[freeside-commits] branch master updated. 602d22bbe08490648362a571672d89e7f944f6bd
Ivan
ivan at 420.am
Thu Apr 11 18:10:12 PDT 2013
The branch, master has been updated
via 602d22bbe08490648362a571672d89e7f944f6bd (commit)
from 194d0e29f4587669032da09c3bf814c3531898a2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 602d22bbe08490648362a571672d89e7f944f6bd
Author: Ivan Kohler <ivan at freeside.biz>
Date: Thu Apr 11 18:10:11 2013 -0700
fix XSS
diff --git a/FS/FS/UI/Web.pm b/FS/FS/UI/Web.pm
index 7926808..3fd61ef 100644
--- a/FS/FS/UI/Web.pm
+++ b/FS/FS/UI/Web.pm
@@ -472,23 +472,26 @@ sub cust_fields_subs {
my $unlinked_warn = 0;
return map {
my $f = $_;
- if( $unlinked_warn++ ) {
+ if ( $unlinked_warn++ ) {
+
sub {
my $record = shift;
- if( $record->custnum ) {
- $record->$f(@_);
- }
- else {
+ if ( $record->custnum ) {
+ encode_entities( $record->$f(@_) );
+ } else {
'(unlinked)'
};
- }
- }
- else {
+ };
+
+ } else {
+
sub {
my $record = shift;
- $record->$f(@_) if $record->custnum;
- }
+ $record->custnum ? encode_entities( $record->$f(@_) ) : '';
+ };
+
}
+
} @cust_fields;
}
-----------------------------------------------------------------------
Summary of changes:
FS/FS/UI/Web.pm | 23 +++++++++++++----------
1 files changed, 13 insertions(+), 10 deletions(-)
More information about the freeside-commits
mailing list