From 05fa5152027fd4175b7d6e1e593c7aa7f48d8c1f Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Mon, 24 Jul 2017 20:48:22 +0200
Subject: [PATCH] Add html escaping

---
 Theme/Backend/department-create.tpl.php  | 12 ++++++------
 Theme/Backend/department-list.tpl.php    | 22 +++++++++++-----------
 Theme/Backend/department-profile.tpl.php | 22 +++++++++++-----------
 Theme/Backend/position-create.tpl.php    | 16 ++++++++--------
 Theme/Backend/position-list.tpl.php      | 18 +++++++++---------
 Theme/Backend/position-profile.tpl.php   | 22 +++++++++++-----------
 Theme/Backend/unit-create.tpl.php        | 16 ++++++++--------
 Theme/Backend/unit-list.tpl.php          | 16 ++++++++--------
 Theme/Backend/unit-profile.tpl.php       | 22 +++++++++++-----------
 9 files changed, 83 insertions(+), 83 deletions(-)
diff --git a/Theme/Backend/department-create.tpl.php b/Theme/Backend/department-create.tpl.php
index d83c9e4..3b0986e 100644
--- a/Theme/Backend/department-create.tpl.php
+++ b/Theme/Backend/department-create.tpl.php
@@ -21,20 +21,20 @@ echo $this->getData('nav')->render(); ?>
 <div class="row">
     <div class="col-xs-12 col-md-6">
         <section class="box wf-100">
-            <header><h1><?= $this->getText('Department'); ?></h1></header>
+            <header><h1><?= $this->getHtml('Department') ?></h1></header>
             <div class="inner">
                 <form id="fDepartmentCreate" method="POST" action="<?= \phpOMS\Uri\UriFactory::build('{/base}{/rootPath}{/lang}/api/organization/department'); ?>">
                     <table class="layout wf-100">
-                        <tr><td><label for="iName"><?= $this->getText('Name'); ?></label>
+                        <tr><td><label for="iName"><?= $this->getHtml('Name') ?></label>
                         <tr><td><input type="text" name="name" id="iName" placeholder="&#xf040; R&D" required>
-                        <tr><td><label for="iParent"><?= $this->getText('Parent'); ?></label>
+                        <tr><td><label for="iParent"><?= $this->getHtml('Parent') ?></label>
                         <tr><td><span class="input"><button type="button" formaction=""><i class="fa fa-book"></i></button><input type="text" name="parent" id="iParent"></span>
-                        <tr><td><label for="iUnit"><?= $this->getText('Unit'); ?></label>
+                        <tr><td><label for="iUnit"><?= $this->getHtml('Unit') ?></label>
                         <tr><td><select name="unit" id="iUnit">
                                 </select>
-                        <tr><td><label for="iDescription"><?= $this->getText('Description'); ?></label>
+                        <tr><td><label for="iDescription"><?= $this->getHtml('Description') ?></label>
                         <tr><td><textarea name="description" id="iDescription" placeholder="&#xf040;"></textarea>
-                        <tr><td><input type="submit" value="<?= $this->getText('Create', 0, 0); ?>">
+                        <tr><td><input type="submit" value="<?= $this->getHtml('Create', 0, 0); ?>">
                     </table>
                 </form>
             </div>
diff --git a/Theme/Backend/department-list.tpl.php b/Theme/Backend/department-list.tpl.php
index bc6e292..a438cca 100644
--- a/Theme/Backend/department-list.tpl.php
+++ b/Theme/Backend/department-list.tpl.php
@@ -29,27 +29,27 @@ echo $this->getData('nav')->render(); ?>
     <div class="col-xs-12">
         <div class="box wf-100">
             <table class="table red">
-                <caption><?= $this->getText('Departments'); ?></caption>
+                <caption><?= $this->getHtml('Departments') ?></caption>
                 <thead>
                 <tr>
-                    <td><?= $this->getText('ID', 0, 0); ?>
-                    <td class="wf-100"><?= $this->getText('Name'); ?>
-                    <td><?= $this->getText('Parent'); ?>
-                    <td><?= $this->getText('Unit'); ?>
+                    <td><?= $this->getHtml('ID', 0, 0); ?>
+                    <td class="wf-100"><?= $this->getHtml('Name') ?>
+                    <td><?= $this->getHtml('Parent') ?>
+                    <td><?= $this->getHtml('Unit') ?>
                         <tfoot>
-                <tr><td colspan="4"><?= $footerView->render(); ?>
+                <tr><td colspan="4"><?= htmlspecialchars($footerView->render(), ENT_COMPAT, 'utf-8'); ?>
                         <tbody>
                         <?php $c = 0; foreach ($this->getData('list:elements') as $key => $value) : $c++;
                         $url = \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/backend/organization/department/profile?{?}&id=' . $value->getId()); ?>
                 <tr data-href="<?= $url; ?>">
-                    <td><a href="<?= $url; ?>"><?= $value->getId(); ?></a>
-                    <td><a href="<?= $url; ?>"><?= $value->getName(); ?></a>
-                    <td><a href="<?= $url; ?>"><?= $value->getParent(); ?></a>
-                    <td><a href="<?= $url; ?>"><?= $value->getUnit(); ?></a>
+                    <td><a href="<?= $url; ?>"><?= htmlspecialchars($value->getId(), ENT_COMPAT, 'utf-8'); ?></a>
+                    <td><a href="<?= $url; ?>"><?= htmlspecialchars($value->getName(), ENT_COMPAT, 'utf-8'); ?></a>
+                    <td><a href="<?= $url; ?>"><?= htmlspecialchars($value->getParent(), ENT_COMPAT, 'utf-8'); ?></a>
+                    <td><a href="<?= $url; ?>"><?= htmlspecialchars($value->getUnit(), ENT_COMPAT, 'utf-8'); ?></a>
                         <?php endforeach; ?>
                 <?php if($c === 0) : ?>
                 <tr>
-                    <td colspan="4" class="empty"><?= $this->getText('Empty', 0, 0); ?>
+                    <td colspan="4" class="empty"><?= $this->getHtml('Empty', 0, 0); ?>
                 <?php endif; ?>
             </table>
         </div>
diff --git a/Theme/Backend/department-profile.tpl.php b/Theme/Backend/department-profile.tpl.php
index 708d258..5ad9005 100644
--- a/Theme/Backend/department-profile.tpl.php
+++ b/Theme/Backend/department-profile.tpl.php
@@ -23,22 +23,22 @@ echo $this->getData('nav')->render(); ?>
 <div class="row">
     <div class="col-xs-12 col-md-6">
         <section class="box wf-100">
-            <header><h1><?= $this->getText('Department'); ?></h1></header>
+            <header><h1><?= $this->getHtml('Department') ?></h1></header>
             <div class="inner">
                 <form>
                     <table class="layout wf-100">
-                        <tr><td><label for="iName"><?= $this->getText('Name'); ?></label>
-                        <tr><td><input type="text" name="name" id="iName" value="<?= $department->getName(); ?>">
-                        <tr><td><label for="iParent"><?= $this->getText('Parent'); ?></label>
-                        <tr><td><input type="text" name="parent" id="iParent" value="<?= $department->getParent(); ?>">
-                        <tr><td><label for="iStatus"><?= $this->getText('Status'); ?></label>
+                        <tr><td><label for="iName"><?= $this->getHtml('Name') ?></label>
+                        <tr><td><input type="text" name="name" id="iName" value="<?= htmlspecialchars($department->getName(), ENT_COMPAT, 'utf-8'); ?>">
+                        <tr><td><label for="iParent"><?= $this->getHtml('Parent') ?></label>
+                        <tr><td><input type="text" name="parent" id="iParent" value="<?= htmlspecialchars($department->getParent(), ENT_COMPAT, 'utf-8'); ?>">
+                        <tr><td><label for="iStatus"><?= $this->getHtml('Status') ?></label>
                         <tr><td><select name="status" id="iStatus">
-                                    <option><?= $this->getText('Active'); ?>
-                                    <option><?= $this->getText('Inactive'); ?>
+                                    <option><?= $this->getHtml('Active') ?>
+                                    <option><?= $this->getHtml('Inactive') ?>
                                 </select>
-                        <tr><td><label for="iDescription"><?= $this->getText('Description'); ?></label>
-                        <tr><td><textarea name="description" id="iDescription"><?= $department->getDescription(); ?></textarea>
-                        <tr><td><input type="submit" value="<?= $this->getText('Save', 0) ?>">
+                        <tr><td><label for="iDescription"><?= $this->getHtml('Description') ?></label>
+                        <tr><td><textarea name="description" id="iDescription"><?= htmlspecialchars($department->getDescription(), ENT_COMPAT, 'utf-8'); ?></textarea>
+                        <tr><td><input type="submit" value="<?= $this->getHtml('Save', 0); ?>">
                     </table>
                 </form>
             </div>
diff --git a/Theme/Backend/position-create.tpl.php b/Theme/Backend/position-create.tpl.php
index 36a3428..48778c2 100644
--- a/Theme/Backend/position-create.tpl.php
+++ b/Theme/Backend/position-create.tpl.php
@@ -21,22 +21,22 @@ echo $this->getData('nav')->render(); ?>
 <div class="row">
     <div class="col-xs-12 col-md-6">
         <section class="box wf-100">
-            <header><h1><?= $this->getText('Position'); ?></h1></header>
+            <header><h1><?= $this->getHtml('Position') ?></h1></header>
             <div class="inner">
                 <form id="fPositionCreate" method="POST" action="<?= \phpOMS\Uri\UriFactory::build('{/base}{/rootPath}{/lang}/api/organization/position'); ?>">
                     <table class="layout wf-100">
-                        <tr><td><label for="iName"><?= $this->getText('Name'); ?></label>
+                        <tr><td><label for="iName"><?= $this->getHtml('Name') ?></label>
                         <tr><td><input type="text" name="name" id="iName" placeholder="&#xf040; Orange Management" required>
-                        <tr><td><label for="iParent"><?= $this->getText('Parent'); ?></label>
+                        <tr><td><label for="iParent"><?= $this->getHtml('Parent') ?></label>
                         <tr><td><span class="input"><button type="button" formaction=""><i class="fa fa-book"></i></button><input type="text" name="parent" id="iParent"></span>
-                        <tr><td><label for="iStatus"><?= $this->getText('Status'); ?></label>
+                        <tr><td><label for="iStatus"><?= $this->getHtml('Status') ?></label>
                         <tr><td><select name="status" id="iStatus">
-                                    <option value="<?= \Modules\Organization\Models\Status::ACTIVE; ?>"><?= $this->getText('Active'); ?>
-                                    <option value="<?= \Modules\Organization\Models\Status::INACTIVE; ?>"><?= $this->getText('Inactive'); ?>
+                                    <option value="<?= htmlspecialchars(\Modules\Organization\Models\Status::ACTIVE, ENT_COMPAT, 'utf-8'); ?>"><?= $this->getHtml('Active') ?>
+                                    <option value="<?= htmlspecialchars(\Modules\Organization\Models\Status::INACTIVE, ENT_COMPAT, 'utf-8'); ?>"><?= $this->getHtml('Inactive') ?>
                                     </select>
-                        <tr><td><label for="iDescription"><?= $this->getText('Description'); ?></label>
+                        <tr><td><label for="iDescription"><?= $this->getHtml('Description') ?></label>
                         <tr><td><textarea name="description" id="iDescription" placeholder="&#xf040;"></textarea>
-                        <tr><td><input type="submit" value="<?= $this->getText('Create', 0, 0); ?>">
+                        <tr><td><input type="submit" value="<?= $this->getHtml('Create', 0, 0); ?>">
                     </table>
                 </form>
             </div>
diff --git a/Theme/Backend/position-list.tpl.php b/Theme/Backend/position-list.tpl.php
index bce73de..bfc5f5d 100644
--- a/Theme/Backend/position-list.tpl.php
+++ b/Theme/Backend/position-list.tpl.php
@@ -31,24 +31,24 @@ echo $this->getData('nav')->render(); ?>
     <div class="col-xs-12">
         <div class="box wf-100">
             <table class="table red">
-                <caption><?= $this->getText('Positions'); ?></caption>
+                <caption><?= $this->getHtml('Positions') ?></caption>
                 <thead>
                 <tr>
-                    <td><?= $this->getText('ID', 0, 0); ?>
-                    <td class="wf-100"><?= $this->getText('Name'); ?>
-                    <td><?= $this->getText('Parent'); ?>
+                    <td><?= $this->getHtml('ID', 0, 0); ?>
+                    <td class="wf-100"><?= $this->getHtml('Name') ?>
+                    <td><?= $this->getHtml('Parent') ?>
                         <tfoot>
-                <tr><td colspan="3"><?= $footerView->render(); ?>
+                <tr><td colspan="3"><?= htmlspecialchars($footerView->render(), ENT_COMPAT, 'utf-8'); ?>
                         <tbody>
                         <?php $count = 0; foreach($listElements as $key => $value) : $count++;
                         $url = \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/backend/organization/position/profile?{?}&id=' . $value->getId()); ?>
                 <tr data-href="<?= $url; ?>">
-                    <td><a href="<?= $url; ?>"><?= $value->getId(); ?></a>
-                    <td><a href="<?= $url; ?>"><?= $value->getName(); ?></a>
-                    <td><a href="<?= $url; ?>"><?= $value->getParent(); ?></a>
+                    <td><a href="<?= $url; ?>"><?= htmlspecialchars($value->getId(), ENT_COMPAT, 'utf-8'); ?></a>
+                    <td><a href="<?= $url; ?>"><?= htmlspecialchars($value->getName(), ENT_COMPAT, 'utf-8'); ?></a>
+                    <td><a href="<?= $url; ?>"><?= htmlspecialchars($value->getParent(), ENT_COMPAT, 'utf-8'); ?></a>
                         <?php endforeach; ?>
                         <?php if($count === 0) : ?>
-                    <tr><td colspan="5" class="empty"><?= $this->getText('Empty', 0, 0); ?>
+                    <tr><td colspan="5" class="empty"><?= $this->getHtml('Empty', 0, 0); ?>
                         <?php endif; ?>
             </table>
         </div>
diff --git a/Theme/Backend/position-profile.tpl.php b/Theme/Backend/position-profile.tpl.php
index 24ef56c..9b24e1e 100644
--- a/Theme/Backend/position-profile.tpl.php
+++ b/Theme/Backend/position-profile.tpl.php
@@ -23,22 +23,22 @@ echo $this->getData('nav')->render(); ?>
 <div class="row">
     <div class="col-xs-12 col-md-6">
         <section class="box wf-100">
-            <header><h1><?= $this->getText('Position'); ?></h1></header>
+            <header><h1><?= $this->getHtml('Position') ?></h1></header>
             <div class="inner">
                 <form>
                     <table class="layout wf-100">
-                        <tr><td><label for="iName"><?= $this->getText('Name'); ?></label>
-                        <tr><td><input type="text" name="name" id="iName" value="<?= $position->getName(); ?>">
-                        <tr><td><label for="iParent"><?= $this->getText('Parent'); ?></label>
-                        <tr><td><input type="text" name="parent" id="iParent" value="<?= $position->getParent(); ?>">
-                        <tr><td><label for="iStatus"><?= $this->getText('Status'); ?></label>
+                        <tr><td><label for="iName"><?= $this->getHtml('Name') ?></label>
+                        <tr><td><input type="text" name="name" id="iName" value="<?= htmlspecialchars($position->getName(), ENT_COMPAT, 'utf-8'); ?>">
+                        <tr><td><label for="iParent"><?= $this->getHtml('Parent') ?></label>
+                        <tr><td><input type="text" name="parent" id="iParent" value="<?= htmlspecialchars($position->getParent(), ENT_COMPAT, 'utf-8'); ?>">
+                        <tr><td><label for="iStatus"><?= $this->getHtml('Status') ?></label>
                         <tr><td><select name="status" id="iStatus">
-                                    <option><?= $this->getText('Active'); ?>
-                                    <option><?= $this->getText('Inactive'); ?>
+                                    <option><?= $this->getHtml('Active') ?>
+                                    <option><?= $this->getHtml('Inactive') ?>
                                 </select>
-                        <tr><td><label for="iDescription"><?= $this->getText('Description'); ?></label>
-                        <tr><td><textarea name="description" id="iDescription"><?= $position->getDescription(); ?></textarea>
-                        <tr><td><input type="submit" value="<?= $this->getText('Save', 0) ?>">
+                        <tr><td><label for="iDescription"><?= $this->getHtml('Description') ?></label>
+                        <tr><td><textarea name="description" id="iDescription"><?= htmlspecialchars($position->getDescription(), ENT_COMPAT, 'utf-8'); ?></textarea>
+                        <tr><td><input type="submit" value="<?= $this->getHtml('Save', 0); ?>">
                     </table>
                 </form>
             </div>
diff --git a/Theme/Backend/unit-create.tpl.php b/Theme/Backend/unit-create.tpl.php
index 356ab37..1d85ebd 100644
--- a/Theme/Backend/unit-create.tpl.php
+++ b/Theme/Backend/unit-create.tpl.php
@@ -21,22 +21,22 @@ echo $this->getData('nav')->render(); ?>
 <div class="row">
     <div class="col-xs-12 col-md-6">
         <section class="box wf-100">
-            <header><h1><?= $this->getText('Unit'); ?></h1></header>
+            <header><h1><?= $this->getHtml('Unit') ?></h1></header>
             <div class="inner">
                 <form id="fUnitCreate" method="POST" action="<?= \phpOMS\Uri\UriFactory::build('{/base}{/rootPath}{/lang}/api/organization/unit'); ?>">
                     <table class="layout wf-100">
-                        <tr><td><label for="iName"><?= $this->getText('Name'); ?></label>
+                        <tr><td><label for="iName"><?= $this->getHtml('Name') ?></label>
                         <tr><td><input type="text" name="name" id="iName" placeholder="&#xf040; Orange Management" required>
-                        <tr><td><label for="iParent"><?= $this->getText('Parent'); ?></label>
+                        <tr><td><label for="iParent"><?= $this->getHtml('Parent') ?></label>
                         <tr><td><span class="input"><button type="button" formaction=""><i class="fa fa-book"></i></button><input type="text" name="parent" id="iParent"></span>
-                        <tr><td><label for="iStatus"><?= $this->getText('Status'); ?></label>
+                        <tr><td><label for="iStatus"><?= $this->getHtml('Status') ?></label>
                         <tr><td><select name="status" id="iStatus">
-                                    <option value="<?= \Modules\Organization\Models\Status::ACTIVE; ?>"><?= $this->getText('Active'); ?>
-                                    <option value="<?= \Modules\Organization\Models\Status::INACTIVE; ?>"><?= $this->getText('Inactive'); ?>
+                                    <option value="<?= htmlspecialchars(\Modules\Organization\Models\Status::ACTIVE, ENT_COMPAT, 'utf-8'); ?>"><?= $this->getHtml('Active') ?>
+                                    <option value="<?= htmlspecialchars(\Modules\Organization\Models\Status::INACTIVE, ENT_COMPAT, 'utf-8'); ?>"><?= $this->getHtml('Inactive') ?>
                                     </select>
-                        <tr><td><label for="iDescription"><?= $this->getText('Description'); ?></label>
+                        <tr><td><label for="iDescription"><?= $this->getHtml('Description') ?></label>
                         <tr><td><textarea name="description" id="iDescription" placeholder="&#xf040;"></textarea>
-                        <tr><td><input type="submit" value="<?= $this->getText('Create', 0, 0); ?>">
+                        <tr><td><input type="submit" value="<?= $this->getHtml('Create', 0, 0); ?>">
                     </table>
                 </form>
             </div>
diff --git a/Theme/Backend/unit-list.tpl.php b/Theme/Backend/unit-list.tpl.php
index bbf4d4a..49f03ff 100644
--- a/Theme/Backend/unit-list.tpl.php
+++ b/Theme/Backend/unit-list.tpl.php
@@ -29,21 +29,21 @@ echo $this->getData('nav')->render(); ?>
     <div class="col-xs-12">
         <div class="box wf-100">
             <table class="table red">
-                <caption><?= $this->getText('Units'); ?></caption>
+                <caption><?= $this->getHtml('Units') ?></caption>
                 <thead>
                 <tr>
-                    <td><?= $this->getText('ID', 0, 0); ?>
-                    <td class="wf-100"><?= $this->getText('Name'); ?>
-                    <td><?= $this->getText('Parent'); ?>
+                    <td><?= $this->getHtml('ID', 0, 0); ?>
+                    <td class="wf-100"><?= $this->getHtml('Name') ?>
+                    <td><?= $this->getHtml('Parent') ?>
                         <tfoot>
-                <tr><td colspan="3"><?= $footerView->render(); ?>
+                <tr><td colspan="3"><?= htmlspecialchars($footerView->render(), ENT_COMPAT, 'utf-8'); ?>
                         <tbody>
                         <?php foreach ($this->getData('list:elements') as $key => $value) :
                         $url = \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/backend/organization/unit/profile?{?}&id=' . $value->getId()); ?>
                 <tr data-href="<?= $url; ?>">
-                    <td data-label="<?= $this->getText('ID', 0, 0); ?>"><a href="<?= $url; ?>"><?= $value->getId(); ?></a>
-                    <td data-label="<?= $this->getText('Name'); ?>"><a href="<?= $url; ?>"><?= $value->getName(); ?></a>
-                    <td data-label="<?= $this->getText('Parent'); ?>"><a href="<?= $url; ?>"><?= $value->getParent(); ?></a>
+                    <td data-label="<?= $this->getHtml('ID', 0, 0); ?>"><a href="<?= $url; ?>"><?= htmlspecialchars($value->getId() ?></a>
+                    <td data-label="<?= $this->getHtml('Name') ?>"><a href="<?= $url; ?>"><?= htmlspecialchars($value->getName(), ENT_COMPAT, 'utf-8'); ?></a>
+                    <td data-label="<?= $this->getHtml('Parent') ?>"><a href="<?= $url; ?>"><?= htmlspecialchars($value->getParent(), ENT_COMPAT, 'utf-8'); ?></a>
                         <?php endforeach; ?>
             </table>
         </div>
diff --git a/Theme/Backend/unit-profile.tpl.php b/Theme/Backend/unit-profile.tpl.php
index f2d2011..05b5a4b 100644
--- a/Theme/Backend/unit-profile.tpl.php
+++ b/Theme/Backend/unit-profile.tpl.php
@@ -23,22 +23,22 @@ echo $this->getData('nav')->render(); ?>
 <div class="row">
     <div class="col-xs-12 col-md-6">
         <section class="box wf-100">
-            <header><h1><?= $this->getText('Unit'); ?></h1></header>
+            <header><h1><?= $this->getHtml('Unit') ?></h1></header>
             <div class="inner">
                 <form>
                     <table class="layout wf-100">
-                        <tr><td><label for="iName"><?= $this->getText('Name'); ?></label>
-                        <tr><td><input type="text" name="name" id="iName" value="<?= $unit->getName(); ?>">
-                        <tr><td><label for="iParent"><?= $this->getText('Parent'); ?></label>
-                        <tr><td><span class="input"><button type="button" formaction=""><i class="fa fa-book"></i></button><input type="text" name="parent" id="iParent" value="<?= $unit->getParent(); ?>" required></span>
-                        <tr><td><label for="iStatus"><?= $this->getText('Status'); ?></label>
+                        <tr><td><label for="iName"><?= $this->getHtml('Name') ?></label>
+                        <tr><td><input type="text" name="name" id="iName" value="<?= htmlspecialchars($unit->getName(), ENT_COMPAT, 'utf-8'); ?>">
+                        <tr><td><label for="iParent"><?= $this->getHtml('Parent') ?></label>
+                        <tr><td><span class="input"><button type="button" formaction=""><i class="fa fa-book"></i></button><input type="text" name="parent" id="iParent" value="<?= htmlspecialchars($unit->getParent(), ENT_COMPAT, 'utf-8'); ?>" required></span>
+                        <tr><td><label for="iStatus"><?= $this->getHtml('Status') ?></label>
                         <tr><td><select name="status" id="iStatus">
-                                    <option><?= $this->getText('Active'); ?>
-                                    <option><?= $this->getText('Inactive'); ?>
+                                    <option><?= $this->getHtml('Active') ?>
+                                    <option><?= $this->getHtml('Inactive') ?>
                                 </select>
-                        <tr><td><label for="iDescription"><?= $this->getText('Description'); ?></label>
-                        <tr><td><textarea name="description" id="iDescription"><?= $unit->getDescription(); ?></textarea>
-                        <tr><td><input type="submit" value="<?= $this->getText('Save', 0) ?>">
+                        <tr><td><label for="iDescription"><?= $this->getHtml('Description') ?></label>
+                        <tr><td><textarea name="description" id="iDescription"><?= htmlspecialchars($unit->getDescription(), ENT_COMPAT, 'utf-8'); ?></textarea>
+                        <tr><td><input type="submit" value="<?= $this->getHtml('Save', 0); ?>">
                     </table>
                 </form>
             </div>

getText('ID', 0, 0); ?> -	getText('Name'); ?> -	getText('Parent'); ?> -	getText('Unit'); ?> +	getHtml('ID', 0, 0); ?> +	getHtml('Name') ?> +	getHtml('Parent') ?> +	getHtml('Unit') ?>
render(); ?> +
render(), ENT_COMPAT, 'utf-8'); ?>
getId(); ?> -	getName(); ?> -	getParent(); ?> -	getUnit(); ?> +	getId(), ENT_COMPAT, 'utf-8'); ?> +	getName(), ENT_COMPAT, 'utf-8'); ?> +	getParent(), ENT_COMPAT, 'utf-8'); ?> +	getUnit(), ENT_COMPAT, 'utf-8'); ?>
getText('Empty', 0, 0); ?> +				getHtml('Empty', 0, 0); ?>
getText('ID', 0, 0); ?> -	getText('Name'); ?> -	getText('Parent'); ?> +	getHtml('ID', 0, 0); ?> +	getHtml('Name') ?> +	getHtml('Parent') ?>
render(); ?> +
render(), ENT_COMPAT, 'utf-8'); ?>
getId(); ?> -	getName(); ?> -	getParent(); ?> +	getId(), ENT_COMPAT, 'utf-8'); ?> +	getName(), ENT_COMPAT, 'utf-8'); ?> +	getParent(), ENT_COMPAT, 'utf-8'); ?> -
getText('Empty', 0, 0); ?> +
getHtml('Empty', 0, 0); ?>