diff options
| author | Christopher Burger <burgerc@freeside.biz> | 2019-02-26 11:06:33 -0500 | 
|---|---|---|
| committer | Christopher Burger <burgerc@freeside.biz> | 2019-02-26 17:27:31 -0500 | 
| commit | 83cad295d38b0c764b59b62bc4840dcf666b7de9 (patch) | |
| tree | e7c1e608bd821cc912eb9e5285f159beda828d86 | |
| parent | 19d49567b9f1e07459253f28a41da121bd48811c (diff) | |
RT# 82092 - updated escaping html to use encode-entities
Conflicts:
	FS/FS/part_virtual_field.pm
| -rwxr-xr-x | FS/FS/part_virtual_field.pm | 10 | ||||
| -rw-r--r-- | httemplate/browse/router.cgi | 6 | ||||
| -rw-r--r-- | httemplate/edit/elements/part_svc_column.html | 2 | 
3 files changed, 8 insertions, 10 deletions
| diff --git a/FS/FS/part_virtual_field.pm b/FS/FS/part_virtual_field.pm index 1df4984e1..e54dc9389 100755 --- a/FS/FS/part_virtual_field.pm +++ b/FS/FS/part_virtual_field.pm @@ -4,7 +4,7 @@ use strict;  use vars qw( @ISA );  use FS::Record;  use FS::Schema qw( dbdef ); -use CGI qw(escapeHTML); +use HTML::Entities;  @ISA = qw( FS::Record ); @@ -92,14 +92,14 @@ sub widget {    if ($ui_type eq 'HTML') {      if ($mode eq 'view') { -      $text = q!<TR><!.$header_col_type.q! ALIGN="right">! . $label . -              q!</!.$header_col_type.q!><TD BGCOLOR="#ffffff">! . $value . +      $text = q!<TR><!.$header_col_type.q! ALIGN="right">! . encode_entities($label) . +              q!</!.$header_col_type.q!><TD BGCOLOR="#ffffff">! . encode_entities($value) .                q!</TD></TR>! . "\n";      } elsif ($mode eq 'edit') { -      $text = q!<TR><!.$header_col_type.q! ALIGN="right">! . $label . +      $text = q!<TR><!.$header_col_type.q! ALIGN="right">! . encode_entities($label) .                q!</!.$header_col_type.q!><TD>!;          $text .= q!<INPUT TYPE=text NAME="! . $self->name . -                q!" VALUE="! . escapeHTML($value) . q!"!; +                q!" VALUE="! . encode_entities($value) . q!"!;          if ($self->length) {            $text .= q! SIZE="! . $self->length . q!"!;          } diff --git a/httemplate/browse/router.cgi b/httemplate/browse/router.cgi index c7713f313..354111875 100644 --- a/httemplate/browse/router.cgi +++ b/httemplate/browse/router.cgi @@ -17,8 +17,6 @@  %>  <%init> -use CGI qw(escapeHTML); -  die "access denied"    unless $FS::CurrentUser::CurrentUser->access_right('Broadband configuration')    || $FS::CurrentUser::CurrentUser->access_right('Broadband global configuration'); @@ -50,8 +48,8 @@ my @links = ( [ "${p2}edit/router.cgi?", 'routernum' ],              );  foreach (FS::router->virtual_fields_hash) { -  push @header_fields, escapeHTML($_->{'label'}); -  push @fields, escapeHTML($_->{'name'}); +  push @header_fields, encode_entities($_->{'label'}); +  push @fields, encode_entities($_->{'name'});    push @links, '';  } diff --git a/httemplate/edit/elements/part_svc_column.html b/httemplate/edit/elements/part_svc_column.html index 80d325e59..1e1ff79ee 100644 --- a/httemplate/edit/elements/part_svc_column.html +++ b/httemplate/edit/elements/part_svc_column.html @@ -98,7 +98,7 @@ that field.      <TD ROWSPAN=2 CLASS="grid">        <INPUT NAME="<% $svcdb %>__<% $field %>_label"               STYLE="text-align: right" -             VALUE="<% $part_svc_column->columnlabel || escapeHTML($def->{'label'}) |h %>"> +             VALUE="<% $part_svc_column->columnlabel || $def->{'label'} |h %>">      </TD>      <TD ROWSPAN=1 CLASS="grid"> | 
