projects
/
freeside.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
ho ho ho, merry XSSmas
[freeside.git]
/
httemplate
/
misc
/
process
/
meta-import.cgi
diff --git
a/httemplate/misc/process/meta-import.cgi
b/httemplate/misc/process/meta-import.cgi
index
5a97d11
..
1cf178c
100644
(file)
--- a/
httemplate/misc/process/meta-import.cgi
+++ b/
httemplate/misc/process/meta-import.cgi
@@
-182,4
+182,6
@@
function SafeOnsubmit() {
% }
%
%
-
+<%init>
+die "meta-import script not currently enabled"; #make XSS-safe if this is used for more than just admins to import data....
+</%init>