diff options
| author | khoff <khoff> | 2007-03-15 20:07:44 +0000 |
|---|---|---|
| committer | khoff <khoff> | 2007-03-15 20:07:44 +0000 |
| commit | 9f5c327e1f126704ed5359fd61718945448785ed (patch) | |
| tree | f88405436c82d5789efab4da97419297864fe364 | |
| parent | 1d1259a3804c446e54dbf673781f873e9ce8da24 (diff) | |
Escape the values in virtual field html form inputs.
| -rwxr-xr-x | FS/FS/part_virtual_field.pm | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/FS/FS/part_virtual_field.pm b/FS/FS/part_virtual_field.pm index 992d449..ea973ba 100755 --- a/FS/FS/part_virtual_field.pm +++ b/FS/FS/part_virtual_field.pm @@ -4,6 +4,7 @@ use strict; use vars qw( @ISA ); use FS::Record qw( qsearchs qsearch ); use FS::Schema qw( dbdef ); +use CGI qw(escapeHTML); @ISA = qw( FS::Record ); @@ -244,7 +245,7 @@ sub widget { } } else { $text .= q!<INPUT NAME="! . $self->name . - q!" VALUE="! . $value . q!"!; + q!" VALUE="! . escapeHTML($value) . q!"!; if ($self->length) { $text .= q! SIZE="! . $self->length . q!"!; } |