fix XSS

author: Ivan Kohler <ivan@freeside.biz> 2012-11-11 22:20:19 -0800
committer: Ivan Kohler <ivan@freeside.biz> 2012-11-11 22:20:19 -0800
commit: b2101823682f3738f5b367d2c1f2a7c6d47cdad1 (patch)
tree: 861ad1cfbf0db4279ccef14a3a6967376e4751a7 /FS/FS/UI/Web.pm
parent: f06a0610477b0ba8e1931722c3105b880fbc35c3 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/FS/FS/UI/Web.pm b/FS/FS/UI/Web.pm
index 1cc539a..c2ea0a6 100644
--- a/FS/FS/UI/Web.pm
+++ b/FS/FS/UI/Web.pm
@@ -3,7 +3,8 @@ package FS::UI::Web;
 use strict;
 use vars qw($DEBUG @ISA @EXPORT_OK $me);
 use Exporter;
-use Carp qw( confess );;
+use Carp qw( confess );
+use HTML::Entities;
 use FS::Conf;
 use FS::Misc::DateTime qw( parse_datetime );
 use FS::Record qw(dbdef);
@@ -383,7 +384,7 @@ sub cust_fields {
   map { 
     if ( $record->custnum ) {
       warn "  $record -> $_" if $DEBUG > 1;
-      $record->$_(@_);
+      encode_entities( $record->$_(@_) );
     } else {
       warn "  ($record unlinked)" if $DEBUG > 1;
       $seen_unlinked++ ? '' : '(unlinked)';
author	Ivan Kohler <ivan@freeside.biz>	2012-11-11 22:20:19 -0800
committer	Ivan Kohler <ivan@freeside.biz>	2012-11-11 22:20:19 -0800
commit	b2101823682f3738f5b367d2c1f2a7c6d47cdad1 (patch)
tree	861ad1cfbf0db4279ccef14a3a6967376e4751a7 /FS/FS/UI/Web.pm
parent	f06a0610477b0ba8e1931722c3105b880fbc35c3 (diff)