From: Christopher Burger <burgerc@freeside.biz>
Date: Fri, 30 Jun 2017 17:24:29 +0000 (-0400)
Subject: RT# 74666 - fixed vulnerability by escaping quotation_description var
X-Git-Url: http://git.freeside.biz/gitweb/?a=commitdiff_plain;ds=sidebyside;h=9760cdc40e900328990e3c91a7ea99eb43d70c21;p=freeside.git

RT# 74666 - fixed vulnerability by escaping quotation_description var
---

diff --git a/httemplate/view/quotation.html b/httemplate/view/quotation.html
index aba1f0ab3..d4d79d72c 100755
--- a/httemplate/view/quotation.html
+++ b/httemplate/view/quotation.html
@@ -2,7 +2,7 @@
 <& /elements/header-cust_main.html, view=>'quotations', custnum=>$quotation->custnum &>
 <h2>Quotation #<% $quotationnum %>
 % if ($quotation->quotation_description) {
-(<% $quotation->quotation_description %>)  
+(<% $quotation->quotation_description |h %>)  
 % } 
 </h2>
 % } else { #eventually, header-prospect_main.html