[freeside-commits] branch master updated. 786beb09ecbf02c572ca01c61353e163f0637dbd

Ivan ivan at 420.am
Sat Dec 8 11:07:05 PST 2012 

The branch, master has been updated
       via  786beb09ecbf02c572ca01c61353e163f0637dbd (commit)
      from  fd4322f01b8c53b3f1f9e54ca15184930b0443de (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 786beb09ecbf02c572ca01c61353e163f0637dbd
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Sat Dec 8 11:07:04 2012 -0800

    fix part_pkg.comment xss

diff --git a/httemplate/browse/agent_type.cgi b/httemplate/browse/agent_type.cgi
index 1959302..7711dcc 100755
--- a/httemplate/browse/agent_type.cgi
+++ b/httemplate/browse/agent_type.cgi
@@ -44,9 +44,9 @@ my $agent_type = shift;
          [
            {
              #'data'  => $part_pkg->pkg. ' - '. $part_pkg->comment,
-             'data'  => $type_pkgs->pkg. ' - '.
+             'data'  => encode_entities($type_pkgs->pkg). ' - '.
                         ( $type_pkgs->custom ? '(CUSTOM) ' : '' ).
-                        $type_pkgs->comment,
+                        encode_entities($type_pkgs->comment),
              'align' => 'left',
              'link'  => $p. 'edit/part_pkg.cgi?'. $type_pkgs->pkgpart,
            },
diff --git a/httemplate/edit/agent_type.cgi b/httemplate/edit/agent_type.cgi
index 8a6fbc2..b75757f 100755
--- a/httemplate/edit/agent_type.cgi
+++ b/httemplate/edit/agent_type.cgi
@@ -20,7 +20,7 @@ Select which packages agents of this type may sell to customers<BR>
               'source_obj'    => $agent_type,
               'link_table'    => 'type_pkgs',
               'target_table'  => 'part_pkg',
-              'name_callback' => sub { $_[0]->pkg_comment(nopkgpart => 1); },
+              'name_callback' => sub { encode_entities( $_[0]->pkg_comment(nopkgpart => 1) ); },
               'target_link'   => $p.'edit/part_pkg.cgi?',
               'disable-able'  => 1,
 

-----------------------------------------------------------------------

Summary of changes:
 httemplate/browse/agent_type.cgi |    4 ++--
 httemplate/edit/agent_type.cgi   |    2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

More information about the freeside-commits mailing list