RT# 82092 - updated escaping html to use encode-entities

[freeside.git] / FS / FS / part_virtual_field.pm

diff --git a/FS/FS/part_virtual_field.pm b/FS/FS/part_virtual_field.pm
index 1df4984..e54dc93 100755 (executable)
--- a/FS/FS/part_virtual_field.pm
+++ b/FS/FS/part_virtual_field.pm
@@ -4,7 +4,7 @@ use strict;
 use vars qw( @ISA );
 use FS::Record;
 use FS::Schema qw( dbdef );
-use CGI qw(escapeHTML);
+use HTML::Entities;
 
 @ISA = qw( FS::Record );
 
@@ -92,14 +92,14 @@ sub widget {
 
   if ($ui_type eq 'HTML') {
     if ($mode eq 'view') {
-      $text = q!<TR><!.$header_col_type.q! ALIGN="right">! . $label .
-              q!</!.$header_col_type.q!><TD BGCOLOR="#ffffff">! . $value .
+      $text = q!<TR><!.$header_col_type.q! ALIGN="right">! . encode_entities($label) .
+              q!</!.$header_col_type.q!><TD BGCOLOR="#ffffff">! . encode_entities($value) .
               q!</TD></TR>! . "\n";
     } elsif ($mode eq 'edit') {
-      $text = q!<TR><!.$header_col_type.q! ALIGN="right">! . $label .
+      $text = q!<TR><!.$header_col_type.q! ALIGN="right">! . encode_entities($label) .
               q!</!.$header_col_type.q!><TD>!;
         $text .= q!<INPUT TYPE=text NAME="! . $self->name .
-                q!" VALUE="! . escapeHTML($value) . q!"!;
+                q!" VALUE="! . encode_entities($value) . q!"!;
         if ($self->length) {
           $text .= q! SIZE="! . $self->length . q!"!;
         }