diff options
| author | Christopher Burger <burgerc@freeside.biz> | 2017-06-30 13:24:29 -0400 |
|---|---|---|
| committer | Christopher Burger <burgerc@freeside.biz> | 2017-06-30 17:54:12 -0400 |
| commit | c649441b5fdab63a35cdfe3907b486630af658bb (patch) | |
| tree | a86ec1e1538f5244eef7c4a36413c9e1fad707fa | |
| parent | 76efbc5d717233b0cd55130c9938d43b2398dc5c (diff) | |
RT# 74666 - fixed vulnerability by escaping quotation_description var
Conflicts:
httemplate/view/quotation.html
| -rwxr-xr-x | httemplate/view/quotation.html | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/httemplate/view/quotation.html b/httemplate/view/quotation.html index 4769934d9..0e3e8b3c6 100755 --- a/httemplate/view/quotation.html +++ b/httemplate/view/quotation.html @@ -11,7 +11,7 @@ function areyousure(href, message) { % if ( $quotation->custnum ) { <h2>Quotation #<% $quotationnum %> % if ($quotation->quotation_description) { - (<% $quotation->quotation_description %>) + (<% $quotation->quotation_description |h %>) % } </h2> % } |