From: Ivan Kohler <ivan@freeside.biz>
Date: Thu, 25 Apr 2013 11:09:31 +0000 (-0700)
Subject: fix XSS
X-Git-Url: http://git.freeside.biz/gitweb/?a=commitdiff_plain;h=d295c1176370d42a4754c26debfed390e0829f15;p=freeside.git

fix XSS
---

diff --git a/fs_selfservice/FS-SelfService/cgi/small_custview.html b/fs_selfservice/FS-SelfService/cgi/small_custview.html
index 8d6e07368..470fe7151 100644
--- a/fs_selfservice/FS-SelfService/cgi/small_custview.html
+++ b/fs_selfservice/FS-SelfService/cgi/small_custview.html
@@ -10,10 +10,10 @@ Customer #<B><%= $custnum %></B>
             ? '<I><FONT SIZE="-1">Billing Address</FONT></I><BR>'
             : ''
       %>
-      <%= $first %> <%= $last %><BR>
-      <%= $company ? $company.'<BR>' : '' %>
-      <%= $address1 %><BR>
-      <%= $address2 ? $address2.'<BR>' : '' %>
+      <%= encode_entities($first) %> <%= encode_entities($last) %><BR>
+      <%= $company ? encode_entities($company).'<BR>' : '' %>
+      <%= encode_entities($address1) %><BR>
+      <%= $address2 ? encode_entities($address2).'<BR>' : '' %>
       <%= $city %>, <%= $state %> <%= $zip %><BR>
       <%= $country && $country ne ($countrydefault||'US')
             ? $country.'<BR>'