source: trunk/services/templates/admin_form.ihtml @ 185

Last change on this file since 185 was 185, checked in by scdev, 18 years ago

Q - added oTxt() around all printed PHP_SELFs to avoid XSS attack. See: http://blog.phpdoc.info/archives/13-XSS-Woes.html
File size: 2.5 KB
Line 
1<?php $fv->printErrorMessages(); ?>
2
3<form method="post" action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>">
4<?php $app->printHiddenSession(); ?>
5<input type="hidden" name="op" value="<?php echo $frm['new_op']; ?>" />
6<input type="hidden" name="admin_id" value="<?php echo $frm['admin_id']; ?>" />
7<input type="hidden" name="old_username" value="<?php echo $frm['old_username']; ?>" />
8
9<table>
10    <tr>
11        <td>&nbsp;</td>
12        <td><?php printSubmitButtons($frm['submit_buttons']); ?></td>
13    </tr>
14    <tr>
15        <td class="sc-right"><label for="username"<?php $fv->err('username', ' class="error"') ?>><?php echo _("Username"); ?></label></td>
16        <td>
17            <input type="text" class="sc-small" size="50" name="username" value="<?php echo oTxt($frm['username']); ?>" />
18        </td>
19    </tr>
20    <tr>
21        <td class="sc-right"><label for="userpass"<?php $fv->err('userpass', ' class="error"') ?>><?php echo _("Password"); ?></label></td>
22        <td>
23            <input type="password" class="sc-small" size="50" name="userpass" value="<?php echo oTxt($frm['userpass']); ?>" />
24        </td>
25    </tr>
26    <tr>
27        <td class="sc-right"><label for="first_name"<?php $fv->err('first_name', ' class="error"') ?>><?php echo _("First name"); ?></label></td>
28        <td>
29            <input type="text" class="sc-small" size="50" name="first_name" value="<?php echo oTxt($frm['first_name']); ?>" />
30        </td>
31    </tr>
32    <tr>
33        <td class="sc-right"><label for="last_name"<?php $fv->err('last_name', ' class="error"') ?>><?php echo _("Last name"); ?></label></td>
34        <td>
35            <input type="text" class="sc-small" size="50" name="last_name" value="<?php echo oTxt($frm['last_name']); ?>" />
36        </td>
37    </tr>
38    <tr>
39        <td class="sc-right"><label for="email"<?php $fv->err('email', ' class="error"') ?>><?php echo _("Email"); ?></label></td>
40        <td>
41            <input type="text" class="sc-medium" size="50" name="email" value="<?php echo oTxt($frm['email']); ?>" />
42        </td>
43    </tr>
44    <tr>
45        <td class="sc-right"><label for="user_type"<?php $fv->err('user_type', ' class="error"') ?>><?php echo _("User type"); ?></label></td>
46        <td>
47            <select name="user_type" class="sc-small">
48            <?php printSetSelectForm('admin_tbl', 'user_type', $frm['user_type'], true); ?>
49            </select>
50        </td>
51    </tr>
52    <tr>
53        <td>&nbsp;</td>
54        <td><?php printSubmitButtons($frm['submit_buttons']); ?></td>
55    </tr>
56</table>
57</form>
Note: See TracBrowser for help on using the repository browser.