Index: luna/add_success.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/add_success.html,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -b -r1.11 -r1.12
--- luna/add_success.html       24 Mar 2005 08:58:29 -0000      1.11
+++ luna/add_success.html       14 Apr 2005 03:07:05 -0000      1.12
@@ -56,7 +56,7 @@
 </div>

 <p>
-<%~if AutoValidate%>
+<%~if config.build_auto_validate%>
   Your link has been added to <%if Category_loop.length > 1%>the following categories: <%loop Category_loop%><%loop_value%><%unless last%>, <%endunless%><%endloop%><%else%><%Category%><%endif%>.
 <%~else%>
   Thank you! We will send you an e-mail once your link has been validated.
Index: luna/bookmark_folder_add.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/bookmark_folder_add.html,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -b -r1.11 -r1.12
--- luna/bookmark_folder_add.html       24 Mar 2005 08:58:29 -0000      1.11
+++ luna/bookmark_folder_add.html       18 Apr 2005 21:39:36 -0000      1.12
@@ -26,13 +26,13 @@
   <div class="row required clear">
     <label for="my_folder_name" class="name">Name: <span>*</span></label>
     <div class="value">
-      <input type="text" id="my_folder_name"  name="my_folder_name" value="<%if my_folder_name%><%my_folder_name%><%endif%>" class="text" />
+      <input type="text" id="my_folder_name"  name="my_folder_name" value="<%if my_folder_name%><%escape_html my_folder_name%><%endif%>" class="text" />
     </div>
   </div>
   <div class="row clear">
     <label for="my_folder_description" class="name">Description:</label>
     <div class="value">
-      <input type="text" id="my_folder_description" name="my_folder_description" value="<%if my_folder_description%><%my_folder_description%><%endif%>" class="text" />
+      <input type="text" id="my_folder_description" name="my_folder_description" value="<%if my_folder_description%><%escape_html my_folder_description%><%endif%>" class="text" />
     </div>
   </div>
   <div class="row clear">
Index: luna/bookmark_folder_edit.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/bookmark_folder_edit.html,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -b -r1.11 -r1.12
--- luna/bookmark_folder_edit.html      24 Mar 2005 08:58:29 -0000      1.11
+++ luna/bookmark_folder_edit.html      18 Apr 2005 21:39:36 -0000      1.12
@@ -23,17 +23,17 @@

 <form action="<%config.db_cgi_url%>/bookmark.cgi" method="post">
   <input type="hidden" name="action" value="folder_edit" />
-  <input type="hidden" name="my_folder_id" value="<%my_folder_id%>" />
+  <input type="hidden" name="my_folder_id" value="<%escape_html my_folder_id%>" />
   <div class="row required clear">
     <label for="my_folder_name" class="name">Name: <span>*</span></label>
     <div class="value">
-      <input type="text" id="my_folder_name"  name="my_folder_name" value="<%if my_folder_name%><%my_folder_name%><%endif%>" class="text" />
+      <input type="text" id="my_folder_name"  name="my_folder_name" value="<%if my_folder_name%><%escape_html my_folder_name%><%endif%>" class="text" />
     </div>
   </div>
   <div class="row clear">
     <label for="my_folder_description" class="name">Description:</label>
     <div class="value">
-      <input type="text" id="my_folder_description" name="my_folder_description" value="<%if my_folder_description%><%my_folder_description%><%endif%>" class="text" />
+      <input type="text" id="my_folder_description" name="my_folder_description" value="<%if my_folder_description%><%escape_html my_folder_description%><%endif%>" class="text" />
     </div>
   </div>
   <div class="row clear">
Index: luna/bookmark_link_add.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/bookmark_link_add.html,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -b -r1.15 -r1.16
--- luna/bookmark_link_add.html 24 Mar 2005 08:58:29 -0000      1.15
+++ luna/bookmark_link_add.html 18 Apr 2005 21:39:36 -0000      1.16
@@ -31,7 +31,7 @@

 <form action="<%config.db_cgi_url%>/bookmark.cgi" method="post">
   <input type="hidden" name="action" value="link_add" />
-  <input type="hidden" name="my_link_id_fk" value="<%ID%>" />
+  <input type="hidden" name="my_link_id_fk" value="<%escape_html ID%>" />
   <div class="row clear">
     <label for="my_comment" class="name">Comments:</label>
     <div class="value">
@@ -42,10 +42,10 @@
     <label for="my_folder_id_fk" class="name">Folder:<%if Folders.length > 1%> <span>*</span><%endif%></label>
     <div class="value<%if Folders.length == 1%> wrappedtext<%endif%>">
     <%~if Folders.length == 1%>
-      <input type="hidden" name="my_folder_id_fk" value="<%Folders.0.my_folder_id%>" /><%Folders.0.my_folder_name%>
+      <input type="hidden" name="my_folder_id_fk" value="<%escape_html Folders.0.my_folder_id%>" /><%Folders.0.my_folder_name%>
     <%~else%>
       <select id="my_folder_id_fk" name="my_folder_id_fk">
-        <%loop Folders%><option value="<%my_folder_id%>"<%if my_folder_default%> selected="selected"<%endif%>><%my_folder_name%></option><%endloop%>
+        <%loop Folders%><option value="<%escape_html my_folder_id%>"<%if my_folder_default%> selected="selected"<%endif%>><%my_folder_name%></option><%endloop%>
       </select>
     <%~endif%>
     </div>
Index: luna/bookmark_link_edit.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/bookmark_link_edit.html,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -b -r1.15 -r1.16
--- luna/bookmark_link_edit.html        24 Mar 2005 08:58:29 -0000      1.15
+++ luna/bookmark_link_edit.html        18 Apr 2005 21:39:36 -0000      1.16
@@ -31,7 +31,7 @@

 <form action="<%config.db_cgi_url%>/bookmark.cgi" method="post">
   <input type="hidden" name="action" value="edit_bookmark" />
-  <input type="hidden" name="id" value="<%ID%>" />
+  <input type="hidden" name="id" value="<%escape_html ID%>" />
   <div class="row clear">
     <label for="my_comment" class="name">Comments:</label>
     <div class="value">
@@ -42,10 +42,10 @@
     <label for="my_folder_id_fk" class="name">Folder:<%if Folders.length > 1%> <span>*</span><%endif%></label>
     <div class="value<%if Folders.length == 1%> wrappedtext<%endif%>">
     <%~if Folders.length == 1%>
-      <input type="hidden" name="my_folder_id_fk" value="<%Folders.0.my_folder_id%>" /><%Folders.0.my_folder_name%>
+      <input type="hidden" name="my_folder_id_fk" value="<%escape_html Folders.0.my_folder_id%>" /><%Folders.0.my_folder_name%>
     <%~else%>
       <select id="my_folder_id_fk" name="my_folder_id_fk">
-        <%loop Folders%><option value="<%my_folder_id%>"<%if my_folder_default%> selected="selected"<%endif%>><%my_folder_name%></option><%endloop%>
+        <%loop Folders%><option value="<%escape_html my_folder_id%>"<%if my_folder_default%> selected="selected"<%endif%>><%my_folder_name%></option><%endloop%>
       </select>
     <%~endif%>
     </div>
Index: luna/bookmark_list.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/bookmark_list.html,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -b -r1.12 -r1.13
--- luna/bookmark_list.html     24 Mar 2005 08:58:29 -0000      1.12
+++ luna/bookmark_list.html     18 Apr 2005 21:39:36 -0000      1.13
@@ -56,9 +56,9 @@
 <%if Bookmarks.length~%>
 <form action="<%config.db_cgi_url%>/bookmark.cgi" method="post">
   <input type="hidden" name="action" value="links_manage" />
-  <input type="hidden" name="my_folder_id" value="<%my_folder_id%>" />
+  <input type="hidden" name="my_folder_id" value="<%escape_html my_folder_id%>" />
 <%~loop Bookmarks%>
-  <input type="checkbox" name="m-id" value="<%ID%>" class="checkbox" />
+  <input type="checkbox" name="m-id" value="<%escape_html ID%>" class="checkbox" />
 <%~set editable = 1%>
 <%include bookmark_link.html%>
 <%~endloop%>
@@ -66,7 +66,7 @@
 <%~if folder_select.length%>
   <input type="submit" name="move" value="Move Links to" class="submit" />
   <select name="move_folderid">
-    <%loop folder_select%><option value="<%my_folder_id%>"><%my_folder_name%></option><%endloop%>
+    <%loop folder_select%><option value="<%escape_html my_folder_id%>"><%my_folder_name%></option><%endloop%>
   </select>
 <%~endif%>
 </form>
Index: luna/bookmark_preferences.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/bookmark_preferences.html,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -b -r1.12 -r1.13
--- luna/bookmark_preferences.html      24 Mar 2005 08:58:29 -0000      1.12
+++ luna/bookmark_preferences.html      18 Apr 2005 21:39:36 -0000      1.13
@@ -53,7 +53,7 @@
   <div class="row clear">
     <label for="PerPage" class="name">Links Per Page:</label>
     <div class="value">
-      <input type="text" id="PerPage" name="PerPage" value="<%PerPage%>" class="text shorttext" />
+      <input type="text" id="PerPage" name="PerPage" value="<%escape_html PerPage%>" class="text shorttext" />
     </div>
   </div>
   <div class="formsubmit">
Index: luna/category.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/category.html,v
retrieving revision 1.22
retrieving revision 1.26
diff -u -b -r1.22 -r1.26
--- luna/category.html  29 Mar 2005 09:51:43 -0000      1.22
+++ luna/category.html  13 Apr 2005 19:39:01 -0000      1.26
@@ -28,8 +28,8 @@
 <div class="crumb"><%Links::Utils::format_title($title_loop, separator => $crumb_separator, no_escape_separator => $no_escape_crumb_separator, include_home => 1, link_type => 2)%></div>
 <h2>
   <%category_short%>
-<%~if config.newsletter_enabled%>
-  <%~Links::Newsletter::subscription_info($ID)%>
+<%~if config.newsletter_enabled and not config.newsletter_global_subscribe%>
+  <%~Links::Newsletter::subscription_info($ID)%><%-- SubscriptionStatus: 0 = not subscribed, 1 = indirectly subscribed, 2 = directly subscribed --%>
   <%if SubscriptionStatus == 2%><span class="hsmall">(<a href="<%config.db_cgi_url%>/subscribe.cgi?action=unsubscribe;ID=<%ID%>" title="Unsubscribe to stop getting updates from this category">Unsubscribe</a>)</span><%elsif SubscriptionStatus == 1%><%else%><span class="hsmall">(<a href="<%config.db_cgi_url%>/subscribe.cgi?action=subscribe;ID=<%ID%>" title="Subscribe to get updates from this category">Subscribe</a>)</span><%endif%>
 <%~endif%>
 </h2>
Index: luna/include_form.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/include_form.html,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -b -r1.9 -r1.10
--- luna/include_form.html      16 Mar 2005 08:44:37 -0000      1.9
+++ luna/include_form.html      18 Apr 2005 21:39:36 -0000      1.10
@@ -1,13 +1,13 @@
 <div class="row required clear">
   <label for="Title" class="name">Title: <span>*</span></label>
   <div class="value">
-    <input type="text" id="Title" name="Title" value="<%if Title%><%Title%><%endif%>" class="text" />
+    <input type="text" id="Title" name="Title" value="<%if Title%><%escape_html Title%><%endif%>" class="text" />
   </div>
 </div>
 <div class="row required clear">
   <label for="URL" class="name">URL: <span>*</span></label>
   <div class="value">
-    <input type="text" id="URL" name="URL" value="<%if URL%><%URL%><%else%>http://<%endif%>" class="text" />
+    <input type="text" id="URL" name="URL" value="<%if URL%><%escape_html URL%><%else%>http://<%endif%>" class="text" />
   </div>
 </div>
 <div class="row<%unless category_loop_selected%> required<%endunless%> clear">
@@ -15,14 +15,14 @@
   <div class="value<%if category_loop_selected%> wrappedtext<%endif%>">
   <%if category_loop_selected%>
     <%if category_loop.length > 1%>
-    <ul><%loop category_loop%><li><%Full_Name%><input type="hidden" name="CatLinks.CategoryID" value="<%ID%>" /></li><%endloop%></ul>
+    <ul><%loop category_loop%><li><%Full_Name%><input type="hidden" name="CatLinks.CategoryID" value="<%escape_html ID%>" /></li><%endloop%></ul>
     <%else%>
-    <%loop category_loop%><%Full_Name%><input type="hidden" name="CatLinks.CategoryID" value="<%ID%>" /><%endloop%>
+    <%loop category_loop%><%Full_Name%><input type="hidden" name="CatLinks.CategoryID" value="<%escape_html ID%>" /><%endloop%>
     <%endif%>
   <%else%>
     <select id="CatLinks.CategoryID" name="CatLinks.CategoryID">
       <%loop category_loop%>
-      <option value="<%ID%>"<%if selected%> selected="selected"<%endif%>><%'&nbsp;&nbsp;' x $CatDepth%><%Name%></option>
+      <option value="<%escape_html ID%>"<%if selected%> selected="selected"<%endif%>><%'&nbsp;&nbsp;' x $CatDepth%><%Name%></option>
       <%endloop%>
     </select>
   <%endif%>
@@ -31,18 +31,18 @@
 <div class="row clear">
   <label for="Description" class="name">Description:</label>
   <div class="value">
-    <textarea id="Description" name="Description" rows="3" cols="42"><%if Description%><%Description%><%endif%></textarea>
+    <textarea id="Description" name="Description" rows="3" cols="42"><%if Description%><%escape_html Description%><%endif%></textarea>
   </div>
 </div>
 <div class="row clear">
   <label for="Contact_Name" class="name">Contact Name:</label>
   <div class="value">
-    <input type="text" id="Contact_Name" name="Contact_Name" value="<%if Contact_Name%><%Contact_Name%><%endif%>" class="text" />
+    <input type="text" id="Contact_Name" name="Contact_Name" value="<%if Contact_Name%><%escape_html Contact_Name%><%endif%>" class="text" />
   </div>
 </div>
 <div class="row clear">
   <label for="Contact_Email" class="name">Contact E-mail:</label>
   <div class="value">
-    <input type="text" id="Contact_Email" name="Contact_Email" value="<%if Contact_Email%><%Contact_Email%><%endif%>" class="text" />
+    <input type="text" id="Contact_Email" name="Contact_Email" value="<%if Contact_Email%><%escape_html Contact_Email%><%endif%>" class="text" />
   </div>
 </div>
Index: luna/include_header.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/include_header.html,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -b -r1.11 -r1.12
--- luna/include_header.html    1 Apr 2005 02:54:08 -0000       1.11
+++ luna/include_header.html    18 Apr 2005 21:39:36 -0000      1.12
@@ -20,8 +20,8 @@
 <div class="searchbar">
   <form action="<%config.db_cgi_url%>/search.cgi">
     <label for="searchbox">Search</label>
-    <%if category_id%><input type="radio" id="searchentire" name="catid" value="" checked="checked" /><label for="searchentire">the entire directory</label> <input type="radio" id="searchcat" name="catid" value="<%category_id%>" /><label for="searchcat">only this category</label><%endif%>
-    <input type="text" id="searchbox" name="query" value="<%if query%><%query%><%endif%>" class="text" /><input type="submit" name="Go" value="Go" class="submit" /> <a href="<%config.db_cgi_url%>/search.cgi">Advanced Search</a>
+    <%if category_id%><input type="radio" id="searchentire" name="catid" value="" checked="checked" /><label for="searchentire">the entire directory</label> <input type="radio" id="searchcat" name="catid" value="<%escape_html category_id%>" /><label for="searchcat">only this category</label><%endif%>
+    <input type="text" id="searchbox" name="query" value="<%if query%><%escape_html query%><%endif%>" class="text" /><input type="submit" name="Go" value="Go" class="submit" /> <a href="<%config.db_cgi_url%>/search.cgi">Advanced Search</a>
   </form>
 </div>
 <hr class="hide" />
Index: luna/language.txt
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/language.txt,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -b -r1.16 -r1.17
--- luna/language.txt   4 Apr 2005 22:39:55 -0000       1.16
+++ luna/language.txt   15 Apr 2005 03:32:10 -0000      1.17
@@ -148,6 +148,7 @@
        'REVIEW_INVALIDID' => 'Invalid Link ID : %s.',
        'REVIEW_INVALID_ACTION' => 'Invalid action!',
        'REVIEW_INVALID_UPDATE' => 'Unable to update review database. User is invalid for this review or the review is not validated.',
+       'REVIEW_MODIFY_DENIED' => 'You have already reviewed this link.  Reviews cannot be modified.',
        'REVIEW_NORESULTS' => 'No reviews are available.',
        'REVIEW_NOT_EXISTS' => 'Review doesn\'t exist!',
        'REVIEW_RATING' => 'Please select a rating from 1 to 5 only.',
Index: luna/login.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/login.html,v
retrieving revision 1.12
retrieving revision 1.15
diff -u -b -r1.12 -r1.15
--- luna/login.html     24 Mar 2005 08:58:29 -0000      1.12
+++ luna/login.html     18 Apr 2005 21:39:36 -0000      1.15
@@ -25,12 +25,12 @@

 <form action="<%config.db_cgi_url%>/user.cgi" method="post">
   <input type="hidden" name="login" value="1" />
-  <%if url%><input type="hidden" name="url" value="<%url%>" /><%endif%>
+  <%if url%><input type="hidden" name="url" value="<%escape_html url%>" /><%endif%>

   <div class="row required clear">
     <label for="Username" class="name">Username:</label>
     <div class="value">
-      <input type="text" id="Username" name="Username" value="<%if Username%><%Username%><%endif%>" class="text" />
+      <input type="text" id="Username" name="Username" value="<%if Username%><%escape_html Username%><%endif%>" class="text" />
     </div>
   </div>
   <div class="row required clear">
Index: luna/login_email.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/login_email.html,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -b -r1.10 -r1.11
--- luna/login_email.html       24 Mar 2005 08:58:29 -0000      1.10
+++ luna/login_email.html       18 Apr 2005 21:39:36 -0000      1.11
@@ -26,7 +26,7 @@

 <form action="<%config.db_cgi_url%>/user.cgi" method="post">
   <input type="hidden" name="send_pass" value="1" />
-  <%if url%><input type="hidden" name="url" value="<%url%>" /><%endif%>
+  <%if url%><input type="hidden" name="url" value="<%escape_html url%>" /><%endif%>

   <div class="row required clear">
     <label for="Email" class="name">E-mail Address:</label>
Index: luna/modify.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/modify.html,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -b -r1.9 -r1.10
--- luna/modify.html    24 Mar 2005 08:58:29 -0000      1.9
+++ luna/modify.html    18 Apr 2005 21:39:36 -0000      1.10
@@ -23,10 +23,10 @@
 <form action="<%config.db_cgi_url%>/modify.cgi" enctype="multipart/form-data" method="post">
   <input type="hidden" name="modify" value="1" />
 <%~if LinkID%>
-  <input type="hidden" name="LinkID" value="<%LinkID%>" />
+  <input type="hidden" name="LinkID" value="<%escape_html LinkID%>" />
 <%~else%>
   Please enter the URL of the link you wish to modify. Make sure it is identical to the one already in the database:
-  <input type="text" name="Current_URL" value="<%if Current_URL%><%Current_URL%><%endif%>" class="text" />
+  <input type="text" name="Current_URL" value="<%if Current_URL%><%escape_html Current_URL%><%endif%>" class="text" />
   Now enter the new information (all of it, not just the changes) below:
 <%~endif%>
 <%include include_form.html%>
Index: luna/modify_select.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/modify_select.html,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -b -r1.12 -r1.13
--- luna/modify_select.html     24 Mar 2005 08:58:29 -0000      1.12
+++ luna/modify_select.html     18 Apr 2005 21:39:36 -0000      1.13
@@ -34,7 +34,7 @@

 <form action="<%config.db_cgi_url%>/modify.cgi" method="post">
 <%~loop link_results_loop%>
-  <input type="radio" name="LinkID" value="<%ID%>" class="radio"<%if isValidated eq 'No'%> disabled="disabled"<%endif%> />
+  <input type="radio" name="LinkID" value="<%escape_html ID%>" class="radio"<%if isValidated eq 'No'%> disabled="disabled"<%endif%> />
 <%include link.html%>
 <%~endloop%>
   <input type="submit" value="Modify Link" class="submit" />
Index: luna/newsletter_browse.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/newsletter_browse.html,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -b -r1.13 -r1.14
--- luna/newsletter_browse.html 24 Mar 2005 08:58:29 -0000      1.13
+++ luna/newsletter_browse.html 18 Apr 2005 21:39:36 -0000      1.14
@@ -87,9 +87,9 @@

 <form id="update" action="<%config.db_cgi_url%>/subscribe.cgi" method="post">
   <input type="hidden" name="action" value="update" />
-  <%if root%><input type="hidden" name="root" value="<%root%>" /><%endif%>
+  <%if root%><input type="hidden" name="root" value="<%escape_html root%>" /><%endif%>
 <%~loop category%>
-  <input type="checkbox" name="S<%ID%>" value="<%ID%><%if Children.length%>,<%endif%><%loop Children%><%loop_value%><%unless last%>,<%endunless%><%endloop%>"<%if Subscribed%> checked="checked"<%endif%> class="indent<%CatDepth%>" /><input type="hidden" name="<%if Subscribed%>subscribed<%else%>unsubscribed<%endif%>" value="<%ID%>" /><%if HasMoreChildren%><a href="<%config.db_cgi_url%>/subscribe.cgi?action=browse;root=<%ID%>"><%endif%><%Name%><%if HasMoreChildren%></a><%endif%><br />
+  <input type="checkbox" name="S<%ID%>" value="<%escape_html ID%><%if Children.length%>,<%endif%><%loop Children%><%loop_value%><%unless last%>,<%endunless%><%endloop%>"<%if Subscribed%> checked="checked"<%endif%> class="indent<%CatDepth%>" /><input type="hidden" name="<%if Subscribed%>subscribed<%else%>unsubscribed<%endif%>" value="<%escape_html ID%>" /><%if HasMoreChildren%><a href="<%config.db_cgi_url%>/subscribe.cgi?action=browse;root=<%ID%>"><%endif%><%Name%><%if HasMoreChildren%></a><%endif%><br />
 <%~endloop%>
   <input type="submit" value="Update Subscriptions" class="submit" />
 </form>
Index: luna/newsletter_list.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/newsletter_list.html,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -b -r1.13 -r1.14
--- luna/newsletter_list.html   24 Mar 2005 08:58:29 -0000      1.13
+++ luna/newsletter_list.html   18 Apr 2005 21:39:36 -0000      1.14
@@ -39,7 +39,7 @@
   <input type="hidden" name="page" value="newsletter_list" />
   <%if subscribed.length > 1%><input type="checkbox" id="checkall" class="checkbox" /> <label for="checkall"><strong>Select All</strong></label><br /><%endif%>
 <%loop subscribed~%>
-  <input type="checkbox" id="ID-<%CategoryID%>" name="ID" value="<%CategoryID%>" class="checkbox" /> <label for="ID-<%CategoryID%>"><%Full_Name%></label><br />
+  <input type="checkbox" id="ID-<%CategoryID%>" name="ID" value="<%escape_html CategoryID%>" class="checkbox" /> <label for="ID-<%CategoryID%>"><%Full_Name%></label><br />
 <%~endloop%>
   <input type="submit" value="Unsubscribe" class="submit" />
 </form>
Index: luna/payment.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/payment.html,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -b -r1.10 -r1.11
--- luna/payment.html   24 Mar 2005 08:58:29 -0000      1.10
+++ luna/payment.html   18 Apr 2005 21:39:36 -0000      1.11
@@ -49,8 +49,8 @@
   <input type="hidden" name="do" value="payment_method" />
   <input type="hidden" name="last_step" value="term" />
   <input type="hidden" name="last_page" value="payment" />
-  <input type="hidden" name="cat_id" value="<%cat_id%>" />
-  <input type="hidden" name="link_id" value="<%link_id%>" />
+  <input type="hidden" name="cat_id" value="<%escape_html cat_id%>" />
+  <input type="hidden" name="link_id" value="<%escape_html link_id%>" />
   <%if modify%><input type="hidden" name="modify" value="1" /><%endif%>

 <%if signup and not wasPaid%>
@@ -63,7 +63,7 @@
     <%~endif%>
     </strong><br />
   <%~loop signup%>
-    <input type="radio" id="payment_term-<%term%>" name="payment_term" value="<%term%>"<%if last_chosen and last_chosen eq $term and not last_recurring%> checked="checked"<%endif%> class="radio" />
+    <input type="radio" id="payment_term-<%term%>" name="payment_term" value="<%escape_html term%>"<%if last_chosen and last_chosen eq $term and not last_recurring%> checked="checked"<%endif%> class="radio" />
     <label for="payment_term-<%term%>"><%Links::Payment::currency($cost)%>: <%if term_num and term_unit%><%term_num%> <%term_unit%><%else%>Lifetime<%endif%></label><br />
   <%~endloop%>
   </p>
@@ -80,7 +80,7 @@
   <%~endif%>

 <%~loop renewal%>
-  <%if wasPaid%><input type="radio" id="payment_term-<%term%>" name="payment_term" value="<%term%>"<%if last_chosen and last_chosen eq $term and not last_recurring%> checked="checked"<%endif%> class="radio" /><%endif%>
+  <%if wasPaid%><input type="radio" id="payment_term-<%term%>" name="payment_term" value="<%escape_html term%>"<%if last_chosen and last_chosen eq $term and not last_recurring%> checked="checked"<%endif%> class="radio" /><%endif%>
   <%if wasPaid%><label for="payment_term-<%term%>"><%endif%><%Links::Payment::currency($cost)%>: <%if term_num and term_unit%><%term_num%> <%term_unit%><%else%>Lifetime<%endif%><%if wasPaid%></label><%endif%><br />
 <%~endloop%>
   </p>
@@ -90,7 +90,7 @@
   <p>
     <strong>Automatically recurring payments:</strong><br />
   <%~loop recurring%>
-    <input type="radio" id="payment_term-<%term%>-rec" name="payment_term" value="<%term%>-rec"<%if last_chosen and last_chosen eq $term and last_recurring%> checked="checked"<%endif%> class="radio" />
+    <input type="radio" id="payment_term-<%term%>-rec" name="payment_term" value="<%escape_html term%>-rec"<%if last_chosen and last_chosen eq $term and last_recurring%> checked="checked"<%endif%> class="radio" />
     <label for="payment_term-<%term%>-rec"><%Links::Payment::currency($cost)%> <%if term_num == 1%>per <%term_unit%><%else%> every <%term_num%> <%term_unit%><%endif%></label><br />
   <%~endloop%>
   </p>
Index: luna/payment_2checkout_include.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/payment_2checkout_include.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -b -r1.2 -r1.3
--- luna/payment_2checkout_include.html 1 Feb 2005 01:13:21 -0000       1.2
+++ luna/payment_2checkout_include.html 18 Apr 2005 21:39:36 -0000      1.3
@@ -1,6 +1,6 @@
 <form action="https://www.2checkout.com/cgi-bin/sbuyers/cartpurchase.2c" method="post">
-  <input type="hidden" name="sid" value="<%seller_id%>" />
-  <input type="hidden" name="total" value="<%payment_amount%>" />
-  <input type="hidden" name="cart_order_id" value="<%unique_id%>" />
+  <input type="hidden" name="sid" value="<%escape_html seller_id%>" />
+  <input type="hidden" name="total" value="<%escape_html payment_amount%>" />
+  <input type="hidden" name="cart_order_id" value="<%escape_html unique_id%>" />
   <input type="submit" value="Make Payment" class="submit" />
 </form>
Index: luna/payment_direct.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/payment_direct.html,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -b -r1.11 -r1.12
--- luna/payment_direct.html    24 Mar 2005 08:58:29 -0000      1.11
+++ luna/payment_direct.html    14 Apr 2005 03:16:50 -0000      1.12
@@ -21,9 +21,11 @@
 <div class="crumb"><%Links::Utils::format_title($main_title_loop, separator => $crumb_separator, no_escape_separator => $no_escape_crumb_separator, include_home => 1, link_type => 2)%></div>
 <h2>Payment Confirmation</h2>

-Your payment has been approved, and your link enabled.  You will be redirected
-to the main page shortly.  If this does not happen, click
-<a href="<%Links::transform_url($config.build_root_url)%>">here</a>.
+<p>
+  Your payment has been approved, and your link enabled.  You will be redirected
+  to the main page shortly.  If this does not happen, click
+  <a href="<%Links::transform_url($config.build_root_url)%>">here</a>.
+</p>

             </div>
           </div>
Index: luna/payment_direct_include.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/payment_direct_include.html,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -b -r1.9 -r1.10
--- luna/payment_direct_include.html    16 Mar 2005 08:44:37 -0000      1.9
+++ luna/payment_direct_include.html    18 Apr 2005 21:39:36 -0000      1.10
@@ -13,11 +13,11 @@
   <input type="hidden" name="do" value="payment_direct" />
   <input type="hidden" name="last_step" value="form" />
   <input type="hidden" name="last_page" value="payment_form" />
-  <input type="hidden" name="cat_id" value="<%cat_id%>" />
-  <input type="hidden" name="link_id" value="<%link_id%>" />
-  <input type="hidden" name="payment_term" value="<%payment_term%>" />
-  <input type="hidden" name="payment_method" value="<%payment_method%>" />
-  <input type="hidden" name="payment_method_type" value="<%payment_method_type%>" />
+  <input type="hidden" name="cat_id" value="<%escape_html cat_id%>" />
+  <input type="hidden" name="link_id" value="<%escape_html link_id%>" />
+  <input type="hidden" name="payment_term" value="<%escape_html payment_term%>" />
+  <input type="hidden" name="payment_method" value="<%escape_html payment_method%>" />
+  <input type="hidden" name="payment_method_type" value="<%escape_html payment_method_type%>" />
   <%if modify%><input type="hidden" name="modify" value="1" /><%endif%>

   <div class="row<%unless no_cc_brand%> required<%endunless%><%if credit_card_brand_error%> invalid<%endif%> clear">
@@ -27,7 +27,7 @@
       <%loop payment_types%><%name%><%unless last%>, <%endunless%><%endloop%>
     <%else%>
       <select id="credit_card_brand" name="credit_card_brand">
-        <option value="">---</option><%loop payment_types%><option value="<%code%>"<%if credit_card_brand eq $code%> selected="selected"<%endif%>><%name%></option><%endloop%>
+        <option value="">---</option><%loop payment_types%><option value="<%escape_html code%>"<%if credit_card_brand eq $code%> selected="selected"<%endif%>><%name%></option><%endloop%>
       </select>
     <%endif%>
     </div>
@@ -35,7 +35,7 @@
   <div class="row required<%if credit_card_number_error%> invalid<%endif%> clear">
     <label for="credit_card_number" class="name">Card Number: <span>*</span></label>
     <div class="value">
-      <input type="text" id="credit_card_number" name="credit_card_number" value="<%if credit_card_number%><%credit_card_number%><%endif%>" class="text" autocomplete="off" />
+      <input type="text" id="credit_card_number" name="credit_card_number" value="<%if credit_card_number%><%escape_html credit_card_number%><%endif%>" class="text" autocomplete="off" />
     </div>
   </div>
   <div class="row required<%if credit_card_expiry_error%> invalid<%endif%> clear">
@@ -66,25 +66,25 @@
   <div class="row required<%if billing_fname_error%> invalid<%endif%> clear">
     <label for="billing_fname" class="name">First Name: <span>*</span></label>
     <div class="value">
-      <input type="text" id="billing_fname" name="billing_fname" value="<%if billing_fname%><%billing_fname%><%endif%>" class="text" />
+      <input type="text" id="billing_fname" name="billing_fname" value="<%if billing_fname%><%escape_html billing_fname%><%endif%>" class="text" />
     </div>
   </div>
   <div class="row required<%if billing_lname_error%> invalid<%endif%> clear">
     <label for="billing_lname" class="name">Last Name: <span>*</span></label>
     <div class="value">
-      <input type="text" id="billing_lname" name="billing_lname" value="<%if billing_lname%><%billing_lname%><%endif%>" class="text" />
+      <input type="text" id="billing_lname" name="billing_lname" value="<%if billing_lname%><%escape_html billing_lname%><%endif%>" class="text" />
     </div>
   </div>
   <div class="row required<%if billing_address_1_error%> invalid<%endif%> clear">
     <label for="billing_address_1" class="name">Address Line 1: <span>*</span></label>
     <div class="value">
-      <input type="text" id="billing_address_1" name="billing_address_1" value="<%if billing_address_1%><%billing_address_1%><%endif%>" class="text" />
+      <input type="text" id="billing_address_1" name="billing_address_1" value="<%if billing_address_1%><%escape_html billing_address_1%><%endif%>" class="text" />
     </div>
   </div>
   <div class="row<%if billing_address_2_error%> invalid<%endif%> clear">
     <label for="billing_address_2" class="name">Address Line 2:</label>
     <div class="value">
-      <input type="text" id="billing_address_2" name="billing_address_2" value="<%if billing_address_2%><%billing_address_2%><%endif%>" class="text" />
+      <input type="text" id="billing_address_2" name="billing_address_2" value="<%if billing_address_2%><%escape_html billing_address_2%><%endif%>" class="text" />
     </div>
   </div>
   <div class="row required<%if billing_city_error%> invalid<%endif%> clear">
Index: luna/payment_method.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/payment_method.html,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -b -r1.11 -r1.12
--- luna/payment_method.html    24 Mar 2005 08:58:29 -0000      1.11
+++ luna/payment_method.html    18 Apr 2005 21:39:36 -0000      1.12
@@ -48,14 +48,14 @@
   <input type="hidden" name="do" value="payment_form" />
   <input type="hidden" name="last_step" value="method" />
   <input type="hidden" name="last_page" value="payment_method" />
-  <input type="hidden" name="cat_id" value="<%cat_id%>" />
-  <input type="hidden" name="link_id" value="<%link_id%>" />
-  <input type="hidden" name="payment_term" value="<%payment_term%>" />
+  <input type="hidden" name="cat_id" value="<%escape_html cat_id%>" />
+  <input type="hidden" name="link_id" value="<%escape_html link_id%>" />
+  <input type="hidden" name="payment_term" value="<%escape_html payment_term%>" />
   <%if modify%><input type="hidden" name="modify" value="1" /><%endif%>

 <%~if direct_methods_used or remote_methods_used%>
 <%~loop payment_methods%>
-  <input type="radio" id="payment_method-<%if payment_direct%>direct<%else%>remote<%endif%>_<%payment_method%>" name="payment_method" value="<%if payment_direct%>direct<%else%>remote<%endif%>_<%payment_method%>" class="radio" />
+  <input type="radio" id="payment_method-<%if payment_direct%>direct<%else%>remote<%endif%>_<%payment_method%>" name="payment_method" value="<%if payment_direct%>direct<%else%>remote<%endif%>_<%escape_html payment_method%>" class="radio" />
   <label for="payment_method-<%if payment_direct%>direct<%else%>remote<%endif%>_<%payment_method%>"><%if payment_name%><%payment_name%><%else%><%payment_method%><%endif%></label><br />
   <blockquote><%loop payment_types%><%name%><%unless last%>, <%endunless%><%endloop%></blockquote>
 <%~endloop%>
Index: luna/payment_paypal_include.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/payment_paypal_include.html,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -b -r1.4 -r1.5
--- luna/payment_paypal_include.html    4 Mar 2005 21:35:27 -0000       1.4
+++ luna/payment_paypal_include.html    18 Apr 2005 21:39:36 -0000      1.5
@@ -1,26 +1,26 @@
 <form action="https://www.<%if sandbox%>sandbox.<%endif%>paypal.com/cgi-bin/webscr" method="post">
-  <input type="hidden" name="business" value="<%if to_email%><%to_email%><%else%><%business_email%><%endif%>" />
-  <input type="hidden" name="currency_code" value="<%currency%>" />
+  <input type="hidden" name="business" value="<%if to_email%><%escape_html to_email%><%else%><%escape_html business_email%><%endif%>" />
+  <input type="hidden" name="currency_code" value="<%escape_html currency%>" />
   <input type="hidden" name="return" value="<%config.db_cgi_url%>/add.cgi" />
   <input type="hidden" name="custom" value="do;process_payment=1;payment_success=1<%loop config.dynamic_preserve%><%if in.$loop_value%>;<%loop_value%>=<%in.$loop_value%><%endloop%>" />
   <input type="hidden" name="cancel_return" value="<%config.db_cgi_url%>/add.cgi" />
   <input type="hidden" name="rm" value="2" />
-  <%if notify_url%><input type="hidden" name="notify_url" value="<%notify_url%>" /><%endif%>
-  <%if pp_image_url%><input type="hidden" name="image_url" value="<%pp_image_url%>" /><%endif%>
-  <%if note and payment_type != 2 %><input type="hidden" name="cn" value="<%note%>" /><%else%><input type="hidden" name="no_note" value="1" /><%endif%>
+  <%if notify_url%><input type="hidden" name="notify_url" value="<%escape_html notify_url%>" /><%endif%>
+  <%if pp_image_url%><input type="hidden" name="image_url" value="<%escape_html pp_image_url%>" /><%endif%>
+  <%if note and payment_type != 2 %><input type="hidden" name="cn" value="<%escape_html note%>" /><%else%><input type="hidden" name="no_note" value="1" /><%endif%>
   <%if color eq 'black'%><input type="hidden" name="cs" value="1" /><%endif%>
   <input type="hidden" name="cmd" value="_xclick<%if payment_type == 2%>-subscriptions<%endif%>" />
 <%~if payment_type == 2%>
-  <input type="hidden" name="a3" value="<%payment_amount%>" />
-  <input type="hidden" name="p3" value="<%payment_term_num%>" />
+  <input type="hidden" name="a3" value="<%escape_html payment_amount%>" />
+  <input type="hidden" name="p3" value="<%escape_html payment_term_num%>" />
   <input type="hidden" name="t3" value="<%if payment_term_u istarts 'd'%>D<%elsif payment_term_u istarts 'w'%>W<%elsif payment_term_u istarts 'm'%>M<%elsif payment_term_u istarts 'y'%>Y<%endif%>" />
   <input type="hidden" name="src" value="1" />
   <input type="hidden" name="sra" value="1" />
 <%~else%>
-  <input type="hidden" name="amount" value="<%payment_amount%>" />
+  <input type="hidden" name="amount" value="<%escape_html payment_amount%>" />
 <%~endif%>
-  <input type="hidden" name="invoice" value="<%unique_id%>" />
-  <input type="hidden" name="item_name" value="<%site_title%> link submission (<%ifnot payment_term_num%>Lifetime<%else%><%payment_term_num%> <%payment_term_unit%><%endif%><%if payment_type == 2%>, recurring<%endif%>)" />
+  <input type="hidden" name="invoice" value="<%escape_html unique_id%>" />
+  <input type="hidden" name="item_name" value="<%escape_html site_title%> link submission (<%ifnot payment_term_num%>Lifetime<%else%><%escape_html payment_term_num%> <%escape_html payment_term_unit%><%endif%><%if payment_type == 2%>, recurring<%endif%>)" />
   <input type="hidden" name="no_shipping" value="1" />
-  <input type="image" name="submit" src="<%if button_custom%><%button_custom%><%else%>https://www.paypal.com/images/<%button%><%endif%>" title="Make payments with PayPal - it's fast, free and secure!" class="image" />
+  <input type="image" name="submit" src="<%if button_custom%><%escape_html button_custom%><%else%>https://www.paypal.com/images/<%button%><%endif%>" title="Make payments with PayPal - it's fast, free and secure!" class="image" />
 </form>
Index: luna/payment_success.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/payment_success.html,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -b -r1.11 -r1.12
--- luna/payment_success.html   24 Mar 2005 08:58:29 -0000      1.11
+++ luna/payment_success.html   14 Apr 2005 03:16:50 -0000      1.12
@@ -21,7 +21,10 @@
 <div class="crumb"><%Links::Utils::format_title($main_title_loop, separator => $crumb_separator, no_escape_separator => $no_escape_crumb_separator, include_home => 1, link_type => 2)%></div>
 <h2>Payment Confirmation</h2>

-Your payment has been approved.  You will be redirected to the main page shortly.  If this does not happen, click <a href="<%Links::transform_url($config.build_root_url)%>">here</a>.
+<p>
+  Your payment has been approved.  You will be redirected to the main page shortly.
+  If this does not happen, click <a href="<%Links::transform_url($config.build_root_url)%>">here</a>.
+</p>

             </div>
           </div>
Index: luna/payment_worldpay_include.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/payment_worldpay_include.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -b -r1.3 -r1.4
--- luna/payment_worldpay_include.html  15 Feb 2005 21:06:14 -0000      1.3
+++ luna/payment_worldpay_include.html  18 Apr 2005 21:39:36 -0000      1.4
@@ -1,19 +1,19 @@
 <form action="https://select.worldpay.com/wcc/purchase" method="post">
-  <input type="hidden" name="instId" value="<%installation_id%>" />
-  <%if test_mode%><input type="hidden" name="testMode" value="<%test_mode%>" /><%endif%>
-  <input type="hidden" name="currency" value="<%currency%>" />
-  <input type="hidden" name="amount" value="<%payment_amount%>" />
+  <input type="hidden" name="instId" value="<%escape_html installation_id%>" />
+  <%if test_mode%><input type="hidden" name="testMode" value="<%escape_html test_mode%>" /><%endif%>
+  <input type="hidden" name="currency" value="<%escape_html currency%>" />
+  <input type="hidden" name="amount" value="<%escape_html payment_amount%>" />
 <%~if payment_type = 2%>
   <input type="hidden" name="futurePayType" value="regular" />
   <input type="hidden" name="option" value="0" />
-  <input type="hidden" name="normalAmount" value="<%payment_amount%>" />
+  <input type="hidden" name="normalAmount" value="<%escape_html payment_amount%>" />
   <input type="hidden" name="startDelayUnit" value="<%if payment_term_u istarts 'd'%>1<%elsif payment_term_u istarts 'w'%>2<%elsif payment_term_u istarts 'm'%>3<%elsif payment_term_u istarts 'y'%>4<%endif%>" />
-  <input type="hidden" name="startDelayMult" value="<%payment_term_num%>" />
+  <input type="hidden" name="startDelayMult" value="<%escape_html payment_term_num%>" />
   <input type="hidden" name="intervalUnit" value="<%if payment_term_u istarts 'd'%>1<%elsif payment_term_u istarts 'w'%>2<%elsif payment_term_u istarts 'm'%>3<%elsif payment_term_u istarts 'y'%>4<%endif%>" />
-  <input type="hidden" name="intervalMult" value="<%payment_term_num%>" />
+  <input type="hidden" name="intervalMult" value="<%escape_html payment_term_num%>" />
 <%~endif%>
-  <input type="hidden" name="cartId" value="<%unique_id%>" />
-  <input type="hidden" name="desc" value="<%site_title%> link submission (<%ifnot payment_term_num%>Lifetime<%else%><%payment_term_num%> <%payment_term_unit%><%endif%><%if payment_type == 2%>, recurring<%endif%>)" />
+  <input type="hidden" name="cartId" value="<%escape_html unique_id%>" />
+  <input type="hidden" name="desc" value="<%escape_html site_title%> link submission (<%ifnot payment_term_num%>Lifetime<%else%><%escape_html payment_term_num%> <%escape_html payment_term_unit%><%endif%><%if payment_type == 2%>, recurring<%endif%>)" />
   <input type="hidden" name="signatureFields" value="amount:currency:cartId" />
   <input type="hidden" name="signature" value="<%GT::Payment::Remote::WorldPay::md5_signature($md5_password, $payment_amount, $currency, $unique_id)%>" />
   <input type="submit" value="Make Payment" class="submit" />
Index: luna/rate.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/rate.html,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -b -r1.11 -r1.12
--- luna/rate.html      24 Mar 2005 08:58:29 -0000      1.11
+++ luna/rate.html      18 Apr 2005 21:39:36 -0000      1.12
@@ -25,7 +25,7 @@
 </p>

 <form action="<%config.db_cgi_url%>/rate.cgi" method="post">
-  <input type="hidden" name="ID" value="<%ID%>" />
+  <input type="hidden" name="ID" value="<%escape_html ID%>" />

   <div class="row required clear">
     <label for="rate" class="name">Link Rating:</label>
Index: luna/review_add.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/review_add.html,v
retrieving revision 1.15
retrieving revision 1.17
diff -u -b -r1.15 -r1.17
--- luna/review_add.html        24 Mar 2005 08:58:29 -0000      1.15
+++ luna/review_add.html        18 Apr 2005 21:39:36 -0000      1.17
@@ -27,7 +27,7 @@
 </p>

 <form action="<%config.db_cgi_url%>/review.cgi" method="post">
-  <%if ID%><input type="hidden" name="ID" value="<%ID%>" /><%endif%>
+  <%if ID%><input type="hidden" name="ID" value="<%escape_html ID%>" /><%endif%>
   <input type="hidden" name="add_this_review" value="1" />
   <div class="row required clear">
     <label class="name">Your Rating: <span>*</span></label>
@@ -42,32 +42,32 @@
   <div class="row required clear">
     <label for="Review_Subject" class="name">Subject: <span>*</span></label>
     <div class="value">
-      <input type="text" id="Review_Subject" name="Review_Subject" value="<%if Review_Subject%><%Review_Subject%><%endif%>" class="text" />
+      <input type="text" id="Review_Subject" name="Review_Subject" value="<%if Review_Subject%><%escape_html Review_Subject%><%endif%>" class="text" />
     </div>
   </div>
   <div class="row clear">
     <label for="Review_ByLine" class="name">By Line:</label>
     <div class="value">
-      <input type="text" id="Review_ByLine" name="Review_ByLine" value="<%if Review_ByLine%><%Review_ByLine%><%endif%>" class="text" />
+      <input type="text" id="Review_ByLine" name="Review_ByLine" value="<%if Review_ByLine%><%escape_html Review_ByLine%><%endif%>" class="text" />
     </div>
   </div>
   <div class="row required clear">
     <label for="Review_Contents" class="name">Your Review: <span>*</span></label>
     <div class="value">
-      <textarea id="Review_Contents" name="Review_Contents" rows="3" cols="42"><%if Review_Contents%><%Review_Contents%><%endif%></textarea>
+      <textarea id="Review_Contents" name="Review_Contents" rows="3" cols="42"><%if Review_Contents%><%escape_html Review_Contents%><%endif%></textarea>
     </div>
   </div>
-<%~if anonymous%>
+<%~if not config.user_review_required and not user.Username%>
   <div class="row required clear">
     <label for="Review_GuestName" class="name">Your Name: <span>*</span></label>
     <div class="value">
-      <input type="text" id="Review_GuestName" name="Review_GuestName" value="<%if Review_GuestName%><%Review_GuestName%><%endif%>" class="text" />
+      <input type="text" id="Review_GuestName" name="Review_GuestName" value="<%if Review_GuestName%><%escape_html Review_GuestName%><%endif%>" class="text" />
     </div>
   </div>
   <div class="row required clear">
     <label for="Review_GuestEmail" class="name">Your E-mail: <span>*</span></label>
     <div class="value">
-      <input type="text" id="Review_GuestEmail" name="Review_GuestEmail" value="<%if Review_GuestEmail%><%Review_GuestEmail%><%endif%>" class="text" />
+      <input type="text" id="Review_GuestEmail" name="Review_GuestEmail" value="<%if Review_GuestEmail%><%escape_html Review_GuestEmail%><%endif%>" class="text" />
     </div>
   </div>
 <%~endif%>
Index: luna/review_add_success.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/review_add_success.html,v
retrieving revision 1.12
retrieving revision 1.14
diff -u -b -r1.12 -r1.14
--- luna/review_add_success.html        24 Mar 2005 08:58:29 -0000      1.12
+++ luna/review_add_success.html        15 Apr 2005 00:07:25 -0000      1.14
@@ -40,7 +40,7 @@
   <label class="name">Review:</label>
   <div class="value wrappedtext"><%Review_Contents%></div>
 </div>
-<%~ifnot config.user_review_required%>
+<%~if not config.user_review_required and not user.Username%>
 <div class="row clear">
   <label class="name">Name:</label>
   <div class="value wrappedtext"><%Review_GuestName%></div>
@@ -52,7 +52,11 @@
 <%~endif%>

 <p>
+<%~if config.review_auto_validate%>
+  Thank you! Your review has been added.
+<%~else%>
   Thank you! We will send you an e-mail once your review has been validated.
+<%~endif%>
 </p>

             </div>
Index: luna/review_added.eml
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/review_added.eml,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -b -r1.6 -r1.7
--- luna/review_added.eml       15 Mar 2005 20:13:12 -0000      1.6
+++ luna/review_added.eml       15 Apr 2005 00:07:25 -0000      1.7
@@ -12,7 +12,7 @@
     By Line: <%Review_ByLine%>
     Date: <%Review_Date%>
     Contents: <%Review_Contents%>
-<%~if anonymous%>
+<%~if not config.user_review_required and not user.Username%>
     Name: <%Review_GuestName%>
     E-mail: <%Review_GuestEmail%>
 <%~endif%>
Index: luna/review_edit.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/review_edit.html,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -b -r1.13 -r1.14
--- luna/review_edit.html       24 Mar 2005 08:58:29 -0000      1.13
+++ luna/review_edit.html       18 Apr 2005 21:39:36 -0000      1.14
@@ -32,14 +32,14 @@

 <form action="<%config.db_cgi_url%>/review.cgi" method="post">
   <input type="hidden" name="edit_review" value="1" />
-  <input type="hidden" name="ID" value="<%ID%>" />
+  <input type="hidden" name="ID" value="<%escape_html ID%>" />
 <%~if confirm%>
   <div class="formsubmit">
     <input type="submit" name="confirmed" value="Continue" class="submit" />
     <input type="submit" name="cancelled" value="Cancel" class="submit" />
   </div>
 <%~else%>
-  <input type="hidden" name="ReviewID" value="<%if ReviewID%><%ReviewID%><%endif%>" />
+  <input type="hidden" name="ReviewID" value="<%if ReviewID%><%escape_html ReviewID%><%endif%>" />

   <div class="row required clear">
     <label class="name">Your Rating: <span>*</span></label>
@@ -54,19 +54,19 @@
   <div class="row required clear">
     <label for="Review_Subject" class="name">Subject: <span>*</span></label>
     <div class="value">
-      <input type="text" id="Review_Subject" name="Review_Subject" value="<%if Review_Subject%><%Review_Subject%><%endif%>" class="text" />
+      <input type="text" id="Review_Subject" name="Review_Subject" value="<%if Review_Subject%><%escape_html Review_Subject%><%endif%>" class="text" />
     </div>
   </div>
   <div class="row clear">
     <label for="Review_ByLine" class="name">By Line:</label>
     <div class="value">
-      <input type="text" id="Review_ByLine" name="Review_ByLine" value="<%if Review_ByLine%><%Review_ByLine%><%endif%>" class="text" />
+      <input type="text" id="Review_ByLine" name="Review_ByLine" value="<%if Review_ByLine%><%escape_html Review_ByLine%><%endif%>" class="text" />
     </div>
   </div>
   <div class="row required clear">
     <label for="Review_Contents" class="name">Your Review: <span>*</span></label>
     <div class="value">
-      <textarea id="Review_Contents" name="Review_Contents" rows="3" cols="42"><%if Review_Contents%><%Review_Contents%><%endif%></textarea>
+      <textarea id="Review_Contents" name="Review_Contents" rows="3" cols="42"><%if Review_Contents%><%escape_html Review_Contents%><%endif%></textarea>
     </div>
   </div>
   <div class="formsubmit">
Index: luna/review_edit_success.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/review_edit_success.html,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -b -r1.9 -r1.10
--- luna/review_edit_success.html       24 Mar 2005 08:58:29 -0000      1.9
+++ luna/review_edit_success.html       14 Apr 2005 07:37:09 -0000      1.10
@@ -20,7 +20,9 @@
 <div class="crumb"><%Links::Utils::format_title($main_title_loop, separator => $crumb_separator, no_escape_separator => $no_escape_crumb_separator, include_home => 1, link_type => 2)%></div>
 <h2>Review Updated</h2>

-We have received the following review:
+<p>
+  We have received the following review:
+</p>

 <div class="row clear">
   <label class="name">Rating:</label>
@@ -39,7 +41,13 @@
   <div class="value wrappedtext"><%Review_Contents%></div>
 </div>

-Thank you! We will send you an e-mail once your review has been validated.
+<p>
+<%~if config.review_auto_validate%>
+  Your review has been modified.
+<%~else%>
+  Thank you! We will send you an e-mail once your review has been validated.
+<%~endif%>
+</p>

             </div>
           </div>
Index: luna/review_include.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/review_include.html,v
retrieving revision 1.11
retrieving revision 1.13
diff -u -b -r1.11 -r1.13
--- luna/review_include.html    22 Mar 2005 02:01:36 -0000      1.11
+++ luna/review_include.html    18 Apr 2005 21:39:36 -0000      1.13
@@ -6,7 +6,7 @@
   <%~set ID = ''%>
 <%~endif%>
   <h4 class="reviewsubject">
-    <%Review_Subject%><%if Review_Owner eq $user.Username%> <span class="hsmall">(<a href="<%config.db_cgi_url%>/review.cgi?edit_review=1;ID=<%Review_LinkID%>;confirmed=1">edit</a>)</span><%endif%>
+    <%Review_Subject%><%if Review_Owner eq $user.Username and config.review_allow_modify%> <span class="hsmall">(<a href="<%config.db_cgi_url%>/review.cgi?edit_review=1;ID=<%Review_LinkID%>;confirmed=1">edit</a>)</span><%endif%>
     <img src="<%Links::Utils::image_url("stars-5-${Review_Rating}.gif")%>" alt="<%Review_Rating%> out of 5 stars" title="<%Review_Rating%> out of 5 stars" />
     <%if Review_IsNew%><span class="new-item"><span>new</span></span><%endif%>
   </h4>
@@ -26,11 +26,11 @@
   <div class="reviewhelpful clear">
     <span><%if Num%><%Review_WasHelpful%> of <%Num%> people found this review helpful<%endif%></span>
     <form action="<%config.db_cgi_url%>/review.cgi">
-      <%if nh and nh != 1%><input type="hidden" name="nh" value="<%nh%>" /><%endif%>
+      <%if nh and nh != 1%><input type="hidden" name="nh" value="<%escape_html nh%>" /><%endif%>
       <input type="hidden" name="helpful" value="1" />
-      <%if ID%><input type="hidden" name="ID" value="<%ID%>" /><%endif%>
-      <%if username%><input type="hidden" name="username" value="<%username%>" /><%endif%>
-      <%if ReviewID%><input type="hidden" name="ReviewID" value="<%ReviewID%>" /><%endif%>
+      <%if ID%><input type="hidden" name="ID" value="<%escape_html ID%>" /><%endif%>
+      <%if username%><input type="hidden" name="username" value="<%escape_html username%>" /><%endif%>
+      <%if ReviewID%><input type="hidden" name="ReviewID" value="<%escape_html ReviewID%>" /><%endif%>
       <span>
       <%~if last_helpful%>
         Thanks for the feedback.
Index: luna/signup_form.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/signup_form.html,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -b -r1.13 -r1.14
--- luna/signup_form.html       24 Mar 2005 08:58:29 -0000      1.13
+++ luna/signup_form.html       18 Apr 2005 21:39:36 -0000      1.14
@@ -28,7 +28,7 @@
   <div class="row required clear">
     <label for="Username" class="name">Username: <span>*</span></label>
     <div class="value">
-      <input type="text" id="Username" name="Username" value="<%if Username%><%Username%><%endif%>" class="text" />
+      <input type="text" id="Username" name="Username" value="<%if Username%><%escape_html Username%><%endif%>" class="text" />
     </div>
   </div>
   <div class="row required clear">
@@ -40,7 +40,7 @@
   <div class="row required clear">
     <label for="Email" class="name">E-mail: <span>*</span></label>
     <div class="value">
-      <input type="text" id="Email" name="Email" value="<%if Email%><%Email%><%endif%>" class="text" />
+      <input type="text" id="Email" name="Email" value="<%if Email%><%escape_html Email%><%endif%>" class="text" />
     </div>
   </div>
   <div class="formsubmit">
Index: luna/subcategory.html
===================================================================
RCS file: /glinks/cgi/admin/templates/luna/subcategory.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -b -r1.2 -r1.3
--- luna/subcategory.html       1 Mar 2005 01:14:13 -0000       1.2
+++ luna/subcategory.html       13 Apr 2005 02:06:35 -0000      1.3
@@ -1,2 +1,2 @@
-<dt><a href="<%URL%>"><%Name%><%if Related%>@<%endif%></a> (<%Number_of_Links%>)<%if Has_New_Links eq 'Yes'%> <span class="new-item"><span>new</span></span><%endif%><%if Has_Changed_Links eq 'Yes'%> <span class="updated-item">updated</span></span><%endif%></dt>
+<dt><a href="<%URL%>"><%Name%><%if Related%>@<%endif%></a> (<%Number_of_Links%>)<%if Has_New_Links eq 'Yes'%> <span class="new-item"><span>new</span></span><%endif%><%if Has_Changed_Links eq 'Yes'%> <span class="updated-item"><span>updated</span></span><%endif%></dt>
 <%if Description%><dd><%Description%></dd><%endif%>