From: Ivan Kohler <ivan@freeside.biz>
Date: Sat, 1 Jun 2013 09:26:24 +0000 (-0700)
Subject: fix XSS
X-Git-Url: http://git.freeside.biz/gitweb/?a=commitdiff_plain;h=e31e521e1dc88b3a936023e5e3f8b52de42bb78f;hp=049f013e7e6409edcc3997f2496784573be3de3e;p=freeside.git

fix XSS
---

diff --git a/httemplate/edit/cust_pkg.cgi b/httemplate/edit/cust_pkg.cgi
index dd1ed335f..e6a7d4b71 100755
--- a/httemplate/edit/cust_pkg.cgi
+++ b/httemplate/edit/cust_pkg.cgi
@@ -34,7 +34,7 @@
     <TR>
       <TD><INPUT TYPE="checkbox" NAME="remove_pkg" VALUE="<% $pkgnum %>"<% $checked %>></TD>
       <TD ALIGN="right"><% $pkgnum %>:</TD>
-      <TD><% $all_pkg{$pkgpart} %> - <% $all_comment{$pkgpart} %></TD>
+      <TD><% $all_pkg{$pkgpart} |h %> - <% $all_comment{$pkgpart} |h %></TD>
     </TR>
 % } 
 
@@ -79,7 +79,7 @@ Order new packages
       <INPUT TYPE="text" NAME="<% "pkg$pkgpart" %>" VALUE="<% $value %>" SIZE="2" MAXLENGTH="2">
     </TD>
     <TD ALIGN="right"><% $pkgpart %>:</TD>
-    <TD><% $pkg{$pkgpart} %> - <% $comment{$pkgpart}%></TD>
+    <TD><% $pkg{$pkgpart} |h %> - <% $comment{$pkgpart} |h %></TD>
   </TR>
 %
 %  $count ++ ;