From f6ad19602096411e6248750d840f0a6e2e0ee036 Mon Sep 17 00:00:00 2001
From: mark <mark>
Date: Thu, 25 Mar 2010 01:37:19 +0000
Subject: RT#6226: security fix for customer notes

---
 httemplate/view/cust_main/notes.html | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'httemplate')

diff --git a/httemplate/view/cust_main/notes.html b/httemplate/view/cust_main/notes.html
index a6378f46a..a39610ac5 100755
--- a/httemplate/view/cust_main/notes.html
+++ b/httemplate/view/cust_main/notes.html
@@ -53,7 +53,7 @@
         &nbsp;<% $note->otaker%>
       </TD>
       <TD CLASS="grid" BGCOLOR="<% $bgcolor %>">
-        &nbsp;<%$note->comments%>
+        &nbsp;<% $note->comments | defang %>
       </TD>
 % if($edit) {
       <TD CLASS="grid" BGCOLOR="<% $bgcolor %>"><% $edit %></TD>
@@ -67,6 +67,8 @@
 % }
 <%init>
 
+use HTML::Defang;
+
 my $conf = new FS::Conf;
 my $curuser = $FS::CurrentUser::CurrentUser;
 
-- 
cgit v1.2.1