projects
/
freeside.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
9e87894
)
xss
author
Ivan Kohler
<ivan@freeside.biz>
Tue, 7 Mar 2017 04:15:28 +0000
(20:15 -0800)
committer
Ivan Kohler
<ivan@freeside.biz>
Tue, 7 Mar 2017 04:15:28 +0000
(20:15 -0800)
httemplate/misc/email-customers.html
patch
|
blob
|
history
diff --git
a/httemplate/misc/email-customers.html
b/httemplate/misc/email-customers.html
index
b228b72
..
981d0e6
100644
(file)
--- a/
httemplate/misc/email-customers.html
+++ b/
httemplate/misc/email-customers.html
@@
-67,8
+67,8
@@
from/subject/body cgi params
<INPUT TYPE="hidden" NAME="msgnum" VALUE="<% $msg_template->msgnum %>">
% # kludge these through hidden inputs because they're not really part
% # of the template, but should be sticky during draft editing
<INPUT TYPE="hidden" NAME="msgnum" VALUE="<% $msg_template->msgnum %>">
% # kludge these through hidden inputs because they're not really part
% # of the template, but should be sticky during draft editing
- <INPUT TYPE="hidden" NAME="from_name" VALUE="<%
$cgi->param('from_name')
%>">
- <INPUT TYPE="hidden" NAME="from_addr" VALUE="<%
$cgi->param('from_addr')
%>">
+ <INPUT TYPE="hidden" NAME="from_name" VALUE="<%
scalar($cgi->param('from_name')) |h
%>">
+ <INPUT TYPE="hidden" NAME="from_addr" VALUE="<%
scalar($cgi->param('from_addr')) |h
%>">
% if ( !$msg_template->disabled ) {
<& /elements/tr-td-label.html, 'label' => 'Template:' &>
% if ( !$msg_template->disabled ) {
<& /elements/tr-td-label.html, 'label' => 'Template:' &>