" valign="top"<?php $fv->err('phone', ' style="color:#f33;"') ?>><?php echo _("Phone"); ?></td>
45        <td valign="top">
46            <input type="text" class="forminputtext" size="50" name="phone" value="<?php echo oTxt($frm['phone']); ?>">
47        </td>
48    </tr>
49    <tr>
50        <td class="formlabel" align="right" valign="top"<?php $fv->err('email', ' style="color:#f33;"') ?>><?php echo _("Email"); ?></td>
51        <td valign="top">
52            <input type="text" class="forminputtext" size="50" name="email" value="<?php echo oTxt($frm['email']); ?>">
53        </td>
54    </tr>
55    <tr>
56        <td class="formlabel" align="right" valign="top"<?php $fv->err('priv', ' style="color:#f33;"') ?>><?php echo _("Priv"); ?></td>
57        <td valign="top">
58            <select name="priv">
59            <?php printSetSelectForm('admin_tbl', 'priv', $frm['priv'], true); ?>
60            </select>
61        </td>
62    </tr>
63    <tr>
64        <td class="formlabel" align="right" valign="top">&nbsp;</td>
65        <td valign="top">
66        <?php if (!empty($frm['submit_caption'])) { ?><input type="submit" class="formsubmitbutton" name="submit" value="<?php echo oTxt($frm['submit_caption']); ?>" /><?php } ?>
67        <?php if (!empty($frm['repeat_caption'])) { ?><input type="submit" class="formsubmitbutton" name="repeat" value="<?php echo oTxt($frm['repeat_caption']); ?>" /><?php } ?>
68        <?php if (!empty($frm['reset_caption'])) { ?><input type="submit" class="formsubmitbutton" name="reset" value="<?php echo oTxt($frm['reset_caption']); ?>" /><?php } ?>
69        <?php if (!empty($frm['cancel_caption'])) { ?><input type="submit" class="formsubmitbutton" name="cancel" value="<?php echo oTxt($frm['cancel_caption']); ?>" /><?php } ?>
70        </td>
71    </tr>
72</table>
73</form>
Note: See TracBrowser for help on using the repository browser.