diff options
| author | khoff <khoff> | 2007-03-15 20:09:07 +0000 |
|---|---|---|
| committer | khoff <khoff> | 2007-03-15 20:09:07 +0000 |
| commit | 7ad1ca177c01bd5993ff3d80ba09833cc078d2b9 (patch) | |
| tree | 7e93af1390c4633515b27f147e64549d5dde0341 | |
| parent | 55b1a4d64dac809a837160308e4d31e7cbcfaebf (diff) | |
Escape the values in virtual field html form inputs.
| -rwxr-xr-x | FS/FS/part_virtual_field.pm | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/FS/FS/part_virtual_field.pm b/FS/FS/part_virtual_field.pm index 992d4496e..ea973bafc 100755 --- a/FS/FS/part_virtual_field.pm +++ b/FS/FS/part_virtual_field.pm @@ -4,6 +4,7 @@ use strict; use vars qw( @ISA ); use FS::Record qw( qsearchs qsearch ); use FS::Schema qw( dbdef ); +use CGI qw(escapeHTML); @ISA = qw( FS::Record ); @@ -244,7 +245,7 @@ sub widget { } } else { $text .= q!<INPUT NAME="! . $self->name . - q!" VALUE="! . $value . q!"!; + q!" VALUE="! . escapeHTML($value) . q!"!; if ($self->length) { $text .= q! SIZE="! . $self->length . q!"!; } |