source: branches/version-2_5-dev/data/Smarty/templates/admin/mail/template_input.tpl @ 20249

Revision 20249, 2.9 KB checked in by fukuda, 11 years ago (diff)

#963 [管理画面]メルマガ管理 r20248 で混入したセキュリティホール修正
$smarty.server.PHP_SELFはXSSの元だからダメよ

  • Property svn:eol-style set to LF
  • Property svn:keywords set to Id
  • Property svn:mime-type set to text/x-smarty-template; charset=UTF-8
Line 
1<!--{*
2/*
3 * This file is part of EC-CUBE
4 *
5 * Copyright(c) 2000-2010 LOCKON CO.,LTD. All Rights Reserved.
6 *
7 * http://www.lockon.co.jp/
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version 2
12 * of the License, or (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
22 */
23*}-->
24<form name="form1" id="form1" method="post" action="?">
25<input type="hidden" name="mode" value="<!--{$mode}-->" />
26<input type="hidden" name="template_id" value="<!--{$arrForm.template_id|h}-->" />
27<div id="mail" class="contents-main">
28  <table class="form">
29    <tr>
30      <th>メール形式<span class="attention"> *</span></th>
31      <td>
32        <span <!--{if $arrErr.mail_method}--><!--{sfSetErrorStyle}--><!--{/if}-->><!--{html_radios name="mail_method" options=$arrMagazineType separator="&nbsp;" selected=$arrForm.mail_method}--></span>
33        <!--{if $arrErr.mail_method}--><br /><span class="attention"><!--{$arrErr.mail_method}--></span><!--{/if}-->
34      </td>
35    </tr>
36    <tr>
37      <th>Subject<span class="attention"> *</span></th>
38      <td>
39        <input type="text" name="subject" size="65" class="box65" <!--{if $arrErr.subject}--><!--{sfSetErrorStyle}--><!--{/if}--> value="<!--{$arrForm.subject|h}-->" />
40        <!--{if $arrErr.subject}--><br /><span class="attention"><!--{$arrErr.subject}--></span><!--{/if}-->
41      </td>
42    </tr>
43    <tr>
44      <th>本文<span class="attention"> *</span><br />(名前差し込み時は {name} といれてください)</th>
45      <td>
46        <textarea name="body" cols="90" rows="40" class="area90 top" <!--{if $arrErr.body}--><!--{sfSetErrorStyle}--><!--{/if}-->><!--{$arrForm.body|h}--></textarea>
47        <!--{if $arrErr.body}--><br /><span class="attention"><!--{$arrErr.body}--></span><!--{/if}-->
48        <div>
49            <a class="btn-normal" href="javascript:;" onclick="fnCharCount('form1','body','cnt_footer'); return false;" name="next" id="next"><span>文字数カウント</span></a>
50            <span>今までに入力したのは<input type="text" name="cnt_footer" size="4" class="box4" readonly = true style="text-align:right" />文字です。</span>
51        </div>
52      </td>
53    </tr>
54  </table>
55  <div class="btn-area">
56    <ul>
57      <li><a class="btn-action" href="javascript:;" onclick="fnFormModeSubmit('form1', '<!--{$mode}-->', '', ''); return false;"><span class="btn-next">この内容で登録する</span></a></li>
58    </ul>
59  </div>
60</form>
61</div>
Note: See TracBrowser for help on using the repository browser.