X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fbrowse%2Fpart_event.html;h=62e7ff0d91645584fd7fc894828b5494b4bccedd;hb=c13c6407510f6fd1783ce0fbd97800afa27c30b5;hp=6be28602da79fa6ab1261fd529f7d585138a9c36;hpb=c6e4f9460f44a7440ef2fa7e67ed51dfe40a7668;p=freeside.git
diff --git a/httemplate/browse/part_event.html b/httemplate/browse/part_event.html
index 6be28602d..62e7ff0d9 100644
--- a/httemplate/browse/part_event.html
+++ b/httemplate/browse/part_event.html
@@ -45,8 +45,9 @@ my $link = [ $p.'edit/part_event.html?', 'eventpart' ];
my $event_sub = sub {
my $part_event = shift;
my $onclick = include('/elements/popup_link_onclick.html',
- action => $p.'view/part_event-targets.html?'.$part_event->eventpart,
- actionlabel => 'Event query - '.$part_event->event,
+ action => $p.'view/part_event-targets.html?eventpart='.
+ $part_event->eventpart,
+ actionlabel => 'Event query', #no, XSS - '.$part_event->event,
width => 650,
height => 420,
close_text => 'Close',
@@ -54,14 +55,14 @@ my $event_sub = sub {
[#rows
[#subcolumns
{
- 'data' => $part_event->event,
- 'link' => $p.'edit/part_event.html?'.$part_event->eventpart,
+ 'data' => encode_entities($part_event->event),
+ 'link' => $p.'edit/part_event.html?'.$part_event->eventpart,
},
{
- 'data' => ' (query) ',
- 'size' => '-1',
- 'data_style' => 'b',
- 'onclick' => $onclick,
+ 'data' => ' (query) ',
+ 'size' => '-1',
+ 'data_style' => 'b',
+ 'onclick' => $onclick,
},
],
];
@@ -173,7 +174,7 @@ my $html_init =
qq!Add a new event!.
' or