Merge branch 'xss_fixes' of https://github.com/mcreenan/Freeside

author: Ivan Kohler <ivan@freeside.biz> 2013-04-25 04:12:22 -0700
committer: Ivan Kohler <ivan@freeside.biz> 2013-04-25 04:12:22 -0700
commit: ded0ab5cac02f099b387de360fb6dd6bd8cbb6b4 (patch)
tree: 6e06682a0196f48e60a8862f143c8ab27337fb15
parent: d295c1176370d42a4754c26debfed390e0829f15 (diff)
parent: e6172bfad7dc79bbef491fdbde03add8e460387e (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/fs_selfservice/FS-SelfService/cgi/signup.html b/fs_selfservice/FS-SelfService/cgi/signup.html
index 6427e6fa0..4ac67772c 100755
--- a/fs_selfservice/FS-SelfService/cgi/signup.html
+++ b/fs_selfservice/FS-SelfService/cgi/signup.html
@@ -33,7 +33,7 @@
 <FONT SIZE="+1" COLOR="#ff0000"><%= encode_entities($error) %></FONT>
 
 <FORM NAME="OneTrueForm" ACTION="<%= $self_url %>" METHOD=POST onSubmit="document.OneTrueForm.signup.disabled=true">
-<INPUT TYPE="hidden" NAME="prepaid_shortform" VALUE="<%= $prepaid_shortform %>">
+<INPUT TYPE="hidden" NAME="prepaid_shortform" VALUE="<%= encode_entities($prepaid_shortform) %>">
 <INPUT TYPE="hidden" NAME="session" VALUE="<%= $session_id %>">
 <INPUT TYPE="hidden" NAME="action" VALUE="process_signup">
 <INPUT TYPE="hidden" NAME="agentnum" VALUE="<%= $agentnum %>">
author	Ivan Kohler <ivan@freeside.biz>	2013-04-25 04:12:22 -0700
committer	Ivan Kohler <ivan@freeside.biz>	2013-04-25 04:12:22 -0700
commit	ded0ab5cac02f099b387de360fb6dd6bd8cbb6b4 (patch)
tree	6e06682a0196f48e60a8862f143c8ab27337fb15
parent	d295c1176370d42a4754c26debfed390e0829f15 (diff)
parent	e6172bfad7dc79bbef491fdbde03add8e460387e (diff)