diff options
| author | Christopher Burger <burgerc@freeside.biz> | 2017-06-30 13:24:29 -0400 |
|---|---|---|
| committer | Christopher Burger <burgerc@freeside.biz> | 2017-06-30 16:58:24 -0400 |
| commit | e467098604e3d6038d666214bc1a3f5d2a6f44eb (patch) | |
| tree | 1eae118bd85a5cdcf465bc0d786c6646b311c922 /httemplate/view | |
| parent | 701f845de34ca48f26b2dd7a38b95764fb800d17 (diff) | |
RT# 74666 - fixed vulnerability by escaping quotation_description var
Diffstat (limited to 'httemplate/view')
| -rwxr-xr-x | httemplate/view/quotation.html | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/httemplate/view/quotation.html b/httemplate/view/quotation.html index aba1f0ab3..d4d79d72c 100755 --- a/httemplate/view/quotation.html +++ b/httemplate/view/quotation.html @@ -2,7 +2,7 @@ <& /elements/header-cust_main.html, view=>'quotations', custnum=>$quotation->custnum &> <h2>Quotation #<% $quotationnum %> % if ($quotation->quotation_description) { -(<% $quotation->quotation_description %>) +(<% $quotation->quotation_description |h %>) % } </h2> % } else { #eventually, header-prospect_main.html |