From 3f33d55b1cbbe497c3e21c8e26356ea649119c3b Mon Sep 17 00:00:00 2001
From: Ivan Kohler <ivan@freeside.biz>
Date: Sat, 19 Jan 2013 11:34:08 -0800
Subject: [PATCH] fix XSS

---
 fs_selfservice/FS-SelfService/cgi/signup.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs_selfservice/FS-SelfService/cgi/signup.html b/fs_selfservice/FS-SelfService/cgi/signup.html
index 3c71e92c4..e6830c161 100755
--- a/fs_selfservice/FS-SelfService/cgi/signup.html
+++ b/fs_selfservice/FS-SelfService/cgi/signup.html
@@ -30,7 +30,7 @@
          ' Signup form</FONT><BR><BR>';
 %>
 
-<FONT SIZE="+1" COLOR="#ff0000"><%= $error %></FONT>
+<FONT SIZE="+1" COLOR="#ff0000"><%= encode_entities($error) %></FONT>
 
 <FORM NAME="OneTrueForm" ACTION="<%= $self_url %>" METHOD=POST onSubmit="document.OneTrueForm.signup.disabled=true">
 <INPUT TYPE="hidden" NAME="prepaid_shortform" VALUE="<%= $prepaid_shortform %>">
-- 
2.20.1