projects
/
freeside.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
RT#6226: security fix for customer notes
[freeside.git]
/
httemplate
/
view
/
cust_main
/
notes.html
diff --git
a/httemplate/view/cust_main/notes.html
b/httemplate/view/cust_main/notes.html
index
a6378f4
..
a39610a
100755
(executable)
--- a/
httemplate/view/cust_main/notes.html
+++ b/
httemplate/view/cust_main/notes.html
@@
-53,7
+53,7
@@
<% $note->otaker%>
</TD>
<TD CLASS="grid" BGCOLOR="<% $bgcolor %>">
<% $note->otaker%>
</TD>
<TD CLASS="grid" BGCOLOR="<% $bgcolor %>">
- <%
$note->comments
%>
+ <%
$note->comments | defang
%>
</TD>
% if($edit) {
<TD CLASS="grid" BGCOLOR="<% $bgcolor %>"><% $edit %></TD>
</TD>
% if($edit) {
<TD CLASS="grid" BGCOLOR="<% $bgcolor %>"><% $edit %></TD>
@@
-67,6
+67,8
@@
% }
<%init>
% }
<%init>
+use HTML::Defang;
+
my $conf = new FS::Conf;
my $curuser = $FS::CurrentUser::CurrentUser;
my $conf = new FS::Conf;
my $curuser = $FS::CurrentUser::CurrentUser;