XSS fix

author gjones2 <gary@pointblanksecurity.com>

Thu, 17 Jan 2013 17:25:04 +0000 (12:25 -0500)

committer gjones2 <gary@pointblanksecurity.com>

Thu, 17 Jan 2013 17:25:04 +0000 (12:25 -0500)
author gjones2 <gary@pointblanksecurity.com>
Thu, 17 Jan 2013 17:25:04 +0000 (12:25 -0500)
committer gjones2 <gary@pointblanksecurity.com>
Thu, 17 Jan 2013 17:25:04 +0000 (12:25 -0500)
diff --git a/fs_selfservice/FS-SelfService/cgi/signup.html b/fs_selfservice/FS-SelfService/cgi/signup.html

index 3c71e92..e6830c1 100755 (executable)
--- a/fs_selfservice/FS-SelfService/cgi/signup.html
+++ b/fs_selfservice/FS-SelfService/cgi/signup.html
@@ -30,7 +30,7 @@
           ' Signup form</FONT><BR><BR>';
  %>
  
-<FONT SIZE="+1" COLOR="#ff0000"><%= $error %></FONT>
+<FONT SIZE="+1" COLOR="#ff0000"><%= encode_entities($error) %></FONT>
  
  <FORM NAME="OneTrueForm" ACTION="<%= $self_url %>" METHOD=POST onSubmit="document.OneTrueForm.signup.disabled=true">
  <INPUT TYPE="hidden" NAME="prepaid_shortform" VALUE="<%= $prepaid_shortform %>">
author	gjones2 <gary@pointblanksecurity.com>
	Thu, 17 Jan 2013 17:25:04 +0000 (12:25 -0500)
committer	gjones2 <gary@pointblanksecurity.com>
	Thu, 17 Jan 2013 17:25:04 +0000 (12:25 -0500)