escape htmlspecialchars on output instead of during store process

author: Max Kremmel <xing@synapse.plus.com> 2006-03-25 20:52:15 +0000
committer: Max Kremmel <xing@synapse.plus.com> 2006-03-25 20:52:15 +0000
commit: d80d63e1ba01bd22b9d18490db47ee0168654616 (patch)
tree: d47198af5f4750d8f81edad7270d920ffc6dd7ff
parent: d1036e8cf3f0dc7918c711fc24ed5a120c62751a (diff)
download: quota-d80d63e1ba01bd22b9d18490db47ee0168654616.tar.gz
quota-d80d63e1ba01bd22b9d18490db47ee0168654616.tar.bz2
quota-d80d63e1ba01bd22b9d18490db47ee0168654616.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/templates/admin_quota.tpl b/templates/admin_quota.tpl
index 63493dd..d681630 100644
--- a/templates/admin_quota.tpl
+++ b/templates/admin_quota.tpl
@@ -35,14 +35,14 @@
 		</tr>
 		{foreach key=quotaId item=quota from=$quotaList}
 			<tr class="{cycle values=odd,even}">
-				<td><a href="{$smarty.server.PHP_SELF}?page=quota&quota_id={$quotaId}">{$quota.title}</a></td>
+				<td><a href="{$smarty.server.PHP_SELF}?page=quota&quota_id={$quotaId}">{$quota.title|escape}</a></td>
 				<td align="right">{$quota.disk_usage/1000000} MB</td>
 				<td align="right">{$quota.monthly_transfer/1000000} MB</td>
 			</tr>
 		{/foreach}
 	</table>
 {else}
-	{assign var=editLabel value=$gQuota->mInfo.title|default:"New Quota"}
+	{assign var=editLabel value=$gQuota->mInfo.title|escape|default:"New Quota"}
 	{form legend="Edit `$editLabel`"}
 		<input type="hidden" name="page" value="{$page}" />
 		<input type="hidden" name="quota_id" value="{$gQuota->mQuotaId}" />
author	Max Kremmel <xing@synapse.plus.com>	2006-03-25 20:52:15 +0000
committer	Max Kremmel <xing@synapse.plus.com>	2006-03-25 20:52:15 +0000
commit	d80d63e1ba01bd22b9d18490db47ee0168654616 (patch)
tree	d47198af5f4750d8f81edad7270d920ffc6dd7ff
parent	d1036e8cf3f0dc7918c711fc24ed5a120c62751a (diff)
download	quota-d80d63e1ba01bd22b9d18490db47ee0168654616.tar.gz quota-d80d63e1ba01bd22b9d18490db47ee0168654616.tar.bz2 quota-d80d63e1ba01bd22b9d18490db47ee0168654616.zip