diff options
| author | Christopher Burger <burgerc@freeside.biz> | 2017-06-30 13:24:29 -0400 |
|---|---|---|
| committer | Christopher Burger <burgerc@freeside.biz> | 2017-06-30 13:24:29 -0400 |
| commit | 9760cdc40e900328990e3c91a7ea99eb43d70c21 (patch) | |
| tree | 38c0038bb1339efea8e4987a3211930ca3b41675 | |
| parent | 9d6c810bf70d12221ff3b7916b717a6f0c924a1c (diff) | |
RT# 74666 - fixed vulnerability by escaping quotation_description var
| -rwxr-xr-x | httemplate/view/quotation.html | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/httemplate/view/quotation.html b/httemplate/view/quotation.html index aba1f0ab3..d4d79d72c 100755 --- a/httemplate/view/quotation.html +++ b/httemplate/view/quotation.html @@ -2,7 +2,7 @@ <& /elements/header-cust_main.html, view=>'quotations', custnum=>$quotation->custnum &> <h2>Quotation #<% $quotationnum %> % if ($quotation->quotation_description) { -(<% $quotation->quotation_description %>) +(<% $quotation->quotation_description |h %>) % } </h2> % } else { #eventually, header-prospect_main.html |