Index: luna/add_success.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/add_success.html,v retrieving revision 1.11 retrieving revision 1.12 diff -u -b -r1.11 -r1.12 --- luna/add_success.html 24 Mar 2005 08:58:29 -0000 1.11 +++ luna/add_success.html 14 Apr 2005 03:07:05 -0000 1.12 @@ -56,7 +56,7 @@ </div> <p> -<%~if AutoValidate%> +<%~if config.build_auto_validate%> Your link has been added to <%if Category_loop.length > 1%>the following categories: <%loop Category_loop%><%loop_value%><%unless last%>, <%endunless%><%endloop%><%else%><%Category%><%endif%>. <%~else%> Thank you! We will send you an e-mail once your link has been validated. Index: luna/bookmark_folder_add.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/bookmark_folder_add.html,v retrieving revision 1.11 retrieving revision 1.12 diff -u -b -r1.11 -r1.12 --- luna/bookmark_folder_add.html 24 Mar 2005 08:58:29 -0000 1.11 +++ luna/bookmark_folder_add.html 18 Apr 2005 21:39:36 -0000 1.12 @@ -26,13 +26,13 @@ <div class="row required clear"> <label for="my_folder_name" class="name">Name: <span>*</span></label> <div class="value"> - <input type="text" id="my_folder_name" name="my_folder_name" value="<%if my_folder_name%><%my_folder_name%><%endif%>" class="text" /> + <input type="text" id="my_folder_name" name="my_folder_name" value="<%if my_folder_name%><%escape_html my_folder_name%><%endif%>" class="text" /> </div> </div> <div class="row clear"> <label for="my_folder_description" class="name">Description:</label> <div class="value"> - <input type="text" id="my_folder_description" name="my_folder_description" value="<%if my_folder_description%><%my_folder_description%><%endif%>" class="text" /> + <input type="text" id="my_folder_description" name="my_folder_description" value="<%if my_folder_description%><%escape_html my_folder_description%><%endif%>" class="text" /> </div> </div> <div class="row clear"> Index: luna/bookmark_folder_edit.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/bookmark_folder_edit.html,v retrieving revision 1.11 retrieving revision 1.12 diff -u -b -r1.11 -r1.12 --- luna/bookmark_folder_edit.html 24 Mar 2005 08:58:29 -0000 1.11 +++ luna/bookmark_folder_edit.html 18 Apr 2005 21:39:36 -0000 1.12 @@ -23,17 +23,17 @@ <form action="<%config.db_cgi_url%>/bookmark.cgi" method="post"> <input type="hidden" name="action" value="folder_edit" /> - <input type="hidden" name="my_folder_id" value="<%my_folder_id%>" /> + <input type="hidden" name="my_folder_id" value="<%escape_html my_folder_id%>" /> <div class="row required clear"> <label for="my_folder_name" class="name">Name: <span>*</span></label> <div class="value"> - <input type="text" id="my_folder_name" name="my_folder_name" value="<%if my_folder_name%><%my_folder_name%><%endif%>" class="text" /> + <input type="text" id="my_folder_name" name="my_folder_name" value="<%if my_folder_name%><%escape_html my_folder_name%><%endif%>" class="text" /> </div> </div> <div class="row clear"> <label for="my_folder_description" class="name">Description:</label> <div class="value"> - <input type="text" id="my_folder_description" name="my_folder_description" value="<%if my_folder_description%><%my_folder_description%><%endif%>" class="text" /> + <input type="text" id="my_folder_description" name="my_folder_description" value="<%if my_folder_description%><%escape_html my_folder_description%><%endif%>" class="text" /> </div> </div> <div class="row clear"> Index: luna/bookmark_link_add.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/bookmark_link_add.html,v retrieving revision 1.15 retrieving revision 1.16 diff -u -b -r1.15 -r1.16 --- luna/bookmark_link_add.html 24 Mar 2005 08:58:29 -0000 1.15 +++ luna/bookmark_link_add.html 18 Apr 2005 21:39:36 -0000 1.16 @@ -31,7 +31,7 @@ <form action="<%config.db_cgi_url%>/bookmark.cgi" method="post"> <input type="hidden" name="action" value="link_add" /> - <input type="hidden" name="my_link_id_fk" value="<%ID%>" /> + <input type="hidden" name="my_link_id_fk" value="<%escape_html ID%>" /> <div class="row clear"> <label for="my_comment" class="name">Comments:</label> <div class="value"> @@ -42,10 +42,10 @@ <label for="my_folder_id_fk" class="name">Folder:<%if Folders.length > 1%> <span>*</span><%endif%></label> <div class="value<%if Folders.length == 1%> wrappedtext<%endif%>"> <%~if Folders.length == 1%> - <input type="hidden" name="my_folder_id_fk" value="<%Folders.0.my_folder_id%>" /><%Folders.0.my_folder_name%> + <input type="hidden" name="my_folder_id_fk" value="<%escape_html Folders.0.my_folder_id%>" /><%Folders.0.my_folder_name%> <%~else%> <select id="my_folder_id_fk" name="my_folder_id_fk"> - <%loop Folders%><option value="<%my_folder_id%>"<%if my_folder_default%> selected="selected"<%endif%>><%my_folder_name%></option><%endloop%> + <%loop Folders%><option value="<%escape_html my_folder_id%>"<%if my_folder_default%> selected="selected"<%endif%>><%my_folder_name%></option><%endloop%> </select> <%~endif%> </div> Index: luna/bookmark_link_edit.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/bookmark_link_edit.html,v retrieving revision 1.15 retrieving revision 1.16 diff -u -b -r1.15 -r1.16 --- luna/bookmark_link_edit.html 24 Mar 2005 08:58:29 -0000 1.15 +++ luna/bookmark_link_edit.html 18 Apr 2005 21:39:36 -0000 1.16 @@ -31,7 +31,7 @@ <form action="<%config.db_cgi_url%>/bookmark.cgi" method="post"> <input type="hidden" name="action" value="edit_bookmark" /> - <input type="hidden" name="id" value="<%ID%>" /> + <input type="hidden" name="id" value="<%escape_html ID%>" /> <div class="row clear"> <label for="my_comment" class="name">Comments:</label> <div class="value"> @@ -42,10 +42,10 @@ <label for="my_folder_id_fk" class="name">Folder:<%if Folders.length > 1%> <span>*</span><%endif%></label> <div class="value<%if Folders.length == 1%> wrappedtext<%endif%>"> <%~if Folders.length == 1%> - <input type="hidden" name="my_folder_id_fk" value="<%Folders.0.my_folder_id%>" /><%Folders.0.my_folder_name%> + <input type="hidden" name="my_folder_id_fk" value="<%escape_html Folders.0.my_folder_id%>" /><%Folders.0.my_folder_name%> <%~else%> <select id="my_folder_id_fk" name="my_folder_id_fk"> - <%loop Folders%><option value="<%my_folder_id%>"<%if my_folder_default%> selected="selected"<%endif%>><%my_folder_name%></option><%endloop%> + <%loop Folders%><option value="<%escape_html my_folder_id%>"<%if my_folder_default%> selected="selected"<%endif%>><%my_folder_name%></option><%endloop%> </select> <%~endif%> </div> Index: luna/bookmark_list.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/bookmark_list.html,v retrieving revision 1.12 retrieving revision 1.13 diff -u -b -r1.12 -r1.13 --- luna/bookmark_list.html 24 Mar 2005 08:58:29 -0000 1.12 +++ luna/bookmark_list.html 18 Apr 2005 21:39:36 -0000 1.13 @@ -56,9 +56,9 @@ <%if Bookmarks.length~%> <form action="<%config.db_cgi_url%>/bookmark.cgi" method="post"> <input type="hidden" name="action" value="links_manage" /> - <input type="hidden" name="my_folder_id" value="<%my_folder_id%>" /> + <input type="hidden" name="my_folder_id" value="<%escape_html my_folder_id%>" /> <%~loop Bookmarks%> - <input type="checkbox" name="m-id" value="<%ID%>" class="checkbox" /> + <input type="checkbox" name="m-id" value="<%escape_html ID%>" class="checkbox" /> <%~set editable = 1%> <%include bookmark_link.html%> <%~endloop%> @@ -66,7 +66,7 @@ <%~if folder_select.length%> <input type="submit" name="move" value="Move Links to" class="submit" /> <select name="move_folderid"> - <%loop folder_select%><option value="<%my_folder_id%>"><%my_folder_name%></option><%endloop%> + <%loop folder_select%><option value="<%escape_html my_folder_id%>"><%my_folder_name%></option><%endloop%> </select> <%~endif%> </form> Index: luna/bookmark_preferences.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/bookmark_preferences.html,v retrieving revision 1.12 retrieving revision 1.13 diff -u -b -r1.12 -r1.13 --- luna/bookmark_preferences.html 24 Mar 2005 08:58:29 -0000 1.12 +++ luna/bookmark_preferences.html 18 Apr 2005 21:39:36 -0000 1.13 @@ -53,7 +53,7 @@ <div class="row clear"> <label for="PerPage" class="name">Links Per Page:</label> <div class="value"> - <input type="text" id="PerPage" name="PerPage" value="<%PerPage%>" class="text shorttext" /> + <input type="text" id="PerPage" name="PerPage" value="<%escape_html PerPage%>" class="text shorttext" /> </div> </div> <div class="formsubmit"> Index: luna/category.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/category.html,v retrieving revision 1.22 retrieving revision 1.26 diff -u -b -r1.22 -r1.26 --- luna/category.html 29 Mar 2005 09:51:43 -0000 1.22 +++ luna/category.html 13 Apr 2005 19:39:01 -0000 1.26 @@ -28,8 +28,8 @@ <div class="crumb"><%Links::Utils::format_title($title_loop, separator => $crumb_separator, no_escape_separator => $no_escape_crumb_separator, include_home => 1, link_type => 2)%></div> <h2> <%category_short%> -<%~if config.newsletter_enabled%> - <%~Links::Newsletter::subscription_info($ID)%> +<%~if config.newsletter_enabled and not config.newsletter_global_subscribe%> + <%~Links::Newsletter::subscription_info($ID)%><%-- SubscriptionStatus: 0 = not subscribed, 1 = indirectly subscribed, 2 = directly subscribed --%> <%if SubscriptionStatus == 2%><span class="hsmall">(<a href="<%config.db_cgi_url%>/subscribe.cgi?action=unsubscribe;ID=<%ID%>" title="Unsubscribe to stop getting updates from this category">Unsubscribe</a>)</span><%elsif SubscriptionStatus == 1%><%else%><span class="hsmall">(<a href="<%config.db_cgi_url%>/subscribe.cgi?action=subscribe;ID=<%ID%>" title="Subscribe to get updates from this category">Subscribe</a>)</span><%endif%> <%~endif%> </h2> Index: luna/include_form.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/include_form.html,v retrieving revision 1.9 retrieving revision 1.10 diff -u -b -r1.9 -r1.10 --- luna/include_form.html 16 Mar 2005 08:44:37 -0000 1.9 +++ luna/include_form.html 18 Apr 2005 21:39:36 -0000 1.10 @@ -1,13 +1,13 @@ <div class="row required clear"> <label for="Title" class="name">Title: <span>*</span></label> <div class="value"> - <input type="text" id="Title" name="Title" value="<%if Title%><%Title%><%endif%>" class="text" /> + <input type="text" id="Title" name="Title" value="<%if Title%><%escape_html Title%><%endif%>" class="text" /> </div> </div> <div class="row required clear"> <label for="URL" class="name">URL: <span>*</span></label> <div class="value"> - <input type="text" id="URL" name="URL" value="<%if URL%><%URL%><%else%>http://<%endif%>" class="text" /> + <input type="text" id="URL" name="URL" value="<%if URL%><%escape_html URL%><%else%>http://<%endif%>" class="text" /> </div> </div> <div class="row<%unless category_loop_selected%> required<%endunless%> clear"> @@ -15,14 +15,14 @@ <div class="value<%if category_loop_selected%> wrappedtext<%endif%>"> <%if category_loop_selected%> <%if category_loop.length > 1%> - <ul><%loop category_loop%><li><%Full_Name%><input type="hidden" name="CatLinks.CategoryID" value="<%ID%>" /></li><%endloop%></ul> + <ul><%loop category_loop%><li><%Full_Name%><input type="hidden" name="CatLinks.CategoryID" value="<%escape_html ID%>" /></li><%endloop%></ul> <%else%> - <%loop category_loop%><%Full_Name%><input type="hidden" name="CatLinks.CategoryID" value="<%ID%>" /><%endloop%> + <%loop category_loop%><%Full_Name%><input type="hidden" name="CatLinks.CategoryID" value="<%escape_html ID%>" /><%endloop%> <%endif%> <%else%> <select id="CatLinks.CategoryID" name="CatLinks.CategoryID"> <%loop category_loop%> - <option value="<%ID%>"<%if selected%> selected="selected"<%endif%>><%' ' x $CatDepth%><%Name%></option> + <option value="<%escape_html ID%>"<%if selected%> selected="selected"<%endif%>><%' ' x $CatDepth%><%Name%></option> <%endloop%> </select> <%endif%> @@ -31,18 +31,18 @@ <div class="row clear"> <label for="Description" class="name">Description:</label> <div class="value"> - <textarea id="Description" name="Description" rows="3" cols="42"><%if Description%><%Description%><%endif%></textarea> + <textarea id="Description" name="Description" rows="3" cols="42"><%if Description%><%escape_html Description%><%endif%></textarea> </div> </div> <div class="row clear"> <label for="Contact_Name" class="name">Contact Name:</label> <div class="value"> - <input type="text" id="Contact_Name" name="Contact_Name" value="<%if Contact_Name%><%Contact_Name%><%endif%>" class="text" /> + <input type="text" id="Contact_Name" name="Contact_Name" value="<%if Contact_Name%><%escape_html Contact_Name%><%endif%>" class="text" /> </div> </div> <div class="row clear"> <label for="Contact_Email" class="name">Contact E-mail:</label> <div class="value"> - <input type="text" id="Contact_Email" name="Contact_Email" value="<%if Contact_Email%><%Contact_Email%><%endif%>" class="text" /> + <input type="text" id="Contact_Email" name="Contact_Email" value="<%if Contact_Email%><%escape_html Contact_Email%><%endif%>" class="text" /> </div> </div> Index: luna/include_header.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/include_header.html,v retrieving revision 1.11 retrieving revision 1.12 diff -u -b -r1.11 -r1.12 --- luna/include_header.html 1 Apr 2005 02:54:08 -0000 1.11 +++ luna/include_header.html 18 Apr 2005 21:39:36 -0000 1.12 @@ -20,8 +20,8 @@ <div class="searchbar"> <form action="<%config.db_cgi_url%>/search.cgi"> <label for="searchbox">Search</label> - <%if category_id%><input type="radio" id="searchentire" name="catid" value="" checked="checked" /><label for="searchentire">the entire directory</label> <input type="radio" id="searchcat" name="catid" value="<%category_id%>" /><label for="searchcat">only this category</label><%endif%> - <input type="text" id="searchbox" name="query" value="<%if query%><%query%><%endif%>" class="text" /><input type="submit" name="Go" value="Go" class="submit" /> <a href="<%config.db_cgi_url%>/search.cgi">Advanced Search</a> + <%if category_id%><input type="radio" id="searchentire" name="catid" value="" checked="checked" /><label for="searchentire">the entire directory</label> <input type="radio" id="searchcat" name="catid" value="<%escape_html category_id%>" /><label for="searchcat">only this category</label><%endif%> + <input type="text" id="searchbox" name="query" value="<%if query%><%escape_html query%><%endif%>" class="text" /><input type="submit" name="Go" value="Go" class="submit" /> <a href="<%config.db_cgi_url%>/search.cgi">Advanced Search</a> </form> </div> <hr class="hide" /> Index: luna/language.txt =================================================================== RCS file: /glinks/cgi/admin/templates/luna/language.txt,v retrieving revision 1.16 retrieving revision 1.17 diff -u -b -r1.16 -r1.17 --- luna/language.txt 4 Apr 2005 22:39:55 -0000 1.16 +++ luna/language.txt 15 Apr 2005 03:32:10 -0000 1.17 @@ -148,6 +148,7 @@ 'REVIEW_INVALIDID' => 'Invalid Link ID : %s.', 'REVIEW_INVALID_ACTION' => 'Invalid action!', 'REVIEW_INVALID_UPDATE' => 'Unable to update review database. User is invalid for this review or the review is not validated.', + 'REVIEW_MODIFY_DENIED' => 'You have already reviewed this link. Reviews cannot be modified.', 'REVIEW_NORESULTS' => 'No reviews are available.', 'REVIEW_NOT_EXISTS' => 'Review doesn\'t exist!', 'REVIEW_RATING' => 'Please select a rating from 1 to 5 only.', Index: luna/login.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/login.html,v retrieving revision 1.12 retrieving revision 1.15 diff -u -b -r1.12 -r1.15 --- luna/login.html 24 Mar 2005 08:58:29 -0000 1.12 +++ luna/login.html 18 Apr 2005 21:39:36 -0000 1.15 @@ -25,12 +25,12 @@ <form action="<%config.db_cgi_url%>/user.cgi" method="post"> <input type="hidden" name="login" value="1" /> - <%if url%><input type="hidden" name="url" value="<%url%>" /><%endif%> + <%if url%><input type="hidden" name="url" value="<%escape_html url%>" /><%endif%> <div class="row required clear"> <label for="Username" class="name">Username:</label> <div class="value"> - <input type="text" id="Username" name="Username" value="<%if Username%><%Username%><%endif%>" class="text" /> + <input type="text" id="Username" name="Username" value="<%if Username%><%escape_html Username%><%endif%>" class="text" /> </div> </div> <div class="row required clear"> Index: luna/login_email.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/login_email.html,v retrieving revision 1.10 retrieving revision 1.11 diff -u -b -r1.10 -r1.11 --- luna/login_email.html 24 Mar 2005 08:58:29 -0000 1.10 +++ luna/login_email.html 18 Apr 2005 21:39:36 -0000 1.11 @@ -26,7 +26,7 @@ <form action="<%config.db_cgi_url%>/user.cgi" method="post"> <input type="hidden" name="send_pass" value="1" /> - <%if url%><input type="hidden" name="url" value="<%url%>" /><%endif%> + <%if url%><input type="hidden" name="url" value="<%escape_html url%>" /><%endif%> <div class="row required clear"> <label for="Email" class="name">E-mail Address:</label> Index: luna/modify.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/modify.html,v retrieving revision 1.9 retrieving revision 1.10 diff -u -b -r1.9 -r1.10 --- luna/modify.html 24 Mar 2005 08:58:29 -0000 1.9 +++ luna/modify.html 18 Apr 2005 21:39:36 -0000 1.10 @@ -23,10 +23,10 @@ <form action="<%config.db_cgi_url%>/modify.cgi" enctype="multipart/form-data" method="post"> <input type="hidden" name="modify" value="1" /> <%~if LinkID%> - <input type="hidden" name="LinkID" value="<%LinkID%>" /> + <input type="hidden" name="LinkID" value="<%escape_html LinkID%>" /> <%~else%> Please enter the URL of the link you wish to modify. Make sure it is identical to the one already in the database: - <input type="text" name="Current_URL" value="<%if Current_URL%><%Current_URL%><%endif%>" class="text" /> + <input type="text" name="Current_URL" value="<%if Current_URL%><%escape_html Current_URL%><%endif%>" class="text" /> Now enter the new information (all of it, not just the changes) below: <%~endif%> <%include include_form.html%> Index: luna/modify_select.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/modify_select.html,v retrieving revision 1.12 retrieving revision 1.13 diff -u -b -r1.12 -r1.13 --- luna/modify_select.html 24 Mar 2005 08:58:29 -0000 1.12 +++ luna/modify_select.html 18 Apr 2005 21:39:36 -0000 1.13 @@ -34,7 +34,7 @@ <form action="<%config.db_cgi_url%>/modify.cgi" method="post"> <%~loop link_results_loop%> - <input type="radio" name="LinkID" value="<%ID%>" class="radio"<%if isValidated eq 'No'%> disabled="disabled"<%endif%> /> + <input type="radio" name="LinkID" value="<%escape_html ID%>" class="radio"<%if isValidated eq 'No'%> disabled="disabled"<%endif%> /> <%include link.html%> <%~endloop%> <input type="submit" value="Modify Link" class="submit" /> Index: luna/newsletter_browse.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/newsletter_browse.html,v retrieving revision 1.13 retrieving revision 1.14 diff -u -b -r1.13 -r1.14 --- luna/newsletter_browse.html 24 Mar 2005 08:58:29 -0000 1.13 +++ luna/newsletter_browse.html 18 Apr 2005 21:39:36 -0000 1.14 @@ -87,9 +87,9 @@ <form id="update" action="<%config.db_cgi_url%>/subscribe.cgi" method="post"> <input type="hidden" name="action" value="update" /> - <%if root%><input type="hidden" name="root" value="<%root%>" /><%endif%> + <%if root%><input type="hidden" name="root" value="<%escape_html root%>" /><%endif%> <%~loop category%> - <input type="checkbox" name="S<%ID%>" value="<%ID%><%if Children.length%>,<%endif%><%loop Children%><%loop_value%><%unless last%>,<%endunless%><%endloop%>"<%if Subscribed%> checked="checked"<%endif%> class="indent<%CatDepth%>" /><input type="hidden" name="<%if Subscribed%>subscribed<%else%>unsubscribed<%endif%>" value="<%ID%>" /><%if HasMoreChildren%><a href="<%config.db_cgi_url%>/subscribe.cgi?action=browse;root=<%ID%>"><%endif%><%Name%><%if HasMoreChildren%></a><%endif%><br /> + <input type="checkbox" name="S<%ID%>" value="<%escape_html ID%><%if Children.length%>,<%endif%><%loop Children%><%loop_value%><%unless last%>,<%endunless%><%endloop%>"<%if Subscribed%> checked="checked"<%endif%> class="indent<%CatDepth%>" /><input type="hidden" name="<%if Subscribed%>subscribed<%else%>unsubscribed<%endif%>" value="<%escape_html ID%>" /><%if HasMoreChildren%><a href="<%config.db_cgi_url%>/subscribe.cgi?action=browse;root=<%ID%>"><%endif%><%Name%><%if HasMoreChildren%></a><%endif%><br /> <%~endloop%> <input type="submit" value="Update Subscriptions" class="submit" /> </form> Index: luna/newsletter_list.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/newsletter_list.html,v retrieving revision 1.13 retrieving revision 1.14 diff -u -b -r1.13 -r1.14 --- luna/newsletter_list.html 24 Mar 2005 08:58:29 -0000 1.13 +++ luna/newsletter_list.html 18 Apr 2005 21:39:36 -0000 1.14 @@ -39,7 +39,7 @@ <input type="hidden" name="page" value="newsletter_list" /> <%if subscribed.length > 1%><input type="checkbox" id="checkall" class="checkbox" /> <label for="checkall"><strong>Select All</strong></label><br /><%endif%> <%loop subscribed~%> - <input type="checkbox" id="ID-<%CategoryID%>" name="ID" value="<%CategoryID%>" class="checkbox" /> <label for="ID-<%CategoryID%>"><%Full_Name%></label><br /> + <input type="checkbox" id="ID-<%CategoryID%>" name="ID" value="<%escape_html CategoryID%>" class="checkbox" /> <label for="ID-<%CategoryID%>"><%Full_Name%></label><br /> <%~endloop%> <input type="submit" value="Unsubscribe" class="submit" /> </form> Index: luna/payment.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/payment.html,v retrieving revision 1.10 retrieving revision 1.11 diff -u -b -r1.10 -r1.11 --- luna/payment.html 24 Mar 2005 08:58:29 -0000 1.10 +++ luna/payment.html 18 Apr 2005 21:39:36 -0000 1.11 @@ -49,8 +49,8 @@ <input type="hidden" name="do" value="payment_method" /> <input type="hidden" name="last_step" value="term" /> <input type="hidden" name="last_page" value="payment" /> - <input type="hidden" name="cat_id" value="<%cat_id%>" /> - <input type="hidden" name="link_id" value="<%link_id%>" /> + <input type="hidden" name="cat_id" value="<%escape_html cat_id%>" /> + <input type="hidden" name="link_id" value="<%escape_html link_id%>" /> <%if modify%><input type="hidden" name="modify" value="1" /><%endif%> <%if signup and not wasPaid%> @@ -63,7 +63,7 @@ <%~endif%> </strong><br /> <%~loop signup%> - <input type="radio" id="payment_term-<%term%>" name="payment_term" value="<%term%>"<%if last_chosen and last_chosen eq $term and not last_recurring%> checked="checked"<%endif%> class="radio" /> + <input type="radio" id="payment_term-<%term%>" name="payment_term" value="<%escape_html term%>"<%if last_chosen and last_chosen eq $term and not last_recurring%> checked="checked"<%endif%> class="radio" /> <label for="payment_term-<%term%>"><%Links::Payment::currency($cost)%>: <%if term_num and term_unit%><%term_num%> <%term_unit%><%else%>Lifetime<%endif%></label><br /> <%~endloop%> </p> @@ -80,7 +80,7 @@ <%~endif%> <%~loop renewal%> - <%if wasPaid%><input type="radio" id="payment_term-<%term%>" name="payment_term" value="<%term%>"<%if last_chosen and last_chosen eq $term and not last_recurring%> checked="checked"<%endif%> class="radio" /><%endif%> + <%if wasPaid%><input type="radio" id="payment_term-<%term%>" name="payment_term" value="<%escape_html term%>"<%if last_chosen and last_chosen eq $term and not last_recurring%> checked="checked"<%endif%> class="radio" /><%endif%> <%if wasPaid%><label for="payment_term-<%term%>"><%endif%><%Links::Payment::currency($cost)%>: <%if term_num and term_unit%><%term_num%> <%term_unit%><%else%>Lifetime<%endif%><%if wasPaid%></label><%endif%><br /> <%~endloop%> </p> @@ -90,7 +90,7 @@ <p> <strong>Automatically recurring payments:</strong><br /> <%~loop recurring%> - <input type="radio" id="payment_term-<%term%>-rec" name="payment_term" value="<%term%>-rec"<%if last_chosen and last_chosen eq $term and last_recurring%> checked="checked"<%endif%> class="radio" /> + <input type="radio" id="payment_term-<%term%>-rec" name="payment_term" value="<%escape_html term%>-rec"<%if last_chosen and last_chosen eq $term and last_recurring%> checked="checked"<%endif%> class="radio" /> <label for="payment_term-<%term%>-rec"><%Links::Payment::currency($cost)%> <%if term_num == 1%>per <%term_unit%><%else%> every <%term_num%> <%term_unit%><%endif%></label><br /> <%~endloop%> </p> Index: luna/payment_2checkout_include.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/payment_2checkout_include.html,v retrieving revision 1.2 retrieving revision 1.3 diff -u -b -r1.2 -r1.3 --- luna/payment_2checkout_include.html 1 Feb 2005 01:13:21 -0000 1.2 +++ luna/payment_2checkout_include.html 18 Apr 2005 21:39:36 -0000 1.3 @@ -1,6 +1,6 @@ <form action="https://www.2checkout.com/cgi-bin/sbuyers/cartpurchase.2c" method="post"> - <input type="hidden" name="sid" value="<%seller_id%>" /> - <input type="hidden" name="total" value="<%payment_amount%>" /> - <input type="hidden" name="cart_order_id" value="<%unique_id%>" /> + <input type="hidden" name="sid" value="<%escape_html seller_id%>" /> + <input type="hidden" name="total" value="<%escape_html payment_amount%>" /> + <input type="hidden" name="cart_order_id" value="<%escape_html unique_id%>" /> <input type="submit" value="Make Payment" class="submit" /> </form> Index: luna/payment_direct.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/payment_direct.html,v retrieving revision 1.11 retrieving revision 1.12 diff -u -b -r1.11 -r1.12 --- luna/payment_direct.html 24 Mar 2005 08:58:29 -0000 1.11 +++ luna/payment_direct.html 14 Apr 2005 03:16:50 -0000 1.12 @@ -21,9 +21,11 @@ <div class="crumb"><%Links::Utils::format_title($main_title_loop, separator => $crumb_separator, no_escape_separator => $no_escape_crumb_separator, include_home => 1, link_type => 2)%></div> <h2>Payment Confirmation</h2> -Your payment has been approved, and your link enabled. You will be redirected -to the main page shortly. If this does not happen, click -<a href="<%Links::transform_url($config.build_root_url)%>">here</a>. +<p> + Your payment has been approved, and your link enabled. You will be redirected + to the main page shortly. If this does not happen, click + <a href="<%Links::transform_url($config.build_root_url)%>">here</a>. +</p> </div> </div> Index: luna/payment_direct_include.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/payment_direct_include.html,v retrieving revision 1.9 retrieving revision 1.10 diff -u -b -r1.9 -r1.10 --- luna/payment_direct_include.html 16 Mar 2005 08:44:37 -0000 1.9 +++ luna/payment_direct_include.html 18 Apr 2005 21:39:36 -0000 1.10 @@ -13,11 +13,11 @@ <input type="hidden" name="do" value="payment_direct" /> <input type="hidden" name="last_step" value="form" /> <input type="hidden" name="last_page" value="payment_form" /> - <input type="hidden" name="cat_id" value="<%cat_id%>" /> - <input type="hidden" name="link_id" value="<%link_id%>" /> - <input type="hidden" name="payment_term" value="<%payment_term%>" /> - <input type="hidden" name="payment_method" value="<%payment_method%>" /> - <input type="hidden" name="payment_method_type" value="<%payment_method_type%>" /> + <input type="hidden" name="cat_id" value="<%escape_html cat_id%>" /> + <input type="hidden" name="link_id" value="<%escape_html link_id%>" /> + <input type="hidden" name="payment_term" value="<%escape_html payment_term%>" /> + <input type="hidden" name="payment_method" value="<%escape_html payment_method%>" /> + <input type="hidden" name="payment_method_type" value="<%escape_html payment_method_type%>" /> <%if modify%><input type="hidden" name="modify" value="1" /><%endif%> <div class="row<%unless no_cc_brand%> required<%endunless%><%if credit_card_brand_error%> invalid<%endif%> clear"> @@ -27,7 +27,7 @@ <%loop payment_types%><%name%><%unless last%>, <%endunless%><%endloop%> <%else%> <select id="credit_card_brand" name="credit_card_brand"> - <option value="">---</option><%loop payment_types%><option value="<%code%>"<%if credit_card_brand eq $code%> selected="selected"<%endif%>><%name%></option><%endloop%> + <option value="">---</option><%loop payment_types%><option value="<%escape_html code%>"<%if credit_card_brand eq $code%> selected="selected"<%endif%>><%name%></option><%endloop%> </select> <%endif%> </div> @@ -35,7 +35,7 @@ <div class="row required<%if credit_card_number_error%> invalid<%endif%> clear"> <label for="credit_card_number" class="name">Card Number: <span>*</span></label> <div class="value"> - <input type="text" id="credit_card_number" name="credit_card_number" value="<%if credit_card_number%><%credit_card_number%><%endif%>" class="text" autocomplete="off" /> + <input type="text" id="credit_card_number" name="credit_card_number" value="<%if credit_card_number%><%escape_html credit_card_number%><%endif%>" class="text" autocomplete="off" /> </div> </div> <div class="row required<%if credit_card_expiry_error%> invalid<%endif%> clear"> @@ -66,25 +66,25 @@ <div class="row required<%if billing_fname_error%> invalid<%endif%> clear"> <label for="billing_fname" class="name">First Name: <span>*</span></label> <div class="value"> - <input type="text" id="billing_fname" name="billing_fname" value="<%if billing_fname%><%billing_fname%><%endif%>" class="text" /> + <input type="text" id="billing_fname" name="billing_fname" value="<%if billing_fname%><%escape_html billing_fname%><%endif%>" class="text" /> </div> </div> <div class="row required<%if billing_lname_error%> invalid<%endif%> clear"> <label for="billing_lname" class="name">Last Name: <span>*</span></label> <div class="value"> - <input type="text" id="billing_lname" name="billing_lname" value="<%if billing_lname%><%billing_lname%><%endif%>" class="text" /> + <input type="text" id="billing_lname" name="billing_lname" value="<%if billing_lname%><%escape_html billing_lname%><%endif%>" class="text" /> </div> </div> <div class="row required<%if billing_address_1_error%> invalid<%endif%> clear"> <label for="billing_address_1" class="name">Address Line 1: <span>*</span></label> <div class="value"> - <input type="text" id="billing_address_1" name="billing_address_1" value="<%if billing_address_1%><%billing_address_1%><%endif%>" class="text" /> + <input type="text" id="billing_address_1" name="billing_address_1" value="<%if billing_address_1%><%escape_html billing_address_1%><%endif%>" class="text" /> </div> </div> <div class="row<%if billing_address_2_error%> invalid<%endif%> clear"> <label for="billing_address_2" class="name">Address Line 2:</label> <div class="value"> - <input type="text" id="billing_address_2" name="billing_address_2" value="<%if billing_address_2%><%billing_address_2%><%endif%>" class="text" /> + <input type="text" id="billing_address_2" name="billing_address_2" value="<%if billing_address_2%><%escape_html billing_address_2%><%endif%>" class="text" /> </div> </div> <div class="row required<%if billing_city_error%> invalid<%endif%> clear"> Index: luna/payment_method.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/payment_method.html,v retrieving revision 1.11 retrieving revision 1.12 diff -u -b -r1.11 -r1.12 --- luna/payment_method.html 24 Mar 2005 08:58:29 -0000 1.11 +++ luna/payment_method.html 18 Apr 2005 21:39:36 -0000 1.12 @@ -48,14 +48,14 @@ <input type="hidden" name="do" value="payment_form" /> <input type="hidden" name="last_step" value="method" /> <input type="hidden" name="last_page" value="payment_method" /> - <input type="hidden" name="cat_id" value="<%cat_id%>" /> - <input type="hidden" name="link_id" value="<%link_id%>" /> - <input type="hidden" name="payment_term" value="<%payment_term%>" /> + <input type="hidden" name="cat_id" value="<%escape_html cat_id%>" /> + <input type="hidden" name="link_id" value="<%escape_html link_id%>" /> + <input type="hidden" name="payment_term" value="<%escape_html payment_term%>" /> <%if modify%><input type="hidden" name="modify" value="1" /><%endif%> <%~if direct_methods_used or remote_methods_used%> <%~loop payment_methods%> - <input type="radio" id="payment_method-<%if payment_direct%>direct<%else%>remote<%endif%>_<%payment_method%>" name="payment_method" value="<%if payment_direct%>direct<%else%>remote<%endif%>_<%payment_method%>" class="radio" /> + <input type="radio" id="payment_method-<%if payment_direct%>direct<%else%>remote<%endif%>_<%payment_method%>" name="payment_method" value="<%if payment_direct%>direct<%else%>remote<%endif%>_<%escape_html payment_method%>" class="radio" /> <label for="payment_method-<%if payment_direct%>direct<%else%>remote<%endif%>_<%payment_method%>"><%if payment_name%><%payment_name%><%else%><%payment_method%><%endif%></label><br /> <blockquote><%loop payment_types%><%name%><%unless last%>, <%endunless%><%endloop%></blockquote> <%~endloop%> Index: luna/payment_paypal_include.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/payment_paypal_include.html,v retrieving revision 1.4 retrieving revision 1.5 diff -u -b -r1.4 -r1.5 --- luna/payment_paypal_include.html 4 Mar 2005 21:35:27 -0000 1.4 +++ luna/payment_paypal_include.html 18 Apr 2005 21:39:36 -0000 1.5 @@ -1,26 +1,26 @@ <form action="https://www.<%if sandbox%>sandbox.<%endif%>paypal.com/cgi-bin/webscr" method="post"> - <input type="hidden" name="business" value="<%if to_email%><%to_email%><%else%><%business_email%><%endif%>" /> - <input type="hidden" name="currency_code" value="<%currency%>" /> + <input type="hidden" name="business" value="<%if to_email%><%escape_html to_email%><%else%><%escape_html business_email%><%endif%>" /> + <input type="hidden" name="currency_code" value="<%escape_html currency%>" /> <input type="hidden" name="return" value="<%config.db_cgi_url%>/add.cgi" /> <input type="hidden" name="custom" value="do;process_payment=1;payment_success=1<%loop config.dynamic_preserve%><%if in.$loop_value%>;<%loop_value%>=<%in.$loop_value%><%endloop%>" /> <input type="hidden" name="cancel_return" value="<%config.db_cgi_url%>/add.cgi" /> <input type="hidden" name="rm" value="2" /> - <%if notify_url%><input type="hidden" name="notify_url" value="<%notify_url%>" /><%endif%> - <%if pp_image_url%><input type="hidden" name="image_url" value="<%pp_image_url%>" /><%endif%> - <%if note and payment_type != 2 %><input type="hidden" name="cn" value="<%note%>" /><%else%><input type="hidden" name="no_note" value="1" /><%endif%> + <%if notify_url%><input type="hidden" name="notify_url" value="<%escape_html notify_url%>" /><%endif%> + <%if pp_image_url%><input type="hidden" name="image_url" value="<%escape_html pp_image_url%>" /><%endif%> + <%if note and payment_type != 2 %><input type="hidden" name="cn" value="<%escape_html note%>" /><%else%><input type="hidden" name="no_note" value="1" /><%endif%> <%if color eq 'black'%><input type="hidden" name="cs" value="1" /><%endif%> <input type="hidden" name="cmd" value="_xclick<%if payment_type == 2%>-subscriptions<%endif%>" /> <%~if payment_type == 2%> - <input type="hidden" name="a3" value="<%payment_amount%>" /> - <input type="hidden" name="p3" value="<%payment_term_num%>" /> + <input type="hidden" name="a3" value="<%escape_html payment_amount%>" /> + <input type="hidden" name="p3" value="<%escape_html payment_term_num%>" /> <input type="hidden" name="t3" value="<%if payment_term_u istarts 'd'%>D<%elsif payment_term_u istarts 'w'%>W<%elsif payment_term_u istarts 'm'%>M<%elsif payment_term_u istarts 'y'%>Y<%endif%>" /> <input type="hidden" name="src" value="1" /> <input type="hidden" name="sra" value="1" /> <%~else%> - <input type="hidden" name="amount" value="<%payment_amount%>" /> + <input type="hidden" name="amount" value="<%escape_html payment_amount%>" /> <%~endif%> - <input type="hidden" name="invoice" value="<%unique_id%>" /> - <input type="hidden" name="item_name" value="<%site_title%> link submission (<%ifnot payment_term_num%>Lifetime<%else%><%payment_term_num%> <%payment_term_unit%><%endif%><%if payment_type == 2%>, recurring<%endif%>)" /> + <input type="hidden" name="invoice" value="<%escape_html unique_id%>" /> + <input type="hidden" name="item_name" value="<%escape_html site_title%> link submission (<%ifnot payment_term_num%>Lifetime<%else%><%escape_html payment_term_num%> <%escape_html payment_term_unit%><%endif%><%if payment_type == 2%>, recurring<%endif%>)" /> <input type="hidden" name="no_shipping" value="1" /> - <input type="image" name="submit" src="<%if button_custom%><%button_custom%><%else%>https://www.paypal.com/images/<%button%><%endif%>" title="Make payments with PayPal - it's fast, free and secure!" class="image" /> + <input type="image" name="submit" src="<%if button_custom%><%escape_html button_custom%><%else%>https://www.paypal.com/images/<%button%><%endif%>" title="Make payments with PayPal - it's fast, free and secure!" class="image" /> </form> Index: luna/payment_success.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/payment_success.html,v retrieving revision 1.11 retrieving revision 1.12 diff -u -b -r1.11 -r1.12 --- luna/payment_success.html 24 Mar 2005 08:58:29 -0000 1.11 +++ luna/payment_success.html 14 Apr 2005 03:16:50 -0000 1.12 @@ -21,7 +21,10 @@ <div class="crumb"><%Links::Utils::format_title($main_title_loop, separator => $crumb_separator, no_escape_separator => $no_escape_crumb_separator, include_home => 1, link_type => 2)%></div> <h2>Payment Confirmation</h2> -Your payment has been approved. You will be redirected to the main page shortly. If this does not happen, click <a href="<%Links::transform_url($config.build_root_url)%>">here</a>. +<p> + Your payment has been approved. You will be redirected to the main page shortly. + If this does not happen, click <a href="<%Links::transform_url($config.build_root_url)%>">here</a>. +</p> </div> </div> Index: luna/payment_worldpay_include.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/payment_worldpay_include.html,v retrieving revision 1.3 retrieving revision 1.4 diff -u -b -r1.3 -r1.4 --- luna/payment_worldpay_include.html 15 Feb 2005 21:06:14 -0000 1.3 +++ luna/payment_worldpay_include.html 18 Apr 2005 21:39:36 -0000 1.4 @@ -1,19 +1,19 @@ <form action="https://select.worldpay.com/wcc/purchase" method="post"> - <input type="hidden" name="instId" value="<%installation_id%>" /> - <%if test_mode%><input type="hidden" name="testMode" value="<%test_mode%>" /><%endif%> - <input type="hidden" name="currency" value="<%currency%>" /> - <input type="hidden" name="amount" value="<%payment_amount%>" /> + <input type="hidden" name="instId" value="<%escape_html installation_id%>" /> + <%if test_mode%><input type="hidden" name="testMode" value="<%escape_html test_mode%>" /><%endif%> + <input type="hidden" name="currency" value="<%escape_html currency%>" /> + <input type="hidden" name="amount" value="<%escape_html payment_amount%>" /> <%~if payment_type = 2%> <input type="hidden" name="futurePayType" value="regular" /> <input type="hidden" name="option" value="0" /> - <input type="hidden" name="normalAmount" value="<%payment_amount%>" /> + <input type="hidden" name="normalAmount" value="<%escape_html payment_amount%>" /> <input type="hidden" name="startDelayUnit" value="<%if payment_term_u istarts 'd'%>1<%elsif payment_term_u istarts 'w'%>2<%elsif payment_term_u istarts 'm'%>3<%elsif payment_term_u istarts 'y'%>4<%endif%>" /> - <input type="hidden" name="startDelayMult" value="<%payment_term_num%>" /> + <input type="hidden" name="startDelayMult" value="<%escape_html payment_term_num%>" /> <input type="hidden" name="intervalUnit" value="<%if payment_term_u istarts 'd'%>1<%elsif payment_term_u istarts 'w'%>2<%elsif payment_term_u istarts 'm'%>3<%elsif payment_term_u istarts 'y'%>4<%endif%>" /> - <input type="hidden" name="intervalMult" value="<%payment_term_num%>" /> + <input type="hidden" name="intervalMult" value="<%escape_html payment_term_num%>" /> <%~endif%> - <input type="hidden" name="cartId" value="<%unique_id%>" /> - <input type="hidden" name="desc" value="<%site_title%> link submission (<%ifnot payment_term_num%>Lifetime<%else%><%payment_term_num%> <%payment_term_unit%><%endif%><%if payment_type == 2%>, recurring<%endif%>)" /> + <input type="hidden" name="cartId" value="<%escape_html unique_id%>" /> + <input type="hidden" name="desc" value="<%escape_html site_title%> link submission (<%ifnot payment_term_num%>Lifetime<%else%><%escape_html payment_term_num%> <%escape_html payment_term_unit%><%endif%><%if payment_type == 2%>, recurring<%endif%>)" /> <input type="hidden" name="signatureFields" value="amount:currency:cartId" /> <input type="hidden" name="signature" value="<%GT::Payment::Remote::WorldPay::md5_signature($md5_password, $payment_amount, $currency, $unique_id)%>" /> <input type="submit" value="Make Payment" class="submit" /> Index: luna/rate.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/rate.html,v retrieving revision 1.11 retrieving revision 1.12 diff -u -b -r1.11 -r1.12 --- luna/rate.html 24 Mar 2005 08:58:29 -0000 1.11 +++ luna/rate.html 18 Apr 2005 21:39:36 -0000 1.12 @@ -25,7 +25,7 @@ </p> <form action="<%config.db_cgi_url%>/rate.cgi" method="post"> - <input type="hidden" name="ID" value="<%ID%>" /> + <input type="hidden" name="ID" value="<%escape_html ID%>" /> <div class="row required clear"> <label for="rate" class="name">Link Rating:</label> Index: luna/review_add.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/review_add.html,v retrieving revision 1.15 retrieving revision 1.17 diff -u -b -r1.15 -r1.17 --- luna/review_add.html 24 Mar 2005 08:58:29 -0000 1.15 +++ luna/review_add.html 18 Apr 2005 21:39:36 -0000 1.17 @@ -27,7 +27,7 @@ </p> <form action="<%config.db_cgi_url%>/review.cgi" method="post"> - <%if ID%><input type="hidden" name="ID" value="<%ID%>" /><%endif%> + <%if ID%><input type="hidden" name="ID" value="<%escape_html ID%>" /><%endif%> <input type="hidden" name="add_this_review" value="1" /> <div class="row required clear"> <label class="name">Your Rating: <span>*</span></label> @@ -42,32 +42,32 @@ <div class="row required clear"> <label for="Review_Subject" class="name">Subject: <span>*</span></label> <div class="value"> - <input type="text" id="Review_Subject" name="Review_Subject" value="<%if Review_Subject%><%Review_Subject%><%endif%>" class="text" /> + <input type="text" id="Review_Subject" name="Review_Subject" value="<%if Review_Subject%><%escape_html Review_Subject%><%endif%>" class="text" /> </div> </div> <div class="row clear"> <label for="Review_ByLine" class="name">By Line:</label> <div class="value"> - <input type="text" id="Review_ByLine" name="Review_ByLine" value="<%if Review_ByLine%><%Review_ByLine%><%endif%>" class="text" /> + <input type="text" id="Review_ByLine" name="Review_ByLine" value="<%if Review_ByLine%><%escape_html Review_ByLine%><%endif%>" class="text" /> </div> </div> <div class="row required clear"> <label for="Review_Contents" class="name">Your Review: <span>*</span></label> <div class="value"> - <textarea id="Review_Contents" name="Review_Contents" rows="3" cols="42"><%if Review_Contents%><%Review_Contents%><%endif%></textarea> + <textarea id="Review_Contents" name="Review_Contents" rows="3" cols="42"><%if Review_Contents%><%escape_html Review_Contents%><%endif%></textarea> </div> </div> -<%~if anonymous%> +<%~if not config.user_review_required and not user.Username%> <div class="row required clear"> <label for="Review_GuestName" class="name">Your Name: <span>*</span></label> <div class="value"> - <input type="text" id="Review_GuestName" name="Review_GuestName" value="<%if Review_GuestName%><%Review_GuestName%><%endif%>" class="text" /> + <input type="text" id="Review_GuestName" name="Review_GuestName" value="<%if Review_GuestName%><%escape_html Review_GuestName%><%endif%>" class="text" /> </div> </div> <div class="row required clear"> <label for="Review_GuestEmail" class="name">Your E-mail: <span>*</span></label> <div class="value"> - <input type="text" id="Review_GuestEmail" name="Review_GuestEmail" value="<%if Review_GuestEmail%><%Review_GuestEmail%><%endif%>" class="text" /> + <input type="text" id="Review_GuestEmail" name="Review_GuestEmail" value="<%if Review_GuestEmail%><%escape_html Review_GuestEmail%><%endif%>" class="text" /> </div> </div> <%~endif%> Index: luna/review_add_success.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/review_add_success.html,v retrieving revision 1.12 retrieving revision 1.14 diff -u -b -r1.12 -r1.14 --- luna/review_add_success.html 24 Mar 2005 08:58:29 -0000 1.12 +++ luna/review_add_success.html 15 Apr 2005 00:07:25 -0000 1.14 @@ -40,7 +40,7 @@ <label class="name">Review:</label> <div class="value wrappedtext"><%Review_Contents%></div> </div> -<%~ifnot config.user_review_required%> +<%~if not config.user_review_required and not user.Username%> <div class="row clear"> <label class="name">Name:</label> <div class="value wrappedtext"><%Review_GuestName%></div> @@ -52,7 +52,11 @@ <%~endif%> <p> +<%~if config.review_auto_validate%> + Thank you! Your review has been added. +<%~else%> Thank you! We will send you an e-mail once your review has been validated. +<%~endif%> </p> </div> Index: luna/review_added.eml =================================================================== RCS file: /glinks/cgi/admin/templates/luna/review_added.eml,v retrieving revision 1.6 retrieving revision 1.7 diff -u -b -r1.6 -r1.7 --- luna/review_added.eml 15 Mar 2005 20:13:12 -0000 1.6 +++ luna/review_added.eml 15 Apr 2005 00:07:25 -0000 1.7 @@ -12,7 +12,7 @@ By Line: <%Review_ByLine%> Date: <%Review_Date%> Contents: <%Review_Contents%> -<%~if anonymous%> +<%~if not config.user_review_required and not user.Username%> Name: <%Review_GuestName%> E-mail: <%Review_GuestEmail%> <%~endif%> Index: luna/review_edit.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/review_edit.html,v retrieving revision 1.13 retrieving revision 1.14 diff -u -b -r1.13 -r1.14 --- luna/review_edit.html 24 Mar 2005 08:58:29 -0000 1.13 +++ luna/review_edit.html 18 Apr 2005 21:39:36 -0000 1.14 @@ -32,14 +32,14 @@ <form action="<%config.db_cgi_url%>/review.cgi" method="post"> <input type="hidden" name="edit_review" value="1" /> - <input type="hidden" name="ID" value="<%ID%>" /> + <input type="hidden" name="ID" value="<%escape_html ID%>" /> <%~if confirm%> <div class="formsubmit"> <input type="submit" name="confirmed" value="Continue" class="submit" /> <input type="submit" name="cancelled" value="Cancel" class="submit" /> </div> <%~else%> - <input type="hidden" name="ReviewID" value="<%if ReviewID%><%ReviewID%><%endif%>" /> + <input type="hidden" name="ReviewID" value="<%if ReviewID%><%escape_html ReviewID%><%endif%>" /> <div class="row required clear"> <label class="name">Your Rating: <span>*</span></label> @@ -54,19 +54,19 @@ <div class="row required clear"> <label for="Review_Subject" class="name">Subject: <span>*</span></label> <div class="value"> - <input type="text" id="Review_Subject" name="Review_Subject" value="<%if Review_Subject%><%Review_Subject%><%endif%>" class="text" /> + <input type="text" id="Review_Subject" name="Review_Subject" value="<%if Review_Subject%><%escape_html Review_Subject%><%endif%>" class="text" /> </div> </div> <div class="row clear"> <label for="Review_ByLine" class="name">By Line:</label> <div class="value"> - <input type="text" id="Review_ByLine" name="Review_ByLine" value="<%if Review_ByLine%><%Review_ByLine%><%endif%>" class="text" /> + <input type="text" id="Review_ByLine" name="Review_ByLine" value="<%if Review_ByLine%><%escape_html Review_ByLine%><%endif%>" class="text" /> </div> </div> <div class="row required clear"> <label for="Review_Contents" class="name">Your Review: <span>*</span></label> <div class="value"> - <textarea id="Review_Contents" name="Review_Contents" rows="3" cols="42"><%if Review_Contents%><%Review_Contents%><%endif%></textarea> + <textarea id="Review_Contents" name="Review_Contents" rows="3" cols="42"><%if Review_Contents%><%escape_html Review_Contents%><%endif%></textarea> </div> </div> <div class="formsubmit"> Index: luna/review_edit_success.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/review_edit_success.html,v retrieving revision 1.9 retrieving revision 1.10 diff -u -b -r1.9 -r1.10 --- luna/review_edit_success.html 24 Mar 2005 08:58:29 -0000 1.9 +++ luna/review_edit_success.html 14 Apr 2005 07:37:09 -0000 1.10 @@ -20,7 +20,9 @@ <div class="crumb"><%Links::Utils::format_title($main_title_loop, separator => $crumb_separator, no_escape_separator => $no_escape_crumb_separator, include_home => 1, link_type => 2)%></div> <h2>Review Updated</h2> -We have received the following review: +<p> + We have received the following review: +</p> <div class="row clear"> <label class="name">Rating:</label> @@ -39,7 +41,13 @@ <div class="value wrappedtext"><%Review_Contents%></div> </div> -Thank you! We will send you an e-mail once your review has been validated. +<p> +<%~if config.review_auto_validate%> + Your review has been modified. +<%~else%> + Thank you! We will send you an e-mail once your review has been validated. +<%~endif%> +</p> </div> </div> Index: luna/review_include.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/review_include.html,v retrieving revision 1.11 retrieving revision 1.13 diff -u -b -r1.11 -r1.13 --- luna/review_include.html 22 Mar 2005 02:01:36 -0000 1.11 +++ luna/review_include.html 18 Apr 2005 21:39:36 -0000 1.13 @@ -6,7 +6,7 @@ <%~set ID = ''%> <%~endif%> <h4 class="reviewsubject"> - <%Review_Subject%><%if Review_Owner eq $user.Username%> <span class="hsmall">(<a href="<%config.db_cgi_url%>/review.cgi?edit_review=1;ID=<%Review_LinkID%>;confirmed=1">edit</a>)</span><%endif%> + <%Review_Subject%><%if Review_Owner eq $user.Username and config.review_allow_modify%> <span class="hsmall">(<a href="<%config.db_cgi_url%>/review.cgi?edit_review=1;ID=<%Review_LinkID%>;confirmed=1">edit</a>)</span><%endif%> <img src="<%Links::Utils::image_url("stars-5-${Review_Rating}.gif")%>" alt="<%Review_Rating%> out of 5 stars" title="<%Review_Rating%> out of 5 stars" /> <%if Review_IsNew%><span class="new-item"><span>new</span></span><%endif%> </h4> @@ -26,11 +26,11 @@ <div class="reviewhelpful clear"> <span><%if Num%><%Review_WasHelpful%> of <%Num%> people found this review helpful<%endif%></span> <form action="<%config.db_cgi_url%>/review.cgi"> - <%if nh and nh != 1%><input type="hidden" name="nh" value="<%nh%>" /><%endif%> + <%if nh and nh != 1%><input type="hidden" name="nh" value="<%escape_html nh%>" /><%endif%> <input type="hidden" name="helpful" value="1" /> - <%if ID%><input type="hidden" name="ID" value="<%ID%>" /><%endif%> - <%if username%><input type="hidden" name="username" value="<%username%>" /><%endif%> - <%if ReviewID%><input type="hidden" name="ReviewID" value="<%ReviewID%>" /><%endif%> + <%if ID%><input type="hidden" name="ID" value="<%escape_html ID%>" /><%endif%> + <%if username%><input type="hidden" name="username" value="<%escape_html username%>" /><%endif%> + <%if ReviewID%><input type="hidden" name="ReviewID" value="<%escape_html ReviewID%>" /><%endif%> <span> <%~if last_helpful%> Thanks for the feedback. Index: luna/signup_form.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/signup_form.html,v retrieving revision 1.13 retrieving revision 1.14 diff -u -b -r1.13 -r1.14 --- luna/signup_form.html 24 Mar 2005 08:58:29 -0000 1.13 +++ luna/signup_form.html 18 Apr 2005 21:39:36 -0000 1.14 @@ -28,7 +28,7 @@ <div class="row required clear"> <label for="Username" class="name">Username: <span>*</span></label> <div class="value"> - <input type="text" id="Username" name="Username" value="<%if Username%><%Username%><%endif%>" class="text" /> + <input type="text" id="Username" name="Username" value="<%if Username%><%escape_html Username%><%endif%>" class="text" /> </div> </div> <div class="row required clear"> @@ -40,7 +40,7 @@ <div class="row required clear"> <label for="Email" class="name">E-mail: <span>*</span></label> <div class="value"> - <input type="text" id="Email" name="Email" value="<%if Email%><%Email%><%endif%>" class="text" /> + <input type="text" id="Email" name="Email" value="<%if Email%><%escape_html Email%><%endif%>" class="text" /> </div> </div> <div class="formsubmit"> Index: luna/subcategory.html =================================================================== RCS file: /glinks/cgi/admin/templates/luna/subcategory.html,v retrieving revision 1.2 retrieving revision 1.3 diff -u -b -r1.2 -r1.3 --- luna/subcategory.html 1 Mar 2005 01:14:13 -0000 1.2 +++ luna/subcategory.html 13 Apr 2005 02:06:35 -0000 1.3 @@ -1,2 +1,2 @@ -<dt><a href="<%URL%>"><%Name%><%if Related%>@<%endif%></a> (<%Number_of_Links%>)<%if Has_New_Links eq 'Yes'%> <span class="new-item"><span>new</span></span><%endif%><%if Has_Changed_Links eq 'Yes'%> <span class="updated-item">updated</span></span><%endif%></dt> +<dt><a href="<%URL%>"><%Name%><%if Related%>@<%endif%></a> (<%Number_of_Links%>)<%if Has_New_Links eq 'Yes'%> <span class="new-item"><span>new</span></span><%endif%><%if Has_Changed_Links eq 'Yes'%> <span class="updated-item"><span>updated</span></span><%endif%></dt> <%if Description%><dd><%Description%></dd><%endif%>