From f6c799b390c1fabbf8ca3d7798088d94dfcc4f21 Mon Sep 17 00:00:00 2001
From: Ivan Kohler <ivan@freeside.biz>
Date: Sun, 17 Feb 2013 15:23:58 -0800
Subject: [PATCH] fix low-impact XSS

---
 httemplate/edit/REAL_cust_pkg.cgi    | 2 +-
 httemplate/edit/cust_pkg_detail.html | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/httemplate/edit/REAL_cust_pkg.cgi b/httemplate/edit/REAL_cust_pkg.cgi
index 166a3b7ea..05516b921 100755
--- a/httemplate/edit/REAL_cust_pkg.cgi
+++ b/httemplate/edit/REAL_cust_pkg.cgi
@@ -38,7 +38,7 @@
 
   <TR>
     <TD ALIGN="right">Comment</TD>
-    <TD BGCOLOR="#ffffff"><% $part_pkg->comment %></TD>
+    <TD BGCOLOR="#ffffff"><% $part_pkg->comment |h %></TD>
   </TR>
 
   <TR>
diff --git a/httemplate/edit/cust_pkg_detail.html b/httemplate/edit/cust_pkg_detail.html
index 009ed5c6e..5e107066d 100644
--- a/httemplate/edit/cust_pkg_detail.html
+++ b/httemplate/edit/cust_pkg_detail.html
@@ -28,7 +28,7 @@
 
   <TR>
     <TD ALIGN="right">Comment</TD>
-    <TD BGCOLOR="#ffffff"><% $part_pkg->comment %></TD>
+    <TD BGCOLOR="#ffffff"><% $part_pkg->comment |h %></TD>
   </TR>
 
   <TR>
-- 
2.20.1