summaryrefslogtreecommitdiff
path: root/FS
diff options
context:
space:
mode:
authorIvan Kohler <ivan@freeside.biz>2012-11-11 21:56:49 -0800
committerIvan Kohler <ivan@freeside.biz>2012-11-11 21:56:49 -0800
commit0ad00ab8a1ae4065a5817638b1ca89d5db6b3831 (patch)
treefb841a321413552d4dc859243f132326843a57e6 /FS
parent4f188b96f282c21f027c936f18f5d6fb974cb497 (diff)
fix XSS
Diffstat (limited to 'FS')
-rw-r--r--FS/FS/UI/Web/small_custview.pm11
1 files changed, 6 insertions, 5 deletions
diff --git a/FS/FS/UI/Web/small_custview.pm b/FS/FS/UI/Web/small_custview.pm
index 53a3b5e33..c3d251c6d 100644
--- a/FS/FS/UI/Web/small_custview.pm
+++ b/FS/FS/UI/Web/small_custview.pm
@@ -58,12 +58,13 @@ sub small_custview {
$html .=
ntable('#e8e8e8'). '<TR><TD VALIGN="top">'. ntable("#cccccc",2).
'<TR><TD ALIGN="right" VALIGN="top">Billing<BR>Address</TD><TD BGCOLOR="#ffffff">'.
- $cust_main->getfield('last'). ', '. $cust_main->first. '<BR>';
+ encode_entities($cust_main->getfield('last')). ', '.
+ encode_entities($cust_main->first). '<BR>';
- $html .= $cust_main->company. '<BR>' if $cust_main->company;
- $html .= $cust_main->address1. '<BR>';
- $html .= $cust_main->address2. '<BR>' if $cust_main->address2;
- $html .= $cust_main->city. ', '. $cust_main->state. ' '. $cust_main->zip. '<BR>';
+ $html .= encode_entities($cust_main->company). '<BR>' if $cust_main->company;
+ $html .= encode_entities($cust_main->address1). '<BR>';
+ $html .= encode_entities($cust_main->address2). '<BR>' if $cust_main->address2;
+ $html .= encode_entities($cust_main->city). ', '. $cust_main->state. ' '. $cust_main->zip. '<BR>';
$html .= $cust_main->country. '<BR>'
if $cust_main->country && $cust_main->country ne $countrydefault;
generated by cgit v1.2.1 (git 2.18.0) at 2025-11-11 22:10:33 +0000