[freeside-commits] branch FREESIDE_2_3_BRANCH updated. 0040c5d4586541fc06b53774bfeac61cd1958a9f
Ivan
ivan at 420.am
Thu Apr 11 18:10:14 PDT 2013
The branch, FREESIDE_2_3_BRANCH has been updated
via 0040c5d4586541fc06b53774bfeac61cd1958a9f (commit)
from f4a34aeb6730e6a07ce1ca3562a1f2c704bb92bf (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0040c5d4586541fc06b53774bfeac61cd1958a9f
Author: Ivan Kohler <ivan at freeside.biz>
Date: Thu Apr 11 18:10:13 2013 -0700
fix XSS
diff --git a/FS/FS/UI/Web.pm b/FS/FS/UI/Web.pm
index 22b4456..59e59d4 100644
--- a/FS/FS/UI/Web.pm
+++ b/FS/FS/UI/Web.pm
@@ -404,23 +404,26 @@ sub cust_fields_subs {
my $unlinked_warn = 0;
return map {
my $f = $_;
- if( $unlinked_warn++ ) {
+ if ( $unlinked_warn++ ) {
+
sub {
my $record = shift;
- if( $record->custnum ) {
- $record->$f(@_);
- }
- else {
+ if ( $record->custnum ) {
+ encode_entities( $record->$f(@_) );
+ } else {
'(unlinked)'
};
- }
- }
- else {
+ };
+
+ } else {
+
sub {
my $record = shift;
- $record->$f(@_) if $record->custnum;
- }
+ $record->custnum ? encode_entities( $record->$f(@_) ) : '';
+ };
+
}
+
} @cust_fields;
}
-----------------------------------------------------------------------
Summary of changes:
FS/FS/UI/Web.pm | 23 +++++++++++++----------
1 files changed, 13 insertions(+), 10 deletions(-)
More information about the freeside-commits
mailing list