[freeside-commits] branch FREESIDE_2_3_BRANCH updated. 25560f9267a56a81a5e198187e9d40e077ee7655

Ivan ivan at 420.am
Sat Dec 8 11:07:07 PST 2012 

The branch, FREESIDE_2_3_BRANCH has been updated
       via  25560f9267a56a81a5e198187e9d40e077ee7655 (commit)
      from  2e14c8d3c631b171dcca9781b3c87e338af85e2d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 25560f9267a56a81a5e198187e9d40e077ee7655
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Sat Dec 8 11:07:06 2012 -0800

    fix part_pkg.comment xss

diff --git a/httemplate/browse/agent_type.cgi b/httemplate/browse/agent_type.cgi
index 1959302..7711dcc 100755
--- a/httemplate/browse/agent_type.cgi
+++ b/httemplate/browse/agent_type.cgi
@@ -44,9 +44,9 @@ my $agent_type = shift;
          [
            {
              #'data'  => $part_pkg->pkg. ' - '. $part_pkg->comment,
-             'data'  => $type_pkgs->pkg. ' - '.
+             'data'  => encode_entities($type_pkgs->pkg). ' - '.
                         ( $type_pkgs->custom ? '(CUSTOM) ' : '' ).
-                        $type_pkgs->comment,
+                        encode_entities($type_pkgs->comment),
              'align' => 'left',
              'link'  => $p. 'edit/part_pkg.cgi?'. $type_pkgs->pkgpart,
            },
diff --git a/httemplate/edit/agent_type.cgi b/httemplate/edit/agent_type.cgi
index 8a6fbc2..b75757f 100755
--- a/httemplate/edit/agent_type.cgi
+++ b/httemplate/edit/agent_type.cgi
@@ -20,7 +20,7 @@ Select which packages agents of this type may sell to customers<BR>
               'source_obj'    => $agent_type,
               'link_table'    => 'type_pkgs',
               'target_table'  => 'part_pkg',
-              'name_callback' => sub { $_[0]->pkg_comment(nopkgpart => 1); },
+              'name_callback' => sub { encode_entities( $_[0]->pkg_comment(nopkgpart => 1) ); },
               'target_link'   => $p.'edit/part_pkg.cgi?',
               'disable-able'  => 1,
 

-----------------------------------------------------------------------

Summary of changes:
 httemplate/browse/agent_type.cgi |    4 ++--
 httemplate/edit/agent_type.cgi   |    2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

More information about the freeside-commits mailing list