Merge branch 'xss_fixes' of https://github.com/mcreenan/Freeside

author Ivan Kohler <ivan@freeside.biz>

Thu, 25 Apr 2013 11:12:22 +0000 (04:12 -0700)

committer Ivan Kohler <ivan@freeside.biz>

Thu, 25 Apr 2013 11:12:22 +0000 (04:12 -0700)
author Ivan Kohler <ivan@freeside.biz>
Thu, 25 Apr 2013 11:12:22 +0000 (04:12 -0700)
committer Ivan Kohler <ivan@freeside.biz>
Thu, 25 Apr 2013 11:12:22 +0000 (04:12 -0700)
diff --git a/fs_selfservice/FS-SelfService/cgi/signup.html b/fs_selfservice/FS-SelfService/cgi/signup.html

index 6427e6f..4ac6777 100755 (executable)
--- a/fs_selfservice/FS-SelfService/cgi/signup.html
+++ b/fs_selfservice/FS-SelfService/cgi/signup.html
@@ -33,7 +33,7 @@
  <FONT SIZE="+1" COLOR="#ff0000"><%= encode_entities($error) %></FONT>
  
  <FORM NAME="OneTrueForm" ACTION="<%= $self_url %>" METHOD=POST onSubmit="document.OneTrueForm.signup.disabled=true">
-<INPUT TYPE="hidden" NAME="prepaid_shortform" VALUE="<%= $prepaid_shortform %>">
+<INPUT TYPE="hidden" NAME="prepaid_shortform" VALUE="<%= encode_entities($prepaid_shortform) %>">
  <INPUT TYPE="hidden" NAME="session" VALUE="<%= $session_id %>">
  <INPUT TYPE="hidden" NAME="action" VALUE="process_signup">
  <INPUT TYPE="hidden" NAME="agentnum" VALUE="<%= $agentnum %>">
author	Ivan Kohler <ivan@freeside.biz>
	Thu, 25 Apr 2013 11:12:22 +0000 (04:12 -0700)
committer	Ivan Kohler <ivan@freeside.biz>
	Thu, 25 Apr 2013 11:12:22 +0000 (04:12 -0700)