-<body>
+[% USE HTML %]<body>
- <form action="<TMPL_VAR script ESCAPE=HTML>" method="post">
+ <form action="[% HTML.escape(script) %]" method="post">
- <input type="hidden" name="login" value="<TMPL_VAR login ESCAPE=HTML>">
- <input type="hidden" name="path" value="<TMPL_VAR path ESCAPE=HTML>">
- <input type="hidden" name="password" value="<TMPL_VAR password ESCAPE=HTML>">
-
- <input type="hidden" name="SAVED_FORM" value="<TMPL_VAR SAVED_FORM ESCAPE=HTML>">
+ <input type="hidden" name="SAVED_FORM" value="[% HTML.escape(SAVED_FORM) %]">
<table width="100%">
<tr>
<th class="listheading">Bearbeiter</th>
</tr>
- <TMPL_LOOP DRAFTS>
- <tr class="listrow<TMPL_IF __odd__>1<TMPL_ELSE>0</TMPL_IF>">
- <td><input type="checkbox" name="checked_<TMPL_VAR id>" value="1"></td>
- <td><TMPL_VAR itime ESCAPE=HTML></td>
- <td><a href="<TMPL_VAR script ESCAPE=URL>?login=<TMPL_VAR login ESCAPE=URL>&password=<TMPL_VAR password ESCAPE=URL>&path=<TMPL_VAR path ESCAPE=URL>&action=load_draft&id=<TMPL_VAR id ESCAPE=URL>"><TMPL_VAR description ESCAPE=HTML></a></td>
- <td><TMPL_VAR employee_name ESCAPE=HTML></td>
+ [% FOREACH row = DRAFTS %]
+ <tr class="listrow[% loop.count % 2 %]">
+ <td><input type="checkbox" name="checked_[% row.id %]" value="1"></td>
+ <td>[% HTML.escape(row.itime) %]</td>
+ <td><a href="[% HTML.url(script) %]?action=load_draft&id=[% HTML.url(row.id) %]">[% HTML.escape(row.description) %]</a></td>
+ <td>[% HTML.escape(row.employee_name) %]</td>
</tr>
- </TMPL_LOOP>
+ [% END %]
</table>
</td>
</tr>