From db257f5b5f5c9e56dbaba19914d3ff9f5be9a4e0 Mon Sep 17 00:00:00 2001
From: Christopher Burger <burgerc@freeside.biz>
Date: Tue, 26 Feb 2019 11:06:33 -0500
Subject: RT# 82092 - updated escaping html to use encode-entities

---
 FS/FS/part_virtual_field.pm | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'FS')

diff --git a/FS/FS/part_virtual_field.pm b/FS/FS/part_virtual_field.pm
index 63712b763..eae519f6d 100755
--- a/FS/FS/part_virtual_field.pm
+++ b/FS/FS/part_virtual_field.pm
@@ -2,7 +2,7 @@ package FS::part_virtual_field;
 use base qw(FS::Record);
 
 use strict;
-use CGI qw(escapeHTML);
+use HTML::Entities;
 use FS::Schema qw( dbdef );
 
 =head1 NAME
@@ -89,14 +89,14 @@ sub widget {
 
   if ($ui_type eq 'HTML') {
     if ($mode eq 'view') {
-      $text = q!<TR><!.$header_col_type.q! ALIGN="right">! . $label .
-              q!</!.$header_col_type.q!><TD BGCOLOR="#ffffff">! . $value .
+      $text = q!<TR><!.$header_col_type.q! ALIGN="right">! . encode_entities($label) .
+              q!</!.$header_col_type.q!><TD BGCOLOR="#ffffff">! . encode_entities($value) .
               q!</TD></TR>! . "\n";
     } elsif ($mode eq 'edit') {
-      $text = q!<TR><!.$header_col_type.q! ALIGN="right">! . $label .
+      $text = q!<TR><!.$header_col_type.q! ALIGN="right">! . encode_entities($label) .
               q!</!.$header_col_type.q!><TD>!;
         $text .= q!<INPUT TYPE=text NAME="! . $self->name .
-                q!" VALUE="! . escapeHTML($value) . q!"!;
+                q!" VALUE="! . encode_entities($value) . q!"!;
         if ($self->length) {
           $text .= q! SIZE="! . $self->length . q!"!;
         }
-- 
cgit v1.2.1