diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2013-04-11 18:10:11 -0700 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2013-04-11 18:10:11 -0700 |
| commit | 602d22bbe08490648362a571672d89e7f944f6bd (patch) | |
| tree | 3495ab99df7c8477c395c5bce7abaea1f6df817c /FS/FS/UI | |
| parent | 194d0e29f4587669032da09c3bf814c3531898a2 (diff) | |
fix XSS
Diffstat (limited to 'FS/FS/UI')
| -rw-r--r-- | FS/FS/UI/Web.pm | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/FS/FS/UI/Web.pm b/FS/FS/UI/Web.pm index 7926808..3fd61ef 100644 --- a/FS/FS/UI/Web.pm +++ b/FS/FS/UI/Web.pm @@ -472,23 +472,26 @@ sub cust_fields_subs { my $unlinked_warn = 0; return map { my $f = $_; - if( $unlinked_warn++ ) { + if ( $unlinked_warn++ ) { + sub { my $record = shift; - if( $record->custnum ) { - $record->$f(@_); - } - else { + if ( $record->custnum ) { + encode_entities( $record->$f(@_) ); + } else { '(unlinked)' }; - } - } - else { + }; + + } else { + sub { my $record = shift; - $record->$f(@_) if $record->custnum; - } + $record->custnum ? encode_entities( $record->$f(@_) ) : ''; + }; + } + } @cust_fields; } |