Changeset 20741 for branches/version-2_5-dev/data/Smarty/templates/admin/order/product_select.tpl

Timestamp:

2011/03/20 14:45:13 (13 years ago)

Author:

kotani

Message:

#862 (テンプレート上のエスケープを簡単に)実装漏れ箇所

File:

• branches/version-2_5-dev/data/Smarty/templates/admin/order/product_select.tpl (modified) (3 diffs)

branches/version-2_5-dev/data/Smarty/templates/admin/order/product_select.tpl

@@ -42 +42 @@
     var opner_product_id = 'edit_product_id';
     var opner_product_class_id = 'edit_product_class_id';
-    fm1.getElementById("no").value = <!--{$tpl_no}-->;
+    fm1.getElementById("no").value = <!--{$tpl_no|h}-->;
     <!--{else}-->
     var opner_product_id = 'add_product_id';
@@ -130 +130 @@
 <input name="anchor_key" type="hidden" value="" />
 <input name="search_pageno" type="hidden" value="" />
-<input name="no" type="hidden" value="<!--{$tpl_no}-->" />
+<input name="no" type="hidden" value="<!--{$tpl_no|h}-->" />
 <table class="form">
     <colgroup width="20%">
@@ -145 +145 @@
     <tr>
         <th>商品名</th>
-        <td><input type="text" name="search_name" value="<!--{$arrForm.search_name}-->" size="35" class="box35" /></td>
+        <td><input type="text" name="search_name" value="<!--{$arrForm.search_name|h}-->" size="35" class="box35" /></td>
     </tr>
     <tr>
         <th>商品コード</th>
-        <td><input type="text" name="search_product_code" value="<!--{$arrForm.search_product_code}-->" size="35" class="box35" /></td>
+        <td><input type="text" name="search_product_code" value="<!--{$arrForm.search_product_code|h}-->" size="35" class="box35" /></td>
     </tr>
 </table>