dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Escape user data on device_edit.php (#3087) 

* Update user_edit.php

* Escape user data on device_edit.php
This commit is contained in:
AlexanderDCrane 2018-06-08 14:01:07 -06:00 committed by FusionPBX
parent c33494871d
commit 8ba6cf0cb0
1 changed files with 47 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
app/devices/device_edit.php
View File

@ -579,7 +579,7 @@
if ($_SERVER['HTTPS'] == 'on') { $_SERVER['HTTP_PROTOCOL'] = 'https'; }
if ($_SERVER['SERVER_PORT'] == '443') { $_SERVER['HTTP_PROTOCOL'] = 'https'; }
}
echo " window.location = '".$_SERVER['HTTP_PROTOCOL']."://".$domain_name.PROJECT_PATH."/app/provision/index.php?mac=".$device_mac_address."&file=' + d + '&content_type=application/octet-stream';\n";
echo " window.location = '".$_SERVER['HTTP_PROTOCOL']."://".$domain_name.PROJECT_PATH."/app/provision/index.php?mac=".escape($device_mac_address)."&file=' + d + '&content_type=application/octet-stream';\n";
echo " }\n";
echo "\n";
@ -705,7 +705,7 @@
if (permission_exists("device_line_password") && $device_template == "grandstream/wave") {
echo " <input type='button' class='btn' name='' alt='".$text['button-qr_code']."' onclick=\"$('#qr_code_container').fadeIn(400);\" value='".$text['button-qr_code']."'>\n";
}
echo " <input type='button' class='btn' value='".$text['button-provision']."' onclick=\"document.location.href='".PROJECT_PATH."/app/devices/cmd.php?cmd=check_sync&profile=".$sip_profile_name."&user=".$user_id."@".$server_address."&domain=".$server_address."&agent=".$device_vendor."';\">&nbsp;\n";
echo " <input type='button' class='btn' value='".$text['button-provision']."' onclick=\"document.location.href='".PROJECT_PATH."/app/devices/cmd.php?cmd=check_sync&profile=".$sip_profile_name."&user=".$user_id."@".$server_address."&domain=".$server_address."&agent=".escape($device_vendor)."';\">&nbsp;\n";
if (permission_exists("device_files")) {
//get the template directory
$prov = new provision;
@ -731,7 +731,7 @@
}
if (permission_exists('device_add') && $action != "add") {
echo " <input type='button' class='btn' name='' alt='".$text['button-copy']."' onclick=\"var new_mac = prompt('".$text['message_device']."'); if (new_mac != null) { window.location='device_copy.php?id=".$device_uuid."&mac=' + new_mac; }\" value='".$text['button-copy']."'/>\n";
echo " <input type='button' class='btn' name='' alt='".$text['button-copy']."' onclick=\"var new_mac = prompt('".$text['message_device']."'); if (new_mac != null) { window.location='device_copy.php?id=".escape($device_uuid)."&mac=' + new_mac; }\" value='".$text['button-copy']."'/>\n";
}
echo " <input type='button' class='btn' value='".$text['button-save']."' onclick='submit_form();'/>\n";
echo "</td>\n";
@ -751,15 +751,15 @@
echo "</td>\n";
echo "<td class='vtable' width='70%' align='left'>\n";
if (permission_exists('device_mac_address')) {
echo " <input class='formfld' type='text' name='device_mac_address' id='device_mac_address' maxlength='255' value=\"$device_mac_address\"/>\n";
echo " <input class='formfld' type='text' name='device_mac_address' id='device_mac_address' maxlength='255' value=\"".escape($device_mac_address)."\"/>\n";
echo "<br />\n";
echo $text['description-device_mac_address']."\n";
}
else {
echo $device_mac_address;
echo escape($device_mac_address);
}
echo " <div style='display: none;' id='duplicate_mac_response'></div>\n";
echo " ".$device_provisioned_ip."(<a href='http://".$device_provisioned_ip."' target='_blank'>http</a>|<a href='https://".$device_provisioned_ip."' target='_blank'>https</a>)\n";
echo " ".escape($device_provisioned_ip)."(<a href='http://".escape($device_provisioned_ip)."' target='_blank'>http</a>|<a href='https://".escape($device_provisioned_ip)."' target='_blank'>https</a>)\n";
echo "</td>\n";
echo "</tr>\n";
@ -769,12 +769,12 @@
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
if (permission_exists('device_label')) {
echo " <input class='formfld' type='text' name='device_label' maxlength='255' value=\"$device_label\"/>\n";
echo " <input class='formfld' type='text' name='device_label' maxlength='255' value=\"".escape($device_label)."\"/>\n";
echo "<br />\n";
echo $text['description-device_label']."\n";
}
else {
echo $device_label;
echo escape($device_label);
}
echo "</td>\n";
echo "</tr>\n";
@ -885,7 +885,7 @@
}
//add the primary key uuid
if (strlen($row['device_line_uuid']) > 0) {
echo " <input name='device_lines[".$x."][device_line_uuid]' type='hidden' value=\"".$row['device_line_uuid']."\"/>\n";
echo " <input name='device_lines[".$x."][device_line_uuid]' type='hidden' value=\"".escape($row['device_line_uuid'])."\"/>\n";
}
//show each row in the array
echo " <tr>\n";
@ -929,11 +929,11 @@
echo " </td>\n";
if (permission_exists('device_line_server_address')) {
echo " <td valign='top' align='left' nowrap='nowrap'>\n";
echo " <input class='formfld' style='width: 75px;' type='text' name='device_lines[".$x."][server_address]' maxlength='255' value=\"".$row['server_address']."\"/>\n";
echo " <input class='formfld' style='width: 75px;' type='text' name='device_lines[".$x."][server_address]' maxlength='255' value=\"".escape($row['server_address'])."\"/>\n";
echo " </td>\n";
}
else {
echo " <input type='hidden' name='device_lines[".$x."][server_address]' value=\"".$row['server_address']."\"/>\n";
echo " <input type='hidden' name='device_lines[".$x."][server_address]' value=\"".escape($row['server_address'])."\"/>\n";
}
if (permission_exists('device_outbound_proxy_primary')) {
@ -941,39 +941,39 @@
$placeholder_label = $text['label-primary'];
}
echo " <td align='left'>\n";
echo " <input class='formfld' style='width: 65px;' type='text' name='device_lines[".$x."][outbound_proxy_primary]' placeholder=\"".$placeholder_label."\" maxlength='255' value=\"".$row['outbound_proxy_primary']."\"/>\n";
echo " <input class='formfld' style='width: 65px;' type='text' name='device_lines[".$x."][outbound_proxy_primary]' placeholder=\"".$placeholder_label."\" maxlength='255' value=\"".escape($row['outbound_proxy_primary'])."\"/>\n";
echo " </td>\n";
unset($placeholder_label);
}
if (permission_exists('device_outbound_proxy_secondary')) {
echo " <td align='left'>\n";
echo " <input class='formfld' style='width: 65px;' type='text' name='device_lines[".$x."][outbound_proxy_secondary]' placeholder=\"".$text['label-secondary']."\" maxlength='255' value=\"".$row['outbound_proxy_secondary']."\"/>\n";
echo " <input class='formfld' style='width: 65px;' type='text' name='device_lines[".$x."][outbound_proxy_secondary]' placeholder=\"".$text['label-secondary']."\" maxlength='255' value=\"".escape($row['outbound_proxy_secondary'])."\"/>\n";
echo " </td>\n";
}
echo " <td align='left'>\n";
echo " <input class='formfld' style='width: 50px;' type='text' name='device_lines[".$x."][display_name]' maxlength='255' value=\"".$row['display_name']."\"/>\n";
echo " <input class='formfld' style='width: 50px;' type='text' name='device_lines[".$x."][display_name]' maxlength='255' value=\"".escape($row['display_name'])."\"/>\n";
echo " </td>\n";
echo " <td align='left'>\n";
echo " <input class='formfld' style='width: 50px;' type='text' name='device_lines[".$x."][user_id]' maxlength='255' autocomplete=\"off\" value=\"".$row['user_id']."\"/>\n";
echo " <input class='formfld' style='width: 50px;' type='text' name='device_lines[".$x."][user_id]' maxlength='255' autocomplete=\"off\" value=\"".escape($row['user_id'])."\"/>\n";
echo " </td>\n";
if (permission_exists('device_line_auth_id')) {
echo " <td align='left'>\n";
echo " <input class='formfld' style='width: 50px;' type='text' name='device_lines[".$x."][auth_id]' maxlength='255' autocomplete=\"off\" value=\"".$row['auth_id']."\"/>\n";
echo " <input class='formfld' style='width: 50px;' type='text' name='device_lines[".$x."][auth_id]' maxlength='255' autocomplete=\"off\" value=\"".escape($row['auth_id'])."\"/>\n";
echo " </td>\n";
}
if (permission_exists('device_line_password')) {
echo " <td align='left'>\n";
echo " <input class='formfld' style='width:75px;' type='password' name='device_lines[".$x."][password]' onmouseover=\"this.type='text';\" onfocus=\"this.type='text';\" onmouseout=\"if (!$(this).is(':focus')) { this.type='password'; }\" onblur=\"this.type='password';\" autocomplete=\"off\" maxlength='255' value=\"".$row['password']."\"/>\n";
echo " <input class='formfld' style='width:75px;' type='password' name='device_lines[".$x."][password]' onmouseover=\"this.type='text';\" onfocus=\"this.type='text';\" onmouseout=\"if (!$(this).is(':focus')) { this.type='password'; }\" onblur=\"this.type='password';\" autocomplete=\"off\" maxlength='255' value=\"".escape($row['password'])."\"/>\n";
echo " </td>\n";
}
echo " <td align='left'>\n";
echo " <input class='formfld' style='width: 50px;' type='text' name='device_lines[".$x."][sip_port]' maxlength='255' value=\"".$row['sip_port']."\"/>\n";
echo " <input class='formfld' style='width: 50px;' type='text' name='device_lines[".$x."][sip_port]' maxlength='255' value=\"".escape($row['sip_port'])."\"/>\n";
echo " </td>\n";
if (permission_exists('device_line_transport')) {
@ -987,25 +987,25 @@
echo " </td>\n";
}
else {
echo " <input type='hidden' name='device_lines[".$x."][sip_transport]' value=\"".$row['sip_transport']."\" />\n";
echo " <input type='hidden' name='device_lines[".$x."][sip_transport]' value=\"".escape($row['sip_transport'])."\" />\n";
}
if (permission_exists('device_line_register_expires')) {
echo " <td align='left'>\n";
echo " <input class='formfld' style='width: 50px;' type='text' name='device_lines[".$x."][register_expires]' maxlength='255' value=\"".$row['register_expires']."\"/>\n";
echo " <input class='formfld' style='width: 50px;' type='text' name='device_lines[".$x."][register_expires]' maxlength='255' value=\"".escape($row['register_expires'])."\"/>\n";
echo " </td>\n";
}
else {
echo " <input type='hidden' name='device_lines[".$x."][register_expires]' value=\"".$row['register_expires']."\"/>\n";
echo " <input type='hidden' name='device_lines[".$x."][register_expires]' value=\"".escape($row['register_expires'])."\"/>\n";
}
if (permission_exists('device_line_shared')) {
echo " <td align='left'>\n";
echo " <input class='formfld' style='width: 50px;' type='text' name='device_lines[".$x."][shared_line]' maxlength='255' value=\"".$row['shared_line']."\"/>\n";
echo " <input class='formfld' style='width: 50px;' type='text' name='device_lines[".$x."][shared_line]' maxlength='255' value=\"".escape($row['shared_line'])."\"/>\n";
echo " </td>\n";
}
else {
echo " <input type='hidden' name='device_lines[".$x."][shared_line]' value=\"".$row['shared_line']."\"/>\n";
echo " <input type='hidden' name='device_lines[".$x."][shared_line]' value=\"".escape($row['shared_line'])."\"/>\n";
}
echo " <td align='left'>\n";
@ -1018,7 +1018,7 @@
echo " <td>\n";
if (strlen($row['device_line_uuid']) > 0) {
if (permission_exists('device_delete')) {
echo " <a href='device_line_delete.php?device_uuid=".$row['device_uuid']."&id=".$row['device_line_uuid']."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>\n";
echo " <a href='device_line_delete.php?device_uuid=".escape($row['device_uuid'])."&id=".escape($row['device_line_uuid'])."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>\n";
}
}
echo " </td>\n";
@ -1121,7 +1121,7 @@
}
//add the primary key uuid
if (strlen($row['device_key_uuid']) > 0) {
echo " <input name='device_keys[".$x."][device_key_uuid]' type='hidden' value=\"".$row['device_key_uuid']."\"/>\n";
echo " <input name='device_keys[".$x."][device_key_uuid]' type='hidden' value=\"".escape($row['device_key_uuid'])."\"/>\n";
}
//show all the rows in the array
echo " <tr>\n";
@ -1249,17 +1249,17 @@
echo "</td>\n";
echo "<td align='left'>\n";
echo " <input class='formfld' type='text' name='device_keys[".$x."][device_key_value]' style='width: 120px;' maxlength='255' value=\"".$row['device_key_value']."\"/>\n";
echo " <input class='formfld' type='text' name='device_keys[".$x."][device_key_value]' style='width: 120px;' maxlength='255' value=\"".escape($row['device_key_value'])."\"/>\n";
echo "</td>\n";
if (permission_exists('device_key_extension')) {
echo "<td align='left'>\n";
echo " <input class='formfld' type='text' name='device_keys[".$x."][device_key_extension]' style='width: 75px;' maxlength='255' value=\"".$row['device_key_extension']."\"/>\n";
echo " <input class='formfld' type='text' name='device_keys[".$x."][device_key_extension]' style='width: 75px;' maxlength='255' value=\"".escape($row['device_key_extension'])."\"/>\n";
echo "</td>\n";
}
echo "<td align='left'>\n";
echo " <input class='formfld' type='text' name='device_keys[".$x."][device_key_label]' style='width: 75px;' maxlength='255' value=\"".$row['device_key_label']."\"/>\n";
echo " <input class='formfld' type='text' name='device_keys[".$x."][device_key_label]' style='width: 75px;' maxlength='255' value=\"".escape($row['device_key_label'])."\"/>\n";
echo "</td>\n";
//echo " <td align='left'>\n";
@ -1268,7 +1268,7 @@
echo " <td nowrap='nowrap'>\n";
if (strlen($row['device_key_uuid']) > 0) {
if (permission_exists('device_key_delete')) {
echo " <a href='device_key_delete.php?device_uuid=".$row['device_uuid']."&id=".$row['device_key_uuid']."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>\n";
echo " <a href='device_key_delete.php?device_uuid=".escape($row['device_uuid'])."&id=".escape($row['device_key_uuid'])."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>\n";
}
}
echo " </td>\n";
@ -1313,17 +1313,17 @@
}
//add the primary key uuid
if (strlen($row['device_setting_uuid']) > 0) {
echo " <input name='device_settings[".$x."][device_setting_uuid]' type='hidden' value=\"".$row['device_setting_uuid']."\"/>\n";
echo " <input name='device_settings[".$x."][device_setting_uuid]' type='hidden' value=\"".escape($row['device_setting_uuid'])."\"/>\n";
}
//show alls rows in the array
echo "<tr>\n";
echo "<td align='left'>\n";
echo " <input class='formfld' type='text' name='device_settings[".$x."][device_setting_subcategory]' style='width: 120px;' maxlength='255' value=\"".$row['device_setting_subcategory']."\"/>\n";
echo " <input class='formfld' type='text' name='device_settings[".$x."][device_setting_subcategory]' style='width: 120px;' maxlength='255' value=\"".escape($row['device_setting_subcategory'])."\"/>\n";
echo "</td>\n";
echo "<td align='left'>\n";
echo " <input class='formfld' type='text' name='device_settings[".$x."][device_setting_value]' style='width: 120px;' maxlength='255' value=\"".$row['device_setting_value']."\"/>\n";
echo " <input class='formfld' type='text' name='device_settings[".$x."][device_setting_value]' style='width: 120px;' maxlength='255' value=\"".escape($row['device_setting_value'])."\"/>\n";
echo "</td>\n";
echo "<td align='left'>\n";
@ -1345,7 +1345,7 @@
echo "</td>\n";
echo "<td align='left'>\n";
echo " <input class='formfld' type='text' name='device_settings[".$x."][device_setting_description]' style='width: 150px;' maxlength='255' value=\"".$row['device_setting_description']."\"/>\n";
echo " <input class='formfld' type='text' name='device_settings[".$x."][device_setting_description]' style='width: 150px;' maxlength='255' value=\"".escape($row['device_setting_description'])."\"/>\n";
echo "</td>\n";
if (strlen($text['description-settings']) > 0) {
@ -1356,10 +1356,10 @@
echo " <td>\n";
if (strlen($row['device_setting_uuid']) > 0) {
if (permission_exists('device_edit')) {
echo " <a href='device_setting_edit.php?device_uuid=".$row['device_uuid']."&id=".$row['device_setting_uuid']."' alt='".$text['button-edit']."'>$v_link_label_edit</a>\n";
echo " <a href='device_setting_edit.php?device_uuid=".escape($row['device_uuid'])."&id=".escape($row['device_setting_uuid'])."' alt='".$text['button-edit']."'>$v_link_label_edit</a>\n";
}
if (permission_exists('device_delete')) {
echo " <a href='device_setting_delete.php?device_uuid=".$row['device_uuid']."&id=".$row['device_setting_uuid']."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>\n";
echo " <a href='device_setting_delete.php?device_uuid=".escape($row['device_uuid'])."&id=".escape($row['device_setting_uuid'])."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>\n";
}
}
echo " </td>\n";
@ -1399,8 +1399,8 @@
echo " ".$text['label-device']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='device_username' id='device_username' autocomplete=\"off\" maxlength='255' placeholder=\"".$text['label-device_username']."\" value=\"$device_username\"/>\n";
echo " <input class='formfld' type='password' name='device_password' id='device_password' autocomplete=\"off\" onmouseover=\"this.type='text';\" onfocus=\"this.type='text';\" onmouseout=\"if (!$(this).is(':focus')) { this.type='password'; }\" onblur=\"this.type='password';\" maxlength='255' placeholder=\"".$text['label-device_password']."\" value=\"$device_password\"/>\n";
echo " <input class='formfld' type='text' name='device_username' id='device_username' autocomplete=\"off\" maxlength='255' placeholder=\"".$text['label-device_username']."\" value=\"".escape($device_username)."\"/>\n";
echo " <input class='formfld' type='password' name='device_password' id='device_password' autocomplete=\"off\" onmouseover=\"this.type='text';\" onfocus=\"this.type='text';\" onmouseout=\"if (!$(this).is(':focus')) { this.type='password'; }\" onblur=\"this.type='password';\" maxlength='255' placeholder=\"".$text['label-device_password']."\" value=\"".escape($device_password)."\"/>\n";
echo " <div style='display: none;' id='duplicate_username_response'></div>\n";
echo "<br />\n";
echo $text['description-device']."\n";
@ -1415,7 +1415,7 @@
echo "</td>\n";
echo "<td class='vtable' align='left' nowrap='nowrap'>\n";
if (strlen($device_uuid_alternate) == 0) {
echo " <input class='formfld' type='text' name='device_uuid_alternate' id='device_uuid_alternate' maxlength='255' value=\"$device_uuid_alternate\"/>";
echo " <input class='formfld' type='text' name='device_uuid_alternate' id='device_uuid_alternate' maxlength='255' value=\"".escape($device_uuid_alternate)."\"/>";
}
else {
$label = $device_alternate[0]['device_label'];
@ -1423,7 +1423,7 @@
if (strlen($label) == 0) { $label = $device_alternate[0]['device_mac_address']; }
echo " <table>\n";
echo " <tr>\n";
echo " <td><a href='?id=$device_uuid_alternate' id='device_uuid_alternate_link'>$label</a><input class='formfld' type='hidden' name='device_uuid_alternate' id='device_uuid_alternate' maxlength='255' value=\"$device_uuid_alternate\" />&nbsp;</td>";
echo " <td><a href='?id=".escape($device_uuid_alternate)."' id='device_uuid_alternate_link'>$label</a><input class='formfld' type='hidden' name='device_uuid_alternate' id='device_uuid_alternate' maxlength='255' value=\"".escape($device_uuid_alternate)."\" />&nbsp;</td>";
echo " <td><a href='#' onclick=\"if (confirm('".$text['confirm-delete']."')) { document.getElementById('device_uuid_alternate').value = ''; document.getElementById('device_uuid_alternate_link').hidden = 'true'; submit_form(); }\" alt='".$text['button-delete']."'>$v_link_label_delete</a></td>\n";
echo " </tr>\n";
echo " </table>\n";
@ -1440,7 +1440,7 @@
echo " ".$text['label-device_vendor']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='device_vendor' maxlength='255' value=\"$device_vendor\"/>\n";
echo " <input class='formfld' type='text' name='device_vendor' maxlength='255' value=\"".escape($device_vendor)."\"/>\n";
echo "<br />\n";
echo $text['description-device_vendor']."\n";
echo "</td>\n";
@ -1453,7 +1453,7 @@
echo " ".$text['label-device_model']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='device_model' maxlength='255' value=\"$device_model\"/>\n";
echo " <input class='formfld' type='text' name='device_model' maxlength='255' value=\"".escape($device_model)."\"/>\n";
echo "<br />\n";
echo $text['description-device_model']."\n";
echo "</td>\n";
@ -1466,7 +1466,7 @@
echo " ".$text['label-device_firmware_version']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='device_firmware_version' maxlength='255' value=\"$device_firmware_version\"/>\n";
echo " <input class='formfld' type='text' name='device_firmware_version' maxlength='255' value=\"".escape($device_firmware_version)."\"/>\n";
echo "<br />\n";
echo $text['description-device_firmware_version']."\n";
echo "</td>\n";
@ -1488,10 +1488,10 @@
}
foreach ($_SESSION['domains'] as $row) {
if ($row['domain_uuid'] == $domain_uuid) {
echo " <option value='".$row['domain_uuid']."' selected='selected'>".$row['domain_name']."</option>\n";
echo " <option value='".escape($row['domain_uuid'])."' selected='selected'>".escape($row['domain_name'])."</option>\n";
}
else {
echo " <option value='".$row['domain_uuid']."'>".$row['domain_name']."</option>\n";
echo " <option value='".escape($row['domain_uuid'])."'>".escape($row['domain_name'])."</option>\n";
}
}
echo " </select>\n";
@ -1536,12 +1536,12 @@
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
if (permission_exists('device_description')) {
echo " <input class='formfld' type='text' name='device_description' maxlength='255' value=\"$device_description\"/>\n";
echo " <input class='formfld' type='text' name='device_description' maxlength='255' value=\"".escape($device_description)."\"/>\n";
echo "<br />\n";
echo $text['description-device_description']."\n";
}
else {
echo $device_description."\n";
echo escape($device_description)."\n";
}
echo "</td>\n";
@ -1549,7 +1549,7 @@
echo " <tr>\n";
echo " <td colspan='2' align='right'>\n";
if ($action == "update") {
echo " <input type='hidden' name='device_uuid' value='$device_uuid'/>\n";
echo " <input type='hidden' name='device_uuid' value='".escape($device_uuid)."'/>\n";
}
echo " <br>";
echo " <input type='button' class='btn' value='".$text['button-save']."' onclick='submit_form();'/>\n";