projects
/
freeside.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
05a99e8
)
XSS
author
Ivan Kohler
<ivan@freeside.biz>
Thu, 9 Oct 2014 18:11:31 +0000
(11:11 -0700)
committer
Ivan Kohler
<ivan@freeside.biz>
Thu, 9 Oct 2014 18:11:31 +0000
(11:11 -0700)
httemplate/browse/part_event.html
patch
|
blob
|
history
diff --git
a/httemplate/browse/part_event.html
b/httemplate/browse/part_event.html
index
ba036c8
..
d2e6946
100644
(file)
--- a/
httemplate/browse/part_event.html
+++ b/
httemplate/browse/part_event.html
@@
-175,8
+175,10
@@
my $html_init =
' or <SELECT NAME="clone"><OPTION></OPTION>';
foreach my $part_event ( qsearch('part_event', {'disabled'=>''}) ) {
' or <SELECT NAME="clone"><OPTION></OPTION>';
foreach my $part_event ( qsearch('part_event', {'disabled'=>''}) ) {
- $html_init .= '<OPTION VALUE="'. $part_event->eventpart. '">'.
- $part_event->eventpart. ': '. $part_event->event. '</OPTION>';
+ $html_init .= '<OPTION VALUE="'. $part_event->eventpart. '">'.
+ $part_event->eventpart. ': '.
+ encode_entities($part_event->event).
+ '</OPTION>';
}
$html_init .= '</SELECT><INPUT TYPE="submit" VALUE="Clone existing event">'.
}
$html_init .= '</SELECT><INPUT TYPE="submit" VALUE="Clone existing event">'.