diff options
| author | mark <mark> | 2010-03-25 01:37:19 +0000 |
|---|---|---|
| committer | mark <mark> | 2010-03-25 01:37:19 +0000 |
| commit | f6ad19602096411e6248750d840f0a6e2e0ee036 (patch) | |
| tree | 9a8ab8bf169e2e938a022fdae5c8f274c06e87ba /httemplate | |
| parent | d2c621ec6c3d2edbd3d8b44600a92d6773ffa971 (diff) | |
RT#6226: security fix for customer notes
Diffstat (limited to 'httemplate')
| -rwxr-xr-x | httemplate/view/cust_main/notes.html | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/httemplate/view/cust_main/notes.html b/httemplate/view/cust_main/notes.html index a6378f46a..a39610ac5 100755 --- a/httemplate/view/cust_main/notes.html +++ b/httemplate/view/cust_main/notes.html @@ -53,7 +53,7 @@ <% $note->otaker%> </TD> <TD CLASS="grid" BGCOLOR="<% $bgcolor %>"> - <%$note->comments%> + <% $note->comments | defang %> </TD> % if($edit) { <TD CLASS="grid" BGCOLOR="<% $bgcolor %>"><% $edit %></TD> @@ -67,6 +67,8 @@ % } <%init> +use HTML::Defang; + my $conf = new FS::Conf; my $curuser = $FS::CurrentUser::CurrentUser; |