From: Ivan Kohler <ivan@freeside.biz>
Date: Sun, 17 Feb 2013 23:23:56 +0000 (-0800)
Subject: fix low-impact XSS
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=0da59a28d129728c18481ca80e8841585b69dd0c

fix low-impact XSS
---

diff --git a/httemplate/edit/REAL_cust_pkg.cgi b/httemplate/edit/REAL_cust_pkg.cgi
index 4bcf55c44..99e911ae5 100755
--- a/httemplate/edit/REAL_cust_pkg.cgi
+++ b/httemplate/edit/REAL_cust_pkg.cgi
@@ -70,7 +70,7 @@ function confirm_changes() {
 
   <TR>
     <TD ALIGN="right">Comment</TD>
-    <TD BGCOLOR="#ffffff"><% $part_pkg->comment %></TD>
+    <TD BGCOLOR="#ffffff"><% $part_pkg->comment |h %></TD>
   </TR>
 
   <TR>
diff --git a/httemplate/edit/cust_pkg_detail.html b/httemplate/edit/cust_pkg_detail.html
index 009ed5c6e..5e107066d 100644
--- a/httemplate/edit/cust_pkg_detail.html
+++ b/httemplate/edit/cust_pkg_detail.html
@@ -28,7 +28,7 @@
 
   <TR>
     <TD ALIGN="right">Comment</TD>
-    <TD BGCOLOR="#ffffff"><% $part_pkg->comment %></TD>
+    <TD BGCOLOR="#ffffff"><% $part_pkg->comment |h %></TD>
   </TR>
 
   <TR>