From d295c1176370d42a4754c26debfed390e0829f15 Mon Sep 17 00:00:00 2001
From: Ivan Kohler <ivan@freeside.biz>
Date: Thu, 25 Apr 2013 04:09:31 -0700
Subject: [PATCH] fix XSS

---
 fs_selfservice/FS-SelfService/cgi/small_custview.html | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/fs_selfservice/FS-SelfService/cgi/small_custview.html b/fs_selfservice/FS-SelfService/cgi/small_custview.html
index 8d6e07368..470fe7151 100644
--- a/fs_selfservice/FS-SelfService/cgi/small_custview.html
+++ b/fs_selfservice/FS-SelfService/cgi/small_custview.html
@@ -10,10 +10,10 @@ Customer #<B><%= $custnum %></B>
             ? '<I><FONT SIZE="-1">Billing Address</FONT></I><BR>'
             : ''
       %>
-      <%= $first %> <%= $last %><BR>
-      <%= $company ? $company.'<BR>' : '' %>
-      <%= $address1 %><BR>
-      <%= $address2 ? $address2.'<BR>' : '' %>
+      <%= encode_entities($first) %> <%= encode_entities($last) %><BR>
+      <%= $company ? encode_entities($company).'<BR>' : '' %>
+      <%= encode_entities($address1) %><BR>
+      <%= $address2 ? encode_entities($address2).'<BR>' : '' %>
       <%= $city %>, <%= $state %> <%= $zip %><BR>
       <%= $country && $country ne ($countrydefault||'US')
             ? $country.'<BR>'
-- 
2.11.0