RT# 74031 Fix XSS

author Mitch Jackson <mitch@freeside.biz>

Tue, 23 Oct 2018 22:49:05 +0000 (18:49 -0400)

committer Mitch Jackson <mitch@freeside.biz>

Wed, 24 Oct 2018 00:54:24 +0000 (20:54 -0400)
author Mitch Jackson <mitch@freeside.biz>
Tue, 23 Oct 2018 22:49:05 +0000 (18:49 -0400)
committer Mitch Jackson <mitch@freeside.biz>
Wed, 24 Oct 2018 00:54:24 +0000 (20:54 -0400)
diff --git a/httemplate/browse/realestate_unit.html b/httemplate/browse/realestate_unit.html

index 399cd25..a2fff7b 100644 (file)
--- a/httemplate/browse/realestate_unit.html
+++ b/httemplate/browse/realestate_unit.html
@@ -41,8 +41,8 @@
      'unit_title',
      sub {
        return '' unless $_[0]->custnum;
-      return $_[0]->company if $_[0]->company;
-      return $_[0]->first.' '.$_[0]->last;
+      return encode_entities( $_[0]->company ) if $_[0]->company;
+      return encode_entities( $_[0]->first.' '.$_[0]->last );
      },
    ],
    links => [
author	Mitch Jackson <mitch@freeside.biz>
	Tue, 23 Oct 2018 22:49:05 +0000 (18:49 -0400)
committer	Mitch Jackson <mitch@freeside.biz>
	Wed, 24 Oct 2018 00:54:24 +0000 (20:54 -0400)