From: Ivan Kohler Date: Mon, 12 Nov 2012 06:18:55 +0000 (-0800) Subject: fix XSS X-Git-Url: http://git.freeside.biz/gitweb/?a=commitdiff_plain;h=4abeb53ac1ba98d441dab810c859c025e7307809;p=freeside.git fix XSS --- diff --git a/FS/FS/UI/Web/small_custview.pm b/FS/FS/UI/Web/small_custview.pm index c3d251c6d..0660038d9 100644 --- a/FS/FS/UI/Web/small_custview.pm +++ b/FS/FS/UI/Web/small_custview.pm @@ -89,14 +89,14 @@ sub small_custview { $html .= ''. ntable("#cccccc",2). 'Service
Address'. - $cust_main->get("${pre}last"). ', '. - $cust_main->get("${pre}first"). '
'; - $html .= $cust_main->get("${pre}company"). '
' + encode_entities($cust_main->get("${pre}last")). ', '. + encode_entities($cust_main->get("${pre}first")). '
'; + $html .= encode_entities($cust_main->get("${pre}company")). '
' if $cust_main->get("${pre}company"); - $html .= $cust_main->get("${pre}address1"). '
'; - $html .= $cust_main->get("${pre}address2"). '
' + $html .= encode_entities($cust_main->get("${pre}address1")). '
'; + $html .= encode_entities($cust_main->get("${pre}address2")). '
' if $cust_main->get("${pre}address2"); - $html .= $cust_main->get("${pre}city"). ', '. + $html .= encode_entities($cust_main->get("${pre}city")). ', '. $cust_main->get("${pre}state"). ' '. $cust_main->get("${pre}zip"). '
'; $html .= $cust_main->get("${pre}country"). '
' diff --git a/httemplate/elements/location.html b/httemplate/elements/location.html index c606523f0..a0c5644e8 100644 --- a/httemplate/elements/location.html +++ b/httemplate/elements/location.html @@ -214,7 +214,7 @@ Example: <<%$th%> ALIGN="right">Tax district
(automatic)> - + % }