[freeside-commits] branch master updated. c9015995b5ae64e0eaaa89ff75eb43c88186642c

Ivan ivan at 420.am
Sun Nov 11 21:56:49 PST 2012 

The branch, master has been updated
       via  c9015995b5ae64e0eaaa89ff75eb43c88186642c (commit)
      from  fead47c024e1a6c4bc49b5387a4c690dc1a4bf3d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c9015995b5ae64e0eaaa89ff75eb43c88186642c
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Sun Nov 11 21:56:48 2012 -0800

    fix XSS

diff --git a/FS/FS/UI/Web/small_custview.pm b/FS/FS/UI/Web/small_custview.pm
index 2c42a6b..43d7613 100644
--- a/FS/FS/UI/Web/small_custview.pm
+++ b/FS/FS/UI/Web/small_custview.pm
@@ -58,12 +58,13 @@ sub small_custview {
   $html .=
     ntable('#e8e8e8'). '<TR><TD VALIGN="top">'. ntable("#cccccc",2).
     '<TR><TD ALIGN="right" VALIGN="top">Billing<BR>Address</TD><TD BGCOLOR="#ffffff">'.
-    $cust_main->getfield('last'). ', '. $cust_main->first. '<BR>';
+    encode_entities($cust_main->getfield('last')). ', '.
+    encode_entities($cust_main->first). '<BR>';
 
-  $html .= $cust_main->company. '<BR>' if $cust_main->company;
-  $html .= $cust_main->address1. '<BR>';
-  $html .= $cust_main->address2. '<BR>' if $cust_main->address2;
-  $html .= $cust_main->city. ', '. $cust_main->state. '  '. $cust_main->zip. '<BR>';
+  $html .= encode_entities($cust_main->company). '<BR>' if $cust_main->company;
+  $html .= encode_entities($cust_main->address1). '<BR>';
+  $html .= encode_entities($cust_main->address2). '<BR>' if $cust_main->address2;
+  $html .= encode_entities($cust_main->city). ', '. $cust_main->state. '  '. $cust_main->zip. '<BR>';
   $html .= $cust_main->country. '<BR>'
     if $cust_main->country && $cust_main->country ne $countrydefault;
 

-----------------------------------------------------------------------

Summary of changes:
 FS/FS/UI/Web/small_custview.pm |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

More information about the freeside-commits mailing list