[freeside-commits] branch master updated. 20e279396ac0a7a99a3dc9c831e44f435035d17f

[Ivan]

The branch, master has been updated
       via  20e279396ac0a7a99a3dc9c831e44f435035d17f (commit)
       via  94929dd9a9f81ea430f4e8f3a26642466bdd4642 (commit)
      from  e5002a24fee7e476cbb3d8d916c8d87ddfc12093 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 20e279396ac0a7a99a3dc9c831e44f435035d17f
Merge: 94929dd e5002a2
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Tue Jun 18 15:26:02 2013 -0700

    Merge branch 'master' of git.freeside.biz:/home/git/freeside


commit 94929dd9a9f81ea430f4e8f3a26642466bdd4642
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Tue Jun 18 15:25:48 2013 -0700

    fix XSS

diff --git a/httemplate/view/elements/svc_Common.html b/httemplate/view/elements/svc_Common.html
index 3c1cc66..0248434 100644
--- a/httemplate/view/elements/svc_Common.html
+++ b/httemplate/view/elements/svc_Common.html
@@ -70,12 +70,14 @@ function areyousure(href) {
 %       my $hack_strict_refs = \&{ $f->{'value_callback'} };
 %       $value = &$hack_strict_refs($svc_x);
 %     } else {
-%       $value = exists($f->{'value'}) ? $f->{'value'} : $svc_x->$field;
+%       $value = exists($f->{'value'})
+%                  ? $f->{'value'}
+%                  : encode_entities($svc_x->$field);
 %     }
 %   } else {
 %     $field = $f;
 %     $type = 'text';
-%     $value = $svc_x->$field;
+%     $value = encode_entities($svc_x->$field);
 %   }
 %
 %   my $columndef = $part_svc->part_svc_column($field);

-----------------------------------------------------------------------

Summary of changes:
 httemplate/view/elements/svc_Common.html |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)