projects
/
freeside.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
701f845
)
RT# 74666 - fixed vulnerability by escaping quotation_description var
author
Christopher Burger
<burgerc@freeside.biz>
Fri, 30 Jun 2017 17:24:29 +0000
(13:24 -0400)
committer
Christopher Burger
<burgerc@freeside.biz>
Fri, 30 Jun 2017 20:58:24 +0000
(16:58 -0400)
httemplate/view/quotation.html
patch
|
blob
|
history
diff --git
a/httemplate/view/quotation.html
b/httemplate/view/quotation.html
index
aba1f0a
..
d4d79d7
100755
(executable)
--- a/
httemplate/view/quotation.html
+++ b/
httemplate/view/quotation.html
@@
-2,7
+2,7
@@
<& /elements/header-cust_main.html, view=>'quotations', custnum=>$quotation->custnum &>
<h2>Quotation #<% $quotationnum %>
% if ($quotation->quotation_description) {
-(<% $quotation->quotation_description %>)
+(<% $quotation->quotation_description
|h
%>)
% }
</h2>
% } else { #eventually, header-prospect_main.html