Changeset 23668 for branches/version-2_13_3/data/Smarty/templates/admin/order/status.tpl

Timestamp:

2014/10/28 16:33:54 (9 years ago)

Author:

shinichi_takahashi

Message:

#2448 エスケープ漏れ対応

File:

• branches/version-2_13_3/data/Smarty/templates/admin/order/status.tpl (modified) (1 diff)

branches/version-2_13_3/data/Smarty/templates/admin/order/status.tpl

@@ -26 +26 @@
     <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
     <input type="hidden" name="mode" value="" />
-    <input type="hidden" name="status" value="<!--{if $arrForm.status == ""}-->1<!--{else}--><!--{$arrForm.status}--><!--{/if}-->" />
-    <input type="hidden" name="search_pageno" value="<!--{$tpl_pageno}-->" />
+    <input type="hidden" name="status" value="<!--{if $arrForm.status == ""}-->1<!--{else}--><!--{$arrForm.status|h}--><!--{/if}-->" />
+    <input type="hidden" name="search_pageno" value="<!--{$tpl_pageno|h}-->" />
     <input type="hidden" name="order_id" value="" />
     <div id="order" class="contents-main">