Ignore:
Timestamp:
2014/10/28 16:33:54 (9 years ago)
Author:
shinichi_takahashi
Message:

#2448 エスケープ漏れ対応

Location:
branches/version-2_13_3/data/Smarty/templates/admin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/version-2_13_3/data/Smarty/templates/admin/basis/payment_input.tpl

    r23546 r23668  
    2626    <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" /> 
    2727    <input type="hidden" name="mode" value="edit" /> 
    28     <input type="hidden" name="payment_id" value="<!--{$tpl_payment_id}-->" /> 
     28    <input type="hidden" name="payment_id" value="<!--{$tpl_payment_id|h}-->" /> 
    2929    <input type="hidden" name="image_key" value="" /> 
    30     <input type="hidden" name="fix" value="<!--{$arrForm.fix.value}-->" /> 
     30    <input type="hidden" name="fix" value="<!--{$arrForm.fix.value|h}-->" /> 
    3131    <!--{foreach key=key item=item from=$arrHidden}--> 
    3232    <input type="hidden" name="<!--{$key}-->" value="<!--{$item|h}-->" /> 
    3333    <!--{/foreach}--> 
    34     <input type="hidden" name="charge_flg" value="<!--{$charge_flg}-->" /> 
     34    <input type="hidden" name="charge_flg" value="<!--{$charge_flg|h}-->" /> 
    3535    <div id="basis" class="contents-main"> 
    3636        <h2>支払方法登録・編集</h2> 
  • branches/version-2_13_3/data/Smarty/templates/admin/order/status.tpl

    r23546 r23668  
    2626    <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" /> 
    2727    <input type="hidden" name="mode" value="" /> 
    28     <input type="hidden" name="status" value="<!--{if $arrForm.status == ""}-->1<!--{else}--><!--{$arrForm.status}--><!--{/if}-->" /> 
    29     <input type="hidden" name="search_pageno" value="<!--{$tpl_pageno}-->" /> 
     28    <input type="hidden" name="status" value="<!--{if $arrForm.status == ""}-->1<!--{else}--><!--{$arrForm.status|h}--><!--{/if}-->" /> 
     29    <input type="hidden" name="search_pageno" value="<!--{$tpl_pageno|h}-->" /> 
    3030    <input type="hidden" name="order_id" value="" /> 
    3131    <div id="order" class="contents-main"> 
Note: See TracChangeset for help on using the changeset viewer.