From d80d63e1ba01bd22b9d18490db47ee0168654616 Mon Sep 17 00:00:00 2001
From: Max Kremmel <xing@synapse.plus.com>
Date: Sat, 25 Mar 2006 20:52:15 +0000
Subject: escape htmlspecialchars on output instead of during store process

---
 templates/admin_quota.tpl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/admin_quota.tpl b/templates/admin_quota.tpl
index 63493dd..d681630 100644
--- a/templates/admin_quota.tpl
+++ b/templates/admin_quota.tpl
@@ -35,14 +35,14 @@
 		</tr>
 		{foreach key=quotaId item=quota from=$quotaList}
 			<tr class="{cycle values=odd,even}">
-				<td><a href="{$smarty.server.PHP_SELF}?page=quota&quota_id={$quotaId}">{$quota.title}</a></td>
+				<td><a href="{$smarty.server.PHP_SELF}?page=quota&quota_id={$quotaId}">{$quota.title|escape}</a></td>
 				<td align="right">{$quota.disk_usage/1000000} MB</td>
 				<td align="right">{$quota.monthly_transfer/1000000} MB</td>
 			</tr>
 		{/foreach}
 	</table>
 {else}
-	{assign var=editLabel value=$gQuota->mInfo.title|default:"New Quota"}
+	{assign var=editLabel value=$gQuota->mInfo.title|escape|default:"New Quota"}
 	{form legend="Edit `$editLabel`"}
 		<input type="hidden" name="page" value="{$page}" />
 		<input type="hidden" name="quota_id" value="{$gQuota->mQuotaId}" />
-- 
cgit v1.3