Fixed an XSS in WebFTP (positive sideeffect: less HTML in the PHP - code ;)), the tomreyn

Signed-off-by: Florian Aders (EleRas) <eleras@froxlor.org>

templates/Froxlor/webftp/webftp_main_header.tpl

@@ -8,12 +8,12 @@
 		{if isset($successmessage)}
 			<div class="successcontainer bradius">
 				<div class="successtitle">{t}Success{/t}</div>
-				<div class="success">{$successmessage}</div>
+				<div class="success">{$successmessage|escape:'htmlall'|nl2br}</div>
 			</div>
 		{/if}
 		{if isset($errormessage)}
 			<div class="errorcontainer bradius">
 				<div class="errortitle">{t}Error{/t}</div>
-				<div class="error">{$errormessage}</div>
+				<div class="error">{$errormessage|escape:'htmlall'|nl2br}</div>
 			</div>
 		{/if}

templates/Froxlor/webftp/webftp_main_prompt.tpl

@@ -8,7 +8,7 @@ font-weight: bold;
 </style>
 <table cellpadding="0" cellspacing="0">
 	<tr>
-		<td colspan="10" align="left"><span class="Stil1">{$action_text}</span></td>
+		<td colspan="10" align="left"><span class="Stil1">{$action_text|escape:'htmlall'|nl2br}</span></td>
 	</tr>
 	<tr>
 		<td colspan="10" align="left">
@@ -19,9 +19,9 @@ font-weight: bold;
 		</td>
 	</tr>
 	<tr>
-	<td colspan="10" align="left"><input type="submit" NAME="yes" VALUE="$language[temp_prompt_yes]"><input type="submit" NAME="no" VALUE="$language[temp_prompt_no]">
+	<td colspan="10" align="left"><input type="submit" name="yes" value="{t}Yes{/t}"><input type="submit" name="no" value="{t}No{/t}">
 	</td>
 	</tr>
 	</tr>
 </table>
-</form>
+</form>