[freeside-commits] branch master updated. ace5df96f846d02ef044d67c89667d7d23c47f75

Ivan ivan at 420.am
Mon Mar 6 20:21:09 PST 2017 

The branch, master has been updated
       via  ace5df96f846d02ef044d67c89667d7d23c47f75 (commit)
       via  b3a7f5819aab1d878a68dd85174fe934ab66c026 (commit)
       via  e3b78bdcb294a04518ebd7d2547e6d5a6d8557c2 (commit)
      from  77d97788cf400c58c4d0c7c908e5923266c74f7a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ace5df96f846d02ef044d67c89667d7d23c47f75
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Mon Mar 6 20:21:08 2017 -0800

    fix (well, kludge around) =?UTF-8 Subject:, RT#37098

diff --git a/httemplate/misc/email-customers.html b/httemplate/misc/email-customers.html
index 981d0e6..0ed5ef3 100644
--- a/httemplate/misc/email-customers.html
+++ b/httemplate/misc/email-customers.html
@@ -355,7 +355,11 @@ if ( !$cgi->param('preview') ) {
     my $cust_msg = $msg_template->prepare(%msgopts);
     $from = $cust_msg->env_from;
     $html_body = $cust_msg->preview;
-    if ( $cust_msg->header =~ /^subject: (.*)/mi ) {
+#hmm.  this came in with the #37098 rewrite, but isn't on v3 :/
+# causing problems with mangling subject of unrelated things
+# should probably decode instead of ignore the UTF-8 thing, but
+# this at least masks the ugliness for now :/
+    if ( $cust_msg->header =~ /^subject: (.*)/mi && $1 !~ /^\=\?UTF-8/ ) {
       $subject = $1;
     }
   }

commit b3a7f5819aab1d878a68dd85174fe934ab66c026
Merge: e3b78bd 77d9778
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Mon Mar 6 20:21:05 2017 -0800

    Merge branch 'master' of git.freeside.biz:/home/git/freeside


commit e3b78bdcb294a04518ebd7d2547e6d5a6d8557c2
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Mon Mar 6 20:15:28 2017 -0800

    xss

diff --git a/httemplate/misc/email-customers.html b/httemplate/misc/email-customers.html
index b228b72..981d0e6 100644
--- a/httemplate/misc/email-customers.html
+++ b/httemplate/misc/email-customers.html
@@ -67,8 +67,8 @@ from/subject/body cgi params
     <INPUT TYPE="hidden" NAME="msgnum" VALUE="<% $msg_template->msgnum %>">
 %   # kludge these through hidden inputs because they're not really part
 %   # of the template, but should be sticky during draft editing
-    <INPUT TYPE="hidden" NAME="from_name" VALUE="<% $cgi->param('from_name') %>">
-    <INPUT TYPE="hidden" NAME="from_addr" VALUE="<% $cgi->param('from_addr') %>">
+    <INPUT TYPE="hidden" NAME="from_name" VALUE="<% scalar($cgi->param('from_name')) |h %>">
+    <INPUT TYPE="hidden" NAME="from_addr" VALUE="<% scalar($cgi->param('from_addr')) |h %>">
 
 %   if ( !$msg_template->disabled ) {
       <& /elements/tr-td-label.html, 'label' => 'Template:' &>

-----------------------------------------------------------------------

Summary of changes:
 httemplate/misc/email-customers.html |   10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

More information about the freeside-commits mailing list