diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2012-11-11 22:34:20 -0800 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2012-11-11 22:34:20 -0800 |
| commit | 4ee7d66497689819f80f29795b93f0ba564141e7 (patch) | |
| tree | 3ae2bcf04a7a4a04f51491261441c3ddd3f03326 /fs_selfservice/FS-SelfService | |
| parent | b2101823682f3738f5b367d2c1f2a7c6d47cdad1 (diff) | |
fix XSS
Diffstat (limited to 'fs_selfservice/FS-SelfService')
| -rw-r--r-- | fs_selfservice/FS-SelfService/cgi/change_pkg.html | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/fs_selfservice/FS-SelfService/cgi/change_pkg.html b/fs_selfservice/FS-SelfService/cgi/change_pkg.html index a841308a5..2d7b488ab 100644 --- a/fs_selfservice/FS-SelfService/cgi/change_pkg.html +++ b/fs_selfservice/FS-SelfService/cgi/change_pkg.html @@ -14,8 +14,8 @@ function enable_change_pkg () { <FORM NAME="ChangePkgForm" ACTION="<%= $selfurl %>" METHOD=POST> <INPUT TYPE="hidden" NAME="session" VALUE="<%= $session_id %>"> <INPUT TYPE="hidden" NAME="action" VALUE="process_change_pkg"> -<INPUT TYPE="hidden" NAME="pkgnum" VALUE="<%= $pkgnum %>"> -<INPUT TYPE="hidden" NAME="pkg" VALUE="<%= $pkg %>"> +<INPUT TYPE="hidden" NAME="pkgnum" VALUE="<%= encode_entities($pkgnum) %>"> +<INPUT TYPE="hidden" NAME="pkg" VALUE="<%= encode_entities($pkg) %>"> <TABLE BGCOLOR="#cccccc" BORDER=0 CELLSPACING=0> <TR> <TD COLSPAN=2><SELECT NAME="pkgpart" onChange="enable_change_pkg()"> |