projects / freeside.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 194d0e2)
fix XSS
authorIvan Kohler <ivan@freeside.biz>
Fri, 12 Apr 2013 01:10:11 +0000 (18:10 -0700)
committerIvan Kohler <ivan@freeside.biz>
Fri, 12 Apr 2013 01:10:11 +0000 (18:10 -0700)
FS/FS/UI/Web.pm patch | blob | history

diff --git a/FS/FS/UI/Web.pm b/FS/FS/UI/Web.pm
index 7926808..3fd61ef 100644 (file)
--- a/FS/FS/UI/Web.pm
+++ b/FS/FS/UI/Web.pm
@@ -472,23 +472,26 @@ sub cust_fields_subs {
   my $unlinked_warn = 0;
   return map { 
     my $f = $_;
   my $unlinked_warn = 0;
   return map { 
     my $f = $_;
-    if( $unlinked_warn++ ) {
+    if ( $unlinked_warn++ ) {
+
       sub {
         my $record = shift;
       sub {
         my $record = shift;
-        if( $record->custnum ) {
-          $record->$f(@_);
-        }
-        else {
+        if ( $record->custnum ) {
+          encode_entities( $record->$f(@_) );
+        } else {
           '(unlinked)'
         };
           '(unlinked)'
         };
-      }
-    } 
-    else {
+      };
+
+    } else {
+
       sub {
         my $record = shift;
       sub {
         my $record = shift;
-        $record->$f(@_) if $record->custnum;
-      }
+        $record->custnum ? encode_entities( $record->$f(@_) ) : '';
+      };
+
     }
     }
+
   } @cust_fields;
 }
 
   } @cust_fields;
 }
 
Freeside billing, trouble ticketing, network monitoring and provisioning