Encode prepaid_shortform input to prevent XSS

author: Matt Creenan <mcreenan@localnet.com> 2013-03-22 14:28:50 -0400
committer: Matt Creenan <mcreenan@localnet.com> 2013-03-22 14:28:50 -0400
commit: e6172bfad7dc79bbef491fdbde03add8e460387e (patch)
tree: 706e77c979b46c58e2e598e5736fa34589cea9b4 /fs_selfservice
parent: 26bc6f249a1cdb165bf9b0d0fa3fc055ed457723 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/fs_selfservice/FS-SelfService/cgi/signup.html b/fs_selfservice/FS-SelfService/cgi/signup.html
index 6427e6f..4ac6777 100755
--- a/fs_selfservice/FS-SelfService/cgi/signup.html
+++ b/fs_selfservice/FS-SelfService/cgi/signup.html
@@ -33,7 +33,7 @@
 <FONT SIZE="+1" COLOR="#ff0000"><%= encode_entities($error) %></FONT>
 
 <FORM NAME="OneTrueForm" ACTION="<%= $self_url %>" METHOD=POST onSubmit="document.OneTrueForm.signup.disabled=true">
-<INPUT TYPE="hidden" NAME="prepaid_shortform" VALUE="<%= $prepaid_shortform %>">
+<INPUT TYPE="hidden" NAME="prepaid_shortform" VALUE="<%= encode_entities($prepaid_shortform) %>">
 <INPUT TYPE="hidden" NAME="session" VALUE="<%= $session_id %>">
 <INPUT TYPE="hidden" NAME="action" VALUE="process_signup">
 <INPUT TYPE="hidden" NAME="agentnum" VALUE="<%= $agentnum %>">
author	Matt Creenan <mcreenan@localnet.com>	2013-03-22 14:28:50 -0400
committer	Matt Creenan <mcreenan@localnet.com>	2013-03-22 14:28:50 -0400
commit	e6172bfad7dc79bbef491fdbde03add8e460387e (patch)
tree	706e77c979b46c58e2e598e5736fa34589cea9b4 /fs_selfservice
parent	26bc6f249a1cdb165bf9b0d0fa3fc055ed457723 (diff)