diff options
| author | Christopher Burger <burgerc@freeside.biz> | 2019-02-26 11:06:33 -0500 |
|---|---|---|
| committer | Christopher Burger <burgerc@freeside.biz> | 2019-02-26 17:27:31 -0500 |
| commit | 83cad295d38b0c764b59b62bc4840dcf666b7de9 (patch) | |
| tree | e7c1e608bd821cc912eb9e5285f159beda828d86 /httemplate | |
| parent | 19d49567b9f1e07459253f28a41da121bd48811c (diff) | |
RT# 82092 - updated escaping html to use encode-entities
Conflicts:
FS/FS/part_virtual_field.pm
Diffstat (limited to 'httemplate')
| -rw-r--r-- | httemplate/browse/router.cgi | 6 | ||||
| -rw-r--r-- | httemplate/edit/elements/part_svc_column.html | 2 |
2 files changed, 3 insertions, 5 deletions
diff --git a/httemplate/browse/router.cgi b/httemplate/browse/router.cgi index c7713f313..354111875 100644 --- a/httemplate/browse/router.cgi +++ b/httemplate/browse/router.cgi @@ -17,8 +17,6 @@ %> <%init> -use CGI qw(escapeHTML); - die "access denied" unless $FS::CurrentUser::CurrentUser->access_right('Broadband configuration') || $FS::CurrentUser::CurrentUser->access_right('Broadband global configuration'); @@ -50,8 +48,8 @@ my @links = ( [ "${p2}edit/router.cgi?", 'routernum' ], ); foreach (FS::router->virtual_fields_hash) { - push @header_fields, escapeHTML($_->{'label'}); - push @fields, escapeHTML($_->{'name'}); + push @header_fields, encode_entities($_->{'label'}); + push @fields, encode_entities($_->{'name'}); push @links, ''; } diff --git a/httemplate/edit/elements/part_svc_column.html b/httemplate/edit/elements/part_svc_column.html index 80d325e59..1e1ff79ee 100644 --- a/httemplate/edit/elements/part_svc_column.html +++ b/httemplate/edit/elements/part_svc_column.html @@ -98,7 +98,7 @@ that field. <TD ROWSPAN=2 CLASS="grid"> <INPUT NAME="<% $svcdb %>__<% $field %>_label" STYLE="text-align: right" - VALUE="<% $part_svc_column->columnlabel || escapeHTML($def->{'label'}) |h %>"> + VALUE="<% $part_svc_column->columnlabel || $def->{'label'} |h %>"> </TD> <TD ROWSPAN=1 CLASS="grid"> |