diff options
author | Ivan Kohler <ivan@freeside.biz> | 2013-04-25 04:09:31 -0700 |
---|---|---|
committer | Ivan Kohler <ivan@freeside.biz> | 2013-04-25 04:09:31 -0700 |
commit | d295c1176370d42a4754c26debfed390e0829f15 (patch) | |
tree | 67ccbc63edc8e3462db5b8fef9b6c2ed300c553a /fs_selfservice/FS-SelfService | |
parent | 85ce0596ef3f057adf3e768e1dd339bd5d86f1da (diff) |
fix XSS
Diffstat (limited to 'fs_selfservice/FS-SelfService')
-rw-r--r-- | fs_selfservice/FS-SelfService/cgi/small_custview.html | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/fs_selfservice/FS-SelfService/cgi/small_custview.html b/fs_selfservice/FS-SelfService/cgi/small_custview.html index 8d6e07368..470fe7151 100644 --- a/fs_selfservice/FS-SelfService/cgi/small_custview.html +++ b/fs_selfservice/FS-SelfService/cgi/small_custview.html @@ -10,10 +10,10 @@ Customer #<B><%= $custnum %></B> ? '<I><FONT SIZE="-1">Billing Address</FONT></I><BR>' : '' %> - <%= $first %> <%= $last %><BR> - <%= $company ? $company.'<BR>' : '' %> - <%= $address1 %><BR> - <%= $address2 ? $address2.'<BR>' : '' %> + <%= encode_entities($first) %> <%= encode_entities($last) %><BR> + <%= $company ? encode_entities($company).'<BR>' : '' %> + <%= encode_entities($address1) %><BR> + <%= $address2 ? encode_entities($address2).'<BR>' : '' %> <%= $city %>, <%= $state %> <%= $zip %><BR> <%= $country && $country ne ($countrydefault||'US') ? $country.'<BR>' |