projects / freeside.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
new escape flags in RT 3.8.12+ and 4.0.6+, RT#17928
[freeside.git] / FS / FS / Mason.pm
diff --git a/FS/FS/Mason.pm b/FS/FS/Mason.pm
index 6cc32bd..de97a19 100644 (file)
--- a/FS/FS/Mason.pm
+++ b/FS/FS/Mason.pm
@@ -55,7 +55,7 @@ if ( -e $addl_handler_use_file ) {
 
   #use CGI::Carp qw(fatalsToBrowser);
   use CGI::Cookie;
-  use List::Util qw( max min );
+  use List::Util qw( max min sum );
   use Data::Dumper;
   use Date::Format;
   use Time::Local;
@@ -303,6 +303,10 @@ if ( -e $addl_handler_use_file ) {
   use FS::discount_plan;
   use FS::tower;
   use FS::tower_sector;
+  use FS::sales;
+  use FS::access_groupsales;
+  use FS::contact_class;
+  use FS::part_svc_class;
   # Sammath Naur
 
   if ( $FS::Mason::addl_handler_use ) {
@@ -546,6 +550,8 @@ sub mason_interps {
     ${$_[0]} =~ s/(['\\])/\\$1/g;
     ${$_[0]} =~ s/\r/\\r/g;
     ${$_[0]} =~ s/\n/\\n/g;
+    # prevent premature termination of the script
+    ${$_[0]} =~ s[</script>][<\\/script>]ig;
     ${$_[0]} = "'". ${$_[0]}. "'";
   };
 
@@ -571,6 +577,8 @@ sub mason_interps {
                       [ 'freeside' => '%%%FREESIDE_DOCUMENT_ROOT%%%'    ],
                     ],
     escape_flags => { 'h'         => \&RT::Interface::Web::EscapeUTF8,
+                      'u'         => \&RT::Interface::Web::EscapeURI,
+                      'j'         => \&RT::Interface::Web::EscapeJS,
                       'js_string' => $js_string_sub,
                     },
     compiler     => HTML::Mason::Compiler::ToObject->new(
Freeside billing, trouble ticketing, network monitoring and provisioning