RT# 79353 Fix XSS

diff --git a/httemplate/search/cust_bill_pkg_discount.html b/httemplate/search/cust_bill_pkg_discount.html
index eb39dea..04cc828 100644 (file)
--- a/httemplate/search/cust_bill_pkg_discount.html
+++ b/httemplate/search/cust_bill_pkg_discount.html
@@ -39,8 +39,8 @@ Parameters:
             # Standard discount, not a waived setup fee
             my $discount = qsearchs('discount',{
                 discountnum => $_[0]->discountnum
-            });
-            return $discount->description;
+            }) || return 'Bad discountnum '.$_[0]->pkgdiscountnum;
+            return encode_entities $discount->description;
         } else {
             return 'Waive setup fee';
         }
@@ -53,7 +53,7 @@ Parameters:
             my $discount = qsearchs('discount',{
                 discountnum => $_[0]->discountnum
             });
-            return $discount->classname;
+            return encode_entities $discount->classname;
         } else {
             return 'n/a';
         }