[freeside-commits] branch FREESIDE_2_3_BRANCH updated. 0ad00ab8a1ae4065a5817638b1ca89d5db6b3831

Ivan ivan at 420.am
Sun Nov 11 21:56:51 PST 2012 

The branch, FREESIDE_2_3_BRANCH has been updated
       via  0ad00ab8a1ae4065a5817638b1ca89d5db6b3831 (commit)
      from  4f188b96f282c21f027c936f18f5d6fb974cb497 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0ad00ab8a1ae4065a5817638b1ca89d5db6b3831
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Sun Nov 11 21:56:49 2012 -0800

    fix XSS

diff --git a/FS/FS/UI/Web/small_custview.pm b/FS/FS/UI/Web/small_custview.pm
index 53a3b5e..c3d251c 100644
--- a/FS/FS/UI/Web/small_custview.pm
+++ b/FS/FS/UI/Web/small_custview.pm
@@ -58,12 +58,13 @@ sub small_custview {
   $html .=
     ntable('#e8e8e8'). '<TR><TD VALIGN="top">'. ntable("#cccccc",2).
     '<TR><TD ALIGN="right" VALIGN="top">Billing<BR>Address</TD><TD BGCOLOR="#ffffff">'.
-    $cust_main->getfield('last'). ', '. $cust_main->first. '<BR>';
+    encode_entities($cust_main->getfield('last')). ', '.
+    encode_entities($cust_main->first). '<BR>';
 
-  $html .= $cust_main->company. '<BR>' if $cust_main->company;
-  $html .= $cust_main->address1. '<BR>';
-  $html .= $cust_main->address2. '<BR>' if $cust_main->address2;
-  $html .= $cust_main->city. ', '. $cust_main->state. '  '. $cust_main->zip. '<BR>';
+  $html .= encode_entities($cust_main->company). '<BR>' if $cust_main->company;
+  $html .= encode_entities($cust_main->address1). '<BR>';
+  $html .= encode_entities($cust_main->address2). '<BR>' if $cust_main->address2;
+  $html .= encode_entities($cust_main->city). ', '. $cust_main->state. '  '. $cust_main->zip. '<BR>';
   $html .= $cust_main->country. '<BR>'
     if $cust_main->country && $cust_main->country ne $countrydefault;
 

-----------------------------------------------------------------------

Summary of changes:
 FS/FS/UI/Web/small_custview.pm |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

More information about the freeside-commits mailing list