Changeset 20753

Timestamp:

2011/03/21 18:00:43 (13 years ago)

Author:

kotani

Message:

#862 (テンプレート上のエスケープを簡単に)実装漏れ箇所

Location:

branches/version-2_5-dev/data/Smarty/templates/admin

Files:

• order/edit.tpl (modified) (1 diff)
• order/pdf_input.tpl (modified) (1 diff)
• products/category.tpl (modified) (1 diff)
• products/product_select.tpl (modified) (3 diffs)

branches/version-2_5-dev/data/Smarty/templates/admin/order/edit.tpl

@@ -145 +145 @@
             <td>
                 <!--{if $arrForm.customer_id.value > 0}-->
-                    <!--{$arrForm.customer_id.value}-->
+                    <!--{$arrForm.customer_id.value|h}-->
                     <input type="hidden" name="customer_id" value="<!--{$arrForm.customer_id.value|h}-->" />
                 <!--{else}-->

branches/version-2_5-dev/data/Smarty/templates/admin/order/pdf_input.tpl

@@ -41 +41 @@
 <input type="hidden" name="mode" value="confirm" />
 <!--{foreach from=$arrForm.order_id item=order_id}-->
-    <input type="hidden" name="order_id[]" value="<!--{$order_id}-->">
+    <input type="hidden" name="order_id[]" value="<!--{$order_id|h}-->">
 <!--{/foreach}-->
 

branches/version-2_5-dev/data/Smarty/templates/admin/products/category.tpl

@@ -34 +34 @@
 <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
 <input type="hidden" name="mode" value="edit" />
-<input type="hidden" name="parent_category_id" value="<!--{$arrForm.parent_category_id}-->">
-<input type="hidden" name="category_id" value="<!--{$arrForm.category_id}-->">
+<input type="hidden" name="parent_category_id" value="<!--{$arrForm.parent_category_id|h}-->">
+<input type="hidden" name="category_id" value="<!--{$arrForm.category_id|h}-->">
 <input type="hidden" name="keySet" value="">
 <div id="products" class="contents-main">

branches/version-2_5-dev/data/Smarty/templates/admin/products/product_select.tpl

@@ -32 +32 @@
     fm.recommend_id<!--{$smarty.get.no|h}-->.value = id;
     fm.mode.value = 'recommend_select';
-    fm.anchor_key.value = 'recommend_no<!--{$smarty.get.no}-->';
+    fm.anchor_key.value = 'recommend_no<!--{$smarty.get.no|h}-->';
     fm.submit();
     window.close();
@@ -58 +58 @@
     <tr>
         <th>商品名</th>
-        <td><input type="text" name="search_name" value="<!--{$arrForm.search_name}-->" size="35" class="box35" /></td>
+        <td><input type="text" name="search_name" value="<!--{$arrForm.search_name|h}-->" size="35" class="box35" /></td>
     </tr>
 </table>
@@ -89 +89 @@
                 <td><!--{$arrProducts[cnt].product_code|default:"-"|h}--></td>
                 <td><!--{$arrProducts[cnt].name|h}--></td>
-                <td align="center"><a href="#" onclick="return func_submit(<!--{$arrProducts[cnt].product_id}-->)">決定</a></td>
+                <td align="center"><a href="#" onclick="return func_submit(<!--{$arrProducts[cnt].product_id|h}-->)">決定</a></td>
             </tr>
             <!--▲商品<!--{$smarty.section.cnt.iteration}-->-->