diff options
author | Ivan Kohler <ivan@freeside.biz> | 2012-11-11 21:56:48 -0800 |
---|---|---|
committer | Ivan Kohler <ivan@freeside.biz> | 2012-11-11 21:56:48 -0800 |
commit | c9015995b5ae64e0eaaa89ff75eb43c88186642c (patch) | |
tree | a0f0a74601992db0ee3bc9965d49a9e9e267dabf /FS/FS/UI | |
parent | fead47c024e1a6c4bc49b5387a4c690dc1a4bf3d (diff) |
fix XSS
Diffstat (limited to 'FS/FS/UI')
-rw-r--r-- | FS/FS/UI/Web/small_custview.pm | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/FS/FS/UI/Web/small_custview.pm b/FS/FS/UI/Web/small_custview.pm index 2c42a6b..43d7613 100644 --- a/FS/FS/UI/Web/small_custview.pm +++ b/FS/FS/UI/Web/small_custview.pm @@ -58,12 +58,13 @@ sub small_custview { $html .= ntable('#e8e8e8'). '<TR><TD VALIGN="top">'. ntable("#cccccc",2). '<TR><TD ALIGN="right" VALIGN="top">Billing<BR>Address</TD><TD BGCOLOR="#ffffff">'. - $cust_main->getfield('last'). ', '. $cust_main->first. '<BR>'; + encode_entities($cust_main->getfield('last')). ', '. + encode_entities($cust_main->first). '<BR>'; - $html .= $cust_main->company. '<BR>' if $cust_main->company; - $html .= $cust_main->address1. '<BR>'; - $html .= $cust_main->address2. '<BR>' if $cust_main->address2; - $html .= $cust_main->city. ', '. $cust_main->state. ' '. $cust_main->zip. '<BR>'; + $html .= encode_entities($cust_main->company). '<BR>' if $cust_main->company; + $html .= encode_entities($cust_main->address1). '<BR>'; + $html .= encode_entities($cust_main->address2). '<BR>' if $cust_main->address2; + $html .= encode_entities($cust_main->city). ', '. $cust_main->state. ' '. $cust_main->zip. '<BR>'; $html .= $cust_main->country. '<BR>' if $cust_main->country && $cust_main->country ne $countrydefault; |