diff options
author | Mitch Jackson <mitch@freeside.biz> | 2018-10-27 12:05:19 -0400 |
---|---|---|
committer | Mitch Jackson <mitch@freeside.biz> | 2018-10-27 12:09:22 -0400 |
commit | 2d2c4981b8b2757afc4c7e70cbf2da02f0f7b4a5 (patch) | |
tree | 849e57e41650a88f21c81f6855cb51c17f6d167b | |
parent | d4df360c7618d45cc60647bb31520f757117992f (diff) |
RT# 79353 Fix XSS
-rw-r--r-- | httemplate/search/cust_bill_pkg_discount.html | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/httemplate/search/cust_bill_pkg_discount.html b/httemplate/search/cust_bill_pkg_discount.html index eb39dea..04cc828 100644 --- a/httemplate/search/cust_bill_pkg_discount.html +++ b/httemplate/search/cust_bill_pkg_discount.html @@ -39,8 +39,8 @@ Parameters: # Standard discount, not a waived setup fee my $discount = qsearchs('discount',{ discountnum => $_[0]->discountnum - }); - return $discount->description; + }) || return 'Bad discountnum '.$_[0]->pkgdiscountnum; + return encode_entities $discount->description; } else { return 'Waive setup fee'; } @@ -53,7 +53,7 @@ Parameters: my $discount = qsearchs('discount',{ discountnum => $_[0]->discountnum }); - return $discount->classname; + return encode_entities $discount->classname; } else { return 'n/a'; } |