diff options
| author | Christopher Burger <burgerc@freeside.biz> | 2019-02-26 11:06:33 -0500 |
|---|---|---|
| committer | Christopher Burger <burgerc@freeside.biz> | 2019-02-26 17:27:31 -0500 |
| commit | 83cad295d38b0c764b59b62bc4840dcf666b7de9 (patch) | |
| tree | e7c1e608bd821cc912eb9e5285f159beda828d86 /FS | |
| parent | 19d49567b9f1e07459253f28a41da121bd48811c (diff) | |
RT# 82092 - updated escaping html to use encode-entities
Conflicts:
FS/FS/part_virtual_field.pm
Diffstat (limited to 'FS')
| -rwxr-xr-x | FS/FS/part_virtual_field.pm | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/FS/FS/part_virtual_field.pm b/FS/FS/part_virtual_field.pm index 1df4984e1..e54dc9389 100755 --- a/FS/FS/part_virtual_field.pm +++ b/FS/FS/part_virtual_field.pm @@ -4,7 +4,7 @@ use strict; use vars qw( @ISA ); use FS::Record; use FS::Schema qw( dbdef ); -use CGI qw(escapeHTML); +use HTML::Entities; @ISA = qw( FS::Record ); @@ -92,14 +92,14 @@ sub widget { if ($ui_type eq 'HTML') { if ($mode eq 'view') { - $text = q!<TR><!.$header_col_type.q! ALIGN="right">! . $label . - q!</!.$header_col_type.q!><TD BGCOLOR="#ffffff">! . $value . + $text = q!<TR><!.$header_col_type.q! ALIGN="right">! . encode_entities($label) . + q!</!.$header_col_type.q!><TD BGCOLOR="#ffffff">! . encode_entities($value) . q!</TD></TR>! . "\n"; } elsif ($mode eq 'edit') { - $text = q!<TR><!.$header_col_type.q! ALIGN="right">! . $label . + $text = q!<TR><!.$header_col_type.q! ALIGN="right">! . encode_entities($label) . q!</!.$header_col_type.q!><TD>!; $text .= q!<INPUT TYPE=text NAME="! . $self->name . - q!" VALUE="! . escapeHTML($value) . q!"!; + q!" VALUE="! . encode_entities($value) . q!"!; if ($self->length) { $text .= q! SIZE="! . $self->length . q!"!; } |