fix XSS

author Ivan Kohler <ivan@freeside.biz>

Thu, 25 Apr 2013 11:09:31 +0000 (04:09 -0700)

committer Ivan Kohler <ivan@freeside.biz>

Thu, 25 Apr 2013 11:09:31 +0000 (04:09 -0700)
author Ivan Kohler <ivan@freeside.biz>
Thu, 25 Apr 2013 11:09:31 +0000 (04:09 -0700)
committer Ivan Kohler <ivan@freeside.biz>
Thu, 25 Apr 2013 11:09:31 +0000 (04:09 -0700)
diff --git a/fs_selfservice/FS-SelfService/cgi/small_custview.html b/fs_selfservice/FS-SelfService/cgi/small_custview.html

index 8d6e073..470fe71 100644 (file)
--- a/fs_selfservice/FS-SelfService/cgi/small_custview.html
+++ b/fs_selfservice/FS-SelfService/cgi/small_custview.html
@@ -10,10 +10,10 @@ Customer #<B><%= $custnum %></B>
              ? '<I><FONT SIZE="-1">Billing Address</FONT></I><BR>'
              : ''
        %>
-      <%= $first %> <%= $last %><BR>
-      <%= $company ? $company.'<BR>' : '' %>
-      <%= $address1 %><BR>
-      <%= $address2 ? $address2.'<BR>' : '' %>
+      <%= encode_entities($first) %> <%= encode_entities($last) %><BR>
+      <%= $company ? encode_entities($company).'<BR>' : '' %>
+      <%= encode_entities($address1) %><BR>
+      <%= $address2 ? encode_entities($address2).'<BR>' : '' %>
        <%= $city %>, <%= $state %> <%= $zip %><BR>
        <%= $country && $country ne ($countrydefault||'US')
              ? $country.'<BR>'
author	Ivan Kohler <ivan@freeside.biz>
	Thu, 25 Apr 2013 11:09:31 +0000 (04:09 -0700)
committer	Ivan Kohler <ivan@freeside.biz>
	Thu, 25 Apr 2013 11:09:31 +0000 (04:09 -0700)