diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2012-11-11 22:18:55 -0800 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2012-11-11 22:18:55 -0800 |
| commit | 4abeb53ac1ba98d441dab810c859c025e7307809 (patch) | |
| tree | e1c2c45c654f100e4278b0383adf86e7f7ae4dd0 /FS | |
| parent | 0ad00ab8a1ae4065a5817638b1ca89d5db6b3831 (diff) | |
fix XSS
Diffstat (limited to 'FS')
| -rw-r--r-- | FS/FS/UI/Web/small_custview.pm | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/FS/FS/UI/Web/small_custview.pm b/FS/FS/UI/Web/small_custview.pm index c3d251c6d..0660038d9 100644 --- a/FS/FS/UI/Web/small_custview.pm +++ b/FS/FS/UI/Web/small_custview.pm @@ -89,14 +89,14 @@ sub small_custview { $html .= '<TD VALIGN="top">'. ntable("#cccccc",2). '<TR><TD ALIGN="right" VALIGN="top">Service<BR>Address</TD><TD BGCOLOR="#ffffff">'. - $cust_main->get("${pre}last"). ', '. - $cust_main->get("${pre}first"). '<BR>'; - $html .= $cust_main->get("${pre}company"). '<BR>' + encode_entities($cust_main->get("${pre}last")). ', '. + encode_entities($cust_main->get("${pre}first")). '<BR>'; + $html .= encode_entities($cust_main->get("${pre}company")). '<BR>' if $cust_main->get("${pre}company"); - $html .= $cust_main->get("${pre}address1"). '<BR>'; - $html .= $cust_main->get("${pre}address2"). '<BR>' + $html .= encode_entities($cust_main->get("${pre}address1")). '<BR>'; + $html .= encode_entities($cust_main->get("${pre}address2")). '<BR>' if $cust_main->get("${pre}address2"); - $html .= $cust_main->get("${pre}city"). ', '. + $html .= encode_entities($cust_main->get("${pre}city")). ', '. $cust_main->get("${pre}state"). ' '. $cust_main->get("${pre}zip"). '<BR>'; $html .= $cust_main->get("${pre}country"). '<BR>' |