From 4abeb53ac1ba98d441dab810c859c025e7307809 Mon Sep 17 00:00:00 2001 From: Ivan Kohler Date: Sun, 11 Nov 2012 22:18:55 -0800 Subject: [PATCH] fix XSS --- FS/FS/UI/Web/small_custview.pm | 12 ++++++------ httemplate/elements/location.html | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/FS/FS/UI/Web/small_custview.pm b/FS/FS/UI/Web/small_custview.pm index c3d251c6d..0660038d9 100644 --- a/FS/FS/UI/Web/small_custview.pm +++ b/FS/FS/UI/Web/small_custview.pm @@ -89,14 +89,14 @@ sub small_custview { $html .= ''. ntable("#cccccc",2). 'Service
Address'. - $cust_main->get("${pre}last"). ', '. - $cust_main->get("${pre}first"). '
'; - $html .= $cust_main->get("${pre}company"). '
' + encode_entities($cust_main->get("${pre}last")). ', '. + encode_entities($cust_main->get("${pre}first")). '
'; + $html .= encode_entities($cust_main->get("${pre}company")). '
' if $cust_main->get("${pre}company"); - $html .= $cust_main->get("${pre}address1"). '
'; - $html .= $cust_main->get("${pre}address2"). '
' + $html .= encode_entities($cust_main->get("${pre}address1")). '
'; + $html .= encode_entities($cust_main->get("${pre}address2")). '
' if $cust_main->get("${pre}address2"); - $html .= $cust_main->get("${pre}city"). ', '. + $html .= encode_entities($cust_main->get("${pre}city")). ', '. $cust_main->get("${pre}state"). ' '. $cust_main->get("${pre}zip"). '
'; $html .= $cust_main->get("${pre}country"). '
' diff --git a/httemplate/elements/location.html b/httemplate/elements/location.html index c606523f0..a0c5644e8 100644 --- a/httemplate/elements/location.html +++ b/httemplate/elements/location.html @@ -214,7 +214,7 @@ Example: <<%$th%> ALIGN="right">Tax district
(automatic)> - + % } -- 2.20.1