summaryrefslogtreecommitdiff
path: root/httemplate/misc/cust_main_note-import.cgi
diff options
context:
space:
mode:
authorIvan Kohler <ivan@freeside.biz>2012-11-11 23:08:47 -0800
committerIvan Kohler <ivan@freeside.biz>2012-11-11 23:08:47 -0800
commit3d18177c158acc492e9322677b11c8089df0fbc0 (patch)
tree35aa13c4c6da9181fa2e987d3619132773d047d4 /httemplate/misc/cust_main_note-import.cgi
parent4ee7d66497689819f80f29795b93f0ba564141e7 (diff)
fix XSS
Diffstat (limited to 'httemplate/misc/cust_main_note-import.cgi')
-rw-r--r--httemplate/misc/cust_main_note-import.cgi12
1 files changed, 6 insertions, 6 deletions
diff --git a/httemplate/misc/cust_main_note-import.cgi b/httemplate/misc/cust_main_note-import.cgi
index 72ac556fd..186289517 100644
--- a/httemplate/misc/cust_main_note-import.cgi
+++ b/httemplate/misc/cust_main_note-import.cgi
@@ -164,7 +164,7 @@
<OPTION VALUE="">---</OPTION>
% my $i=0;
% foreach (@cust_main) {
- <OPTION <% $i ? '' : 'SELECTED' %> VALUE="<% $_->custnum %>"><% $_->name %></OPTION>
+ <OPTION <% $i ? '' : 'SELECTED' %> VALUE="<% $_->custnum %>"><% $_->name |h %></OPTION>
% $i++;
% }
</SELECT>
@@ -172,15 +172,15 @@
var customer_select<% $row %> = document.getElementById("cust_select<% $row %>");
customer_select<% $row %>.onchange = select_customer;
</SCRIPT>
- <INPUT TYPE="hidden" NAME="name<% $row %>" ID="name<% $row %>" VALUE="<% $i ? $cust_main[0]->name : '' %>">
+ <INPUT TYPE="hidden" NAME="name<% $row %>" ID="name<% $row %>" VALUE="<% $i ? $cust_main[0]->name : '' |h %>">
</TD>
<TD>
- <% $first %>
- <INPUT TYPE="hidden" NAME="first<% $row %>" VALUE="<% $first %>">
+ <% $first |h %>
+ <INPUT TYPE="hidden" NAME="first<% $row %>" VALUE="<% $first |h %>">
</TD>
<TD>
- <% $last %>
- <INPUT TYPE="hidden" NAME="last<% $row %>" VALUE="<% $last %>">
+ <% $last |h %>
+ <INPUT TYPE="hidden" NAME="last<% $row %>" VALUE="<% $last |h %>">
</TD>
<TD>
<% $note %>
generated by cgit v1.2.1 (git 2.18.0) at 2024-10-05 22:55:15 +0000