fix low-impact XSS

author Ivan Kohler <ivan@freeside.biz>

Sun, 17 Feb 2013 23:23:56 +0000 (15:23 -0800)

committer Ivan Kohler <ivan@freeside.biz>

Sun, 17 Feb 2013 23:23:56 +0000 (15:23 -0800)
author Ivan Kohler <ivan@freeside.biz>
Sun, 17 Feb 2013 23:23:56 +0000 (15:23 -0800)
committer Ivan Kohler <ivan@freeside.biz>
Sun, 17 Feb 2013 23:23:56 +0000 (15:23 -0800)
diff --git a/httemplate/edit/REAL_cust_pkg.cgi b/httemplate/edit/REAL_cust_pkg.cgi

index 4bcf55c..99e911a 100755 (executable)
--- a/httemplate/edit/REAL_cust_pkg.cgi
+++ b/httemplate/edit/REAL_cust_pkg.cgi
@@ -70,7 +70,7 @@ function confirm_changes() {
  
    <TR>
      <TD ALIGN="right">Comment</TD>
-    <TD BGCOLOR="#ffffff"><% $part_pkg->comment %></TD>
+    <TD BGCOLOR="#ffffff"><% $part_pkg->comment |h %></TD>
    </TR>
  
    <TR>
diff --git a/httemplate/edit/cust_pkg_detail.html b/httemplate/edit/cust_pkg_detail.html

index 009ed5c..5e10706 100644 (file)
--- a/httemplate/edit/cust_pkg_detail.html
+++ b/httemplate/edit/cust_pkg_detail.html
@@ -28,7 +28,7 @@
  
    <TR>
      <TD ALIGN="right">Comment</TD>
-    <TD BGCOLOR="#ffffff"><% $part_pkg->comment %></TD>
+    <TD BGCOLOR="#ffffff"><% $part_pkg->comment |h %></TD>
    </TR>
  
    <TR>
author	Ivan Kohler <ivan@freeside.biz>
	Sun, 17 Feb 2013 23:23:56 +0000 (15:23 -0800)
committer	Ivan Kohler <ivan@freeside.biz>
	Sun, 17 Feb 2013 23:23:56 +0000 (15:23 -0800)
httemplate/edit/REAL_cust_pkg.cgi		patch \| blob \| history
httemplate/edit/cust_pkg_detail.html		patch \| blob \| history