[freeside-commits] branch FREESIDE_2_3_BRANCH updated. acbc4a9ff91b668197012772172af24b9cc42df6
Ivan
ivan at 420.am
Sun Nov 11 23:08:53 PST 2012
The branch, FREESIDE_2_3_BRANCH has been updated
via acbc4a9ff91b668197012772172af24b9cc42df6 (commit)
from 1b0e3600f2004f0977c9906b3f7db56f3ca80f5d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit acbc4a9ff91b668197012772172af24b9cc42df6
Author: Ivan Kohler <ivan at freeside.biz>
Date: Sun Nov 11 23:08:50 2012 -0800
fix XSS
diff --git a/httemplate/edit/cust_main/top_misc.html b/httemplate/edit/cust_main/top_misc.html
index 45152e1..558250c 100644
--- a/httemplate/edit/cust_main/top_misc.html
+++ b/httemplate/edit/cust_main/top_misc.html
@@ -76,7 +76,7 @@
<TR>
<TD ALIGN="right"><% mt('Referring customer') |h %></TD>
<TD>
- <A HREF="<% popurl(1) %>/cust_main.cgi?<% $cust_main->referral_custnum %>"><% $cust_main->referral_custnum %>: <% $referring_cust_main->name %></A>
+ <A HREF="<% popurl(1) %>/cust_main.cgi?<% $cust_main->referral_custnum %>"><% $cust_main->referral_custnum %>: <% $referring_cust_main->name |h %></A>
</TD>
</TR>
<INPUT TYPE="hidden" NAME="referral_custnum" VALUE="<% $cust_main->referral_custnum %>">
diff --git a/httemplate/elements/dashboard-toplist.html b/httemplate/elements/dashboard-toplist.html
index 72f596f..bf9a2cd 100644
--- a/httemplate/elements/dashboard-toplist.html
+++ b/httemplate/elements/dashboard-toplist.html
@@ -21,7 +21,7 @@
<TR>
<TD CLASS="grid" BGCOLOR="<% $bgcolor %>">
- <A HREF="view/cust_main.cgi?<% $custnum %>"><% $cust_main->name %></A>
+ <A HREF="view/cust_main.cgi?<% $custnum %>"><% $cust_main->name |h %></A>
</TD>
<TD CLASS="grid" BGCOLOR="<% $bgcolor %>">
<& /elements/mcp_lint.html, 'cust_main'=>$cust_main &>
diff --git a/httemplate/elements/small_prospect_view.html b/httemplate/elements/small_prospect_view.html
index 4942e8d..26e830b 100644
--- a/httemplate/elements/small_prospect_view.html
+++ b/httemplate/elements/small_prospect_view.html
@@ -1,5 +1,5 @@
% my $link = "${p}view/prospect_main.html?". $prospect_main->prospectnum;
-Prospect: <A HREF="<%$link%>"><% $prospect_main->name %></A>
+Prospect: <A HREF="<%$link%>"><% $prospect_main->name |h %></A>
<%init>
my($prospect_main, %opt) = @_;
diff --git a/httemplate/misc/cust_main_note-import.cgi b/httemplate/misc/cust_main_note-import.cgi
index 72ac556..1862895 100644
--- a/httemplate/misc/cust_main_note-import.cgi
+++ b/httemplate/misc/cust_main_note-import.cgi
@@ -164,7 +164,7 @@
<OPTION VALUE="">---</OPTION>
% my $i=0;
% foreach (@cust_main) {
- <OPTION <% $i ? '' : 'SELECTED' %> VALUE="<% $_->custnum %>"><% $_->name %></OPTION>
+ <OPTION <% $i ? '' : 'SELECTED' %> VALUE="<% $_->custnum %>"><% $_->name |h %></OPTION>
% $i++;
% }
</SELECT>
@@ -172,15 +172,15 @@
var customer_select<% $row %> = document.getElementById("cust_select<% $row %>");
customer_select<% $row %>.onchange = select_customer;
</SCRIPT>
- <INPUT TYPE="hidden" NAME="name<% $row %>" ID="name<% $row %>" VALUE="<% $i ? $cust_main[0]->name : '' %>">
+ <INPUT TYPE="hidden" NAME="name<% $row %>" ID="name<% $row %>" VALUE="<% $i ? $cust_main[0]->name : '' |h %>">
</TD>
<TD>
- <% $first %>
- <INPUT TYPE="hidden" NAME="first<% $row %>" VALUE="<% $first %>">
+ <% $first |h %>
+ <INPUT TYPE="hidden" NAME="first<% $row %>" VALUE="<% $first |h %>">
</TD>
<TD>
- <% $last %>
- <INPUT TYPE="hidden" NAME="last<% $row %>" VALUE="<% $last %>">
+ <% $last |h %>
+ <INPUT TYPE="hidden" NAME="last<% $row %>" VALUE="<% $last |h %>">
</TD>
<TD>
<% $note %>
diff --git a/httemplate/misc/did_order_provision.html b/httemplate/misc/did_order_provision.html
index 1df9444..8739c16 100644
--- a/httemplate/misc/did_order_provision.html
+++ b/httemplate/misc/did_order_provision.html
@@ -21,7 +21,7 @@
% my $avail = keys(%$cust_pkg_phone);
% $anyavail = 1 if $avail;
<TR>
- <TD><% $cust_main->name %></TD>
+ <TD><% $cust_main->name |h %></TD>
<TD>
% if ( !$avail ) {
No suitable packages exist for this customer.
diff --git a/httemplate/misc/xmlhttp-cust_main-duplicates.html b/httemplate/misc/xmlhttp-cust_main-duplicates.html
index 6654b3e..7ee00af 100644
--- a/httemplate/misc/xmlhttp-cust_main-duplicates.html
+++ b/httemplate/misc/xmlhttp-cust_main-duplicates.html
@@ -8,9 +8,9 @@ Choose an existing customer
<TR>
<TD ALIGN="right" VALIGN="top"><B><% $custnum %>: </B></TD>
<TD ALIGN="left">
- <% $_->name %>—<B><FONT COLOR="#<%$_->statuscolor%>"><%$_->ucfirst_cust_status%></FONT></B><BR>
-<% $_->address1 %><BR>
-<% $_->city %>, <% $_->state %> <% $_->zip %>
+ <% $_->name |h %>—<B><FONT COLOR="#<%$_->statuscolor%>"><%$_->ucfirst_cust_status%></FONT></B><BR>
+<% $_->address1 |h %><BR>
+<% $_->city |h %>, <% $_->state %> <% $_->zip %>
</TD>
<TD ALIGN="center">
<INPUT TYPE="radio" NAME="dup_custnum" VALUE="<%$custnum%>">
-----------------------------------------------------------------------
Summary of changes:
httemplate/edit/cust_main/top_misc.html | 2 +-
httemplate/elements/dashboard-toplist.html | 2 +-
httemplate/elements/small_prospect_view.html | 2 +-
httemplate/misc/cust_main_note-import.cgi | 12 ++++++------
httemplate/misc/did_order_provision.html | 2 +-
httemplate/misc/xmlhttp-cust_main-duplicates.html | 6 +++---
6 files changed, 13 insertions(+), 13 deletions(-)
More information about the freeside-commits
mailing list