[freeside-commits] freeside/FS/FS part_virtual_field.pm, 1.4,
1.4.4.1
Kristian Hoffmann,420,,
khoff at wavetail.420.am
Thu Mar 15 13:09:09 PDT 2007
Update of /home/cvs/cvsroot/freeside/FS/FS
In directory wavetail:/tmp/cvs-serv9925/FS/FS
Modified Files:
Tag: FREESIDE_1_7_BRANCH
part_virtual_field.pm
Log Message:
Escape the values in virtual field html form inputs.
Index: part_virtual_field.pm
===================================================================
RCS file: /home/cvs/cvsroot/freeside/FS/FS/part_virtual_field.pm,v
retrieving revision 1.4
retrieving revision 1.4.4.1
diff -u -d -r1.4 -r1.4.4.1
--- part_virtual_field.pm 7 Sep 2005 10:40:58 -0000 1.4
+++ part_virtual_field.pm 15 Mar 2007 20:09:07 -0000 1.4.4.1
@@ -4,6 +4,7 @@
use vars qw( @ISA );
use FS::Record qw( qsearchs qsearch );
use FS::Schema qw( dbdef );
+use CGI qw(escapeHTML);
@ISA = qw( FS::Record );
@@ -244,7 +245,7 @@
}
} else {
$text .= q!<INPUT NAME="! . $self->name .
- q!" VALUE="! . $value . q!"!;
+ q!" VALUE="! . escapeHTML($value) . q!"!;
if ($self->length) {
$text .= q! SIZE="! . $self->length . q!"!;
}
More information about the freeside-commits
mailing list