[freeside-commits] branch master updated. f06a0610477b0ba8e1931722c3105b880fbc35c3
Ivan
ivan at 420.am
Sun Nov 11 22:18:55 PST 2012
The branch, master has been updated
via f06a0610477b0ba8e1931722c3105b880fbc35c3 (commit)
from c9015995b5ae64e0eaaa89ff75eb43c88186642c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f06a0610477b0ba8e1931722c3105b880fbc35c3
Author: Ivan Kohler <ivan at freeside.biz>
Date: Sun Nov 11 22:18:50 2012 -0800
fix XSS
diff --git a/FS/FS/UI/Web/small_custview.pm b/FS/FS/UI/Web/small_custview.pm
index 43d7613..e4b5421 100644
--- a/FS/FS/UI/Web/small_custview.pm
+++ b/FS/FS/UI/Web/small_custview.pm
@@ -88,7 +88,7 @@ sub small_custview {
$html .= '<TD VALIGN="top">'. ntable("#cccccc",2).
'<TR><TD ALIGN="right" VALIGN="top">Service<BR>Address</TD><TD BGCOLOR="#ffffff">';
$html .= join('<BR>',
- grep $_,
+ map encode_entities($_), grep $_,
$cust_main->contact,
$cust_main->company,
$ship->address1,
diff --git a/httemplate/elements/location.html b/httemplate/elements/location.html
index de844e4..0f84453 100644
--- a/httemplate/elements/location.html
+++ b/httemplate/elements/location.html
@@ -214,7 +214,7 @@ Example:
<TD COLSPAN=8>
<INPUT TYPE="text" SIZE=15
NAME="enter_censustract"
- VALUE="<% $object->censustract %>">
+ VALUE="<% $object->censustract |h %>">
<% '(automatic)' %>
</TD>
</TR>
@@ -226,7 +226,7 @@ Example:
<TD COLSPAN=8>
<INPUT TYPE="text" SIZE=15
NAME="<%$pre%>district"
- VALUE="<% $object->district %>">
+ VALUE="<% $object->district |h %>">
<% '(automatic)' %>
</TD>
</TR>
-----------------------------------------------------------------------
Summary of changes:
FS/FS/UI/Web/small_custview.pm | 2 +-
httemplate/elements/location.html | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
More information about the freeside-commits
mailing list