From: Mitch Jackson <mitch@freeside.biz>
Date: Sat, 27 Oct 2018 16:05:19 +0000 (-0400)
Subject: RT# 79353 Fix XSS
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=dd769e3736c49fa4cedf16f13db3a58cc7573cbb

RT# 79353 Fix XSS
---

diff --git a/httemplate/search/cust_bill_pkg_discount.html b/httemplate/search/cust_bill_pkg_discount.html
index 691a11e60..9ddc97da2 100644
--- a/httemplate/search/cust_bill_pkg_discount.html
+++ b/httemplate/search/cust_bill_pkg_discount.html
@@ -39,8 +39,8 @@ Parameters:
             # Standard discount, not a waived setup fee
             my $discount = qsearchs('discount',{
                 discountnum => $_[0]->discountnum
-            });
-            return $discount->description;
+            }) || return 'Bad discountnum '.$_[0]->pkgdiscountnum;
+            return encode_entities $discount->description;
         } else {
             return 'Waive setup fee';
         }
@@ -53,7 +53,7 @@ Parameters:
             my $discount = qsearchs('discount',{
                 discountnum => $_[0]->discountnum
             });
-            return $discount->classname;
+            return encode_entities $discount->classname;
         } else {
             return 'n/a';
         }