projects
/
freeside.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
f4a34ae
)
fix XSS
author
Ivan Kohler
<ivan@freeside.biz>
Fri, 12 Apr 2013 01:10:13 +0000
(18:10 -0700)
committer
Ivan Kohler
<ivan@freeside.biz>
Fri, 12 Apr 2013 01:10:13 +0000
(18:10 -0700)
FS/FS/UI/Web.pm
patch
|
blob
|
history
diff --git
a/FS/FS/UI/Web.pm
b/FS/FS/UI/Web.pm
index
22b4456
..
59e59d4
100644
(file)
--- a/
FS/FS/UI/Web.pm
+++ b/
FS/FS/UI/Web.pm
@@
-404,23
+404,26
@@
sub cust_fields_subs {
my $unlinked_warn = 0;
return map {
my $f = $_;
- if( $unlinked_warn++ ) {
+ if ( $unlinked_warn++ ) {
+
sub {
my $record = shift;
- if( $record->custnum ) {
- $record->$f(@_);
- }
- else {
+ if ( $record->custnum ) {
+ encode_entities( $record->$f(@_) );
+ } else {
'(unlinked)'
};
- }
- }
- else {
+ };
+
+ } else {
+
sub {
my $record = shift;
- $record->$f(@_) if $record->custnum;
- }
+ $record->custnum ? encode_entities( $record->$f(@_) ) : '';
+ };
+
}
+
} @cust_fields;
}
projects / freeside.git / commitdiff