[freeside-commits] branch FREESIDE_2_3_BRANCH updated. 28de2695cb889d0dc3d1b3425582f069643edcd9

[Ivan]

The branch, FREESIDE_2_3_BRANCH has been updated
       via  28de2695cb889d0dc3d1b3425582f069643edcd9 (commit)
      from  4658140057dc70393cf057af334b0eb810bd0e1a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 28de2695cb889d0dc3d1b3425582f069643edcd9
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Tue Jun 18 15:26:26 2013 -0700

    fix XSS

diff --git a/httemplate/view/elements/svc_Common.html b/httemplate/view/elements/svc_Common.html
index de01c3d..2d1201b 100644
--- a/httemplate/view/elements/svc_Common.html
+++ b/httemplate/view/elements/svc_Common.html
@@ -63,11 +63,13 @@ function areyousure(href) {
 %   if ( ref($f) ) {
 %     $field = $f->{'field'};
 %     $hack_strict_refs = \&{ $f->{'value'} } if $f->{'value'};
-%     $value = $f->{'value'} ? &$hack_strict_refs($svc_x) : $svc_x->$field;
+%     $value = $f->{'value'}
+%                ? &$hack_strict_refs($svc_x)
+%                : encode_entities($svc_x->$field);
 %     $type  = $f->{'type'} || 'text';
 %   } else {
 %     $field = $f;
-%     $value = $svc_x->$field;
+%     $value = encode_entities($svc_x->$field);
 %     $type = 'text';
 %   }
 %

-----------------------------------------------------------------------

Summary of changes:
 httemplate/view/elements/svc_Common.html |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)