From db257f5b5f5c9e56dbaba19914d3ff9f5be9a4e0 Mon Sep 17 00:00:00 2001
From: Christopher Burger <burgerc@freeside.biz>
Date: Tue, 26 Feb 2019 11:06:33 -0500
Subject: RT# 82092 - updated escaping html to use encode-entities

---
 httemplate/browse/router.cgi                  | 6 ++----
 httemplate/edit/elements/part_svc_column.html | 2 +-
 2 files changed, 3 insertions(+), 5 deletions(-)

(limited to 'httemplate')

diff --git a/httemplate/browse/router.cgi b/httemplate/browse/router.cgi
index c7713f313..354111875 100644
--- a/httemplate/browse/router.cgi
+++ b/httemplate/browse/router.cgi
@@ -17,8 +17,6 @@
 %>
 <%init>
 
-use CGI qw(escapeHTML);
-
 die "access denied"
   unless $FS::CurrentUser::CurrentUser->access_right('Broadband configuration')
   || $FS::CurrentUser::CurrentUser->access_right('Broadband global configuration');
@@ -50,8 +48,8 @@ my @links = ( [ "${p2}edit/router.cgi?", 'routernum' ],
             );
 
 foreach (FS::router->virtual_fields_hash) {
-  push @header_fields, escapeHTML($_->{'label'});
-  push @fields, escapeHTML($_->{'name'});
+  push @header_fields, encode_entities($_->{'label'});
+  push @fields, encode_entities($_->{'name'});
   push @links, '';
 }
 
diff --git a/httemplate/edit/elements/part_svc_column.html b/httemplate/edit/elements/part_svc_column.html
index 075f15e2c..bdbce7c79 100644
--- a/httemplate/edit/elements/part_svc_column.html
+++ b/httemplate/edit/elements/part_svc_column.html
@@ -97,7 +97,7 @@ my %communigate_fields = (
     <TD ROWSPAN=2 CLASS="grid">
       <INPUT NAME="<% $svcdb %>__<% $field %>_label"
              STYLE="text-align: right"
-             VALUE="<% $part_svc_column->columnlabel || escapeHTML($def->{'label'}) |h %>">
+             VALUE="<% $part_svc_column->columnlabel || $def->{'label'} |h %>">
     </TD>
 
     <TD ROWSPAN=1 CLASS="grid">
-- 
cgit v1.2.1