From 1b0e3600f2004f0977c9906b3f7db56f3ca80f5d Mon Sep 17 00:00:00 2001
From: Ivan Kohler <ivan@freeside.biz>
Date: Sun, 11 Nov 2012 22:34:22 -0800
Subject: fix XSS

---
 FS/FS/ClientAPI/MyAccount.pm | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'FS')

diff --git a/FS/FS/ClientAPI/MyAccount.pm b/FS/FS/ClientAPI/MyAccount.pm
index 7fe00e65b..d5fe15483 100644
--- a/FS/FS/ClientAPI/MyAccount.pm
+++ b/FS/FS/ClientAPI/MyAccount.pm
@@ -2004,6 +2004,9 @@ sub _usage_details {
     $p->{ending}    = $end;
   }
 
+  die "illegal beginning" if $beginning !~ /^\d*$/;
+  die "illegal ending"    if $ending    !~ /^\d*$/;
+
   my (@usage) = &$callback($svc_x, $p->{beginning}, $p->{ending}, 
     %callback_opt
   );
-- 
cgit v1.2.1