[freeside-commits] branch FREESIDE_3_BRANCH updated. 44386c301ada00b11a5e438f826662f88d2366e6

[Ivan]

The branch, FREESIDE_3_BRANCH has been updated
       via  44386c301ada00b11a5e438f826662f88d2366e6 (commit)
      from  994fb235ccacdda0db4d37320c9842d0cba149d4 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 44386c301ada00b11a5e438f826662f88d2366e6
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Tue Jun 18 15:26:13 2013 -0700

    fix XSS

diff --git a/httemplate/view/elements/svc_Common.html b/httemplate/view/elements/svc_Common.html
index 3c1cc66..0248434 100644
--- a/httemplate/view/elements/svc_Common.html
+++ b/httemplate/view/elements/svc_Common.html
@@ -70,12 +70,14 @@ function areyousure(href) {
 %       my $hack_strict_refs = \&{ $f->{'value_callback'} };
 %       $value = &$hack_strict_refs($svc_x);
 %     } else {
-%       $value = exists($f->{'value'}) ? $f->{'value'} : $svc_x->$field;
+%       $value = exists($f->{'value'})
+%                  ? $f->{'value'}
+%                  : encode_entities($svc_x->$field);
 %     }
 %   } else {
 %     $field = $f;
 %     $type = 'text';
-%     $value = $svc_x->$field;
+%     $value = encode_entities($svc_x->$field);
 %   }
 %
 %   my $columndef = $part_svc->part_svc_column($field);

-----------------------------------------------------------------------

Summary of changes:
 httemplate/view/elements/svc_Common.html |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)