freeside/rt/html/Elements/CollectionAsTable Row,1.1.1.1,1.2

[ivan]

Update of /home/cvs/cvsroot/freeside/rt/html/Elements/CollectionAsTable
In directory pouncequick:/tmp/cvs-serv12681

Modified Files:
	Row 
Log Message:
backport from 3.3-TESTING to fix XSS on ticket lists

Index: Row
===================================================================
RCS file: /home/cvs/cvsroot/freeside/rt/html/Elements/CollectionAsTable/Row,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -d -r1.1.1.1 -r1.2
--- Row	3 Dec 2004 20:38:10 -0000	1.1.1.1
+++ Row	20 Dec 2004 11:29:16 -0000	1.2
@@ -54,9 +54,16 @@
             my $value = $m->comp('/Elements/RT__Ticket/ColumnMap', Name => $col, Attr => 'value');
 
             if ( $value && ref($value)) {
-                $m->out( &{ $value } ( $record, $i ) );
+            	# All HTML snippets are returned by the callback function
+		# as scalar references.  Data fetched from the objects are
+		# plain scalars, and needs to be escaped properly.
+		$m->out( 
+		    map { ref($_) ? $$_ : $m->interp->apply_escapes( $_ => 'h' ) }
+		    &{ $value } ( $record, $i )
+	        );
             } else {
-                $m->out($value );
+		# Simple value; just escape it.
+                $m->out( $m->interp->apply_escapes( $value => 'h' ) );
             }
         }
         else {