|
|
@@ -91,27 +91,27 @@ echo "<form method='post' action=''>";
|
|
|
echo "<table>";
|
|
|
echo " <tr>";
|
|
|
echo " <td>rss_category</td>";
|
|
|
-echo " <td><input type='text' name='rss_category' value='$rss_category'></td>";
|
|
|
+echo " <td><input type='text' name='rss_category' value='".escape($rss_category)."'></td>";
|
|
|
echo " </tr>";
|
|
|
echo " <tr>";
|
|
|
echo " <td>rss_sub_category</td>";
|
|
|
-echo " <td><input type='text' name='rss_sub_category' value='$rss_sub_category'></td>";
|
|
|
+echo " <td><input type='text' name='rss_sub_category' value='".escape($rss_sub_category)."'></td>";
|
|
|
echo " </tr>";
|
|
|
echo " <tr>";
|
|
|
echo " <td>rss_sub_category_description</td>";
|
|
|
-echo " <td><input type='text' name='rss_sub_category_description' value='$rss_sub_category_description'></td>";
|
|
|
+echo " <td><input type='text' name='rss_sub_category_description' value='".escape($rss_sub_category_description)."'></td>";
|
|
|
echo " </tr>";
|
|
|
echo " <tr>";
|
|
|
echo " <td>rss_add_user</td>";
|
|
|
-echo " <td><input type='text' name='rss_add_user' value='$rss_add_user'></td>";
|
|
|
+echo " <td><input type='text' name='rss_add_user' value='".escape($rss_add_user)."'></td>";
|
|
|
echo " </tr>";
|
|
|
echo " <tr>";
|
|
|
echo " <td>rss_add_date</td>";
|
|
|
-echo " <td><input type='text' name='rss_add_date' value='$rss_add_date'></td>";
|
|
|
+echo " <td><input type='text' name='rss_add_date' value='".escape($rss_add_date)."'></td>";
|
|
|
echo " </tr>";
|
|
|
echo " <tr>";
|
|
|
echo " <td colspan='2' align='right'>";
|
|
|
-echo " <input type='hidden' name='rss_sub_category_uuid' value='$rss_sub_category_uuid'>";
|
|
|
+echo " <input type='hidden' name='rss_sub_category_uuid' value='".escape($rss_sub_category_uuid)."'>";
|
|
|
echo " <br><br>";
|
|
|
echo " <input type='submit' name='submit' value='".$text['button-update']."'>";
|
|
|
echo " </td>";
|
AlexanderDCrane