[freeside-commits] branch FREESIDE_4_BRANCH updated. e467098604e3d6038d666214bc1a3f5d2a6f44eb
Christopher Burger
burgerc at 420.am
Fri Jun 30 14:10:25 PDT 2017
The branch, FREESIDE_4_BRANCH has been updated
via e467098604e3d6038d666214bc1a3f5d2a6f44eb (commit)
from 701f845de34ca48f26b2dd7a38b95764fb800d17 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e467098604e3d6038d666214bc1a3f5d2a6f44eb
Author: Christopher Burger <burgerc at freeside.biz>
Date: Fri Jun 30 13:24:29 2017 -0400
RT# 74666 - fixed vulnerability by escaping quotation_description var
diff --git a/httemplate/view/quotation.html b/httemplate/view/quotation.html
index aba1f0a..d4d79d7 100755
--- a/httemplate/view/quotation.html
+++ b/httemplate/view/quotation.html
@@ -2,7 +2,7 @@
<& /elements/header-cust_main.html, view=>'quotations', custnum=>$quotation->custnum &>
<h2>Quotation #<% $quotationnum %>
% if ($quotation->quotation_description) {
-(<% $quotation->quotation_description %>)
+(<% $quotation->quotation_description |h %>)
% }
</h2>
% } else { #eventually, header-prospect_main.html
-----------------------------------------------------------------------
Summary of changes:
httemplate/view/quotation.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
More information about the freeside-commits
mailing list