diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2013-06-01 02:26:20 -0700 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2013-06-01 02:26:20 -0700 |
| commit | 39f23d982625e321123a60157b2e887519dc34ac (patch) | |
| tree | cd631218685a8c1d139ba01b8191181c16498471 | |
| parent | e08d7155f59c6a8123ce0b2a478ec12dec911540 (diff) | |
fix XSS
| -rwxr-xr-x | httemplate/edit/cust_pkg.cgi | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/httemplate/edit/cust_pkg.cgi b/httemplate/edit/cust_pkg.cgi index 88e925460..d86049940 100755 --- a/httemplate/edit/cust_pkg.cgi +++ b/httemplate/edit/cust_pkg.cgi @@ -27,13 +27,13 @@ <TR> <TD><INPUT TYPE="checkbox" NAME="remove_pkg" VALUE="<% $pkgnum %>"<% $checked %>></TD> <TD ALIGN="right"><% $pkgnum %>:</TD> - <TD><% $all_pkg{$pkgpart} %> - <% $all_comment{$pkgpart} %></TD> + <TD><% $all_pkg{$pkgpart} |h %> - <% $all_comment{$pkgpart} |h %></TD> </TR> % foreach my $supp_pkg ( @{ $supp_pkgs_of{$pkgnum} } ) { <TR> <TD></TD> <TD></TD> - <TD>+ <% $all_pkg{$supp_pkg->pkgpart} %> - <% $all_comment{$supp_pkg->pkgpart} %></TD> + <TD>+ <% $all_pkg{$supp_pkg->pkgpart} |h %> - <% $all_comment{$supp_pkg->pkgpart} |h %></TD> </TR> % } % } @@ -79,7 +79,7 @@ Order new packages <INPUT TYPE="text" NAME="<% "pkg$pkgpart" %>" VALUE="<% $value %>" SIZE="2" MAXLENGTH="2"> </TD> <TD ALIGN="right"><% $pkgpart %>:</TD> - <TD><% $pkg{$pkgpart} %> - <% $comment{$pkgpart}%></TD> + <TD><% $pkg{$pkgpart} |h %> - <% $comment{$pkgpart} |h %></TD> </TR> % % $count ++ ; |