[freeside-commits] branch FREESIDE_2_3_BRANCH updated. 3f33d55b1cbbe497c3e21c8e26356ea649119c3b

Sat Jan 19 11:34:10 PST 2013

The branch, FREESIDE_2_3_BRANCH has been updated
       via  3f33d55b1cbbe497c3e21c8e26356ea649119c3b (commit)
      from  f7fdc0f14a69a2b90f7544ff594f2d448cf65f07 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3f33d55b1cbbe497c3e21c8e26356ea649119c3b
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Sat Jan 19 11:34:08 2013 -0800

    fix XSS

diff --git a/fs_selfservice/FS-SelfService/cgi/signup.html b/fs_selfservice/FS-SelfService/cgi/signup.html
index 3c71e92..e6830c1 100755
--- a/fs_selfservice/FS-SelfService/cgi/signup.html
+++ b/fs_selfservice/FS-SelfService/cgi/signup.html
@@ -30,7 +30,7 @@
          ' Signup form</FONT><BR><BR>';
 %>
 
-<FONT SIZE="+1" COLOR="#ff0000"><%= $error %></FONT>
+<FONT SIZE="+1" COLOR="#ff0000"><%= encode_entities($error) %></FONT>
 
 <FORM NAME="OneTrueForm" ACTION="<%= $self_url %>" METHOD=POST onSubmit="document.OneTrueForm.signup.disabled=true">
 <INPUT TYPE="hidden" NAME="prepaid_shortform" VALUE="<%= $prepaid_shortform %>">

-----------------------------------------------------------------------

Summary of changes:
 fs_selfservice/FS-SelfService/cgi/signup.html |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


