[freeside-commits] branch FREESIDE_4_BRANCH updated. ff33ea425a4e23bf4a1d959b268382ade6631dba

Ivan ivan at 420.am
Mon Mar 6 20:21:11 PST 2017 

The branch, FREESIDE_4_BRANCH has been updated
       via  ff33ea425a4e23bf4a1d959b268382ade6631dba (commit)
       via  c8e285347d6f794e9b21ce539dcb0d89c77495fa (commit)
      from  5e4c25e208146477593465199b2487cc6229eebb (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ff33ea425a4e23bf4a1d959b268382ade6631dba
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Mon Mar 6 20:21:10 2017 -0800

    fix (well, kludge around) =?UTF-8 Subject:, RT#37098

diff --git a/httemplate/misc/email-customers.html b/httemplate/misc/email-customers.html
index 981d0e6..0ed5ef3 100644
--- a/httemplate/misc/email-customers.html
+++ b/httemplate/misc/email-customers.html
@@ -355,7 +355,11 @@ if ( !$cgi->param('preview') ) {
     my $cust_msg = $msg_template->prepare(%msgopts);
     $from = $cust_msg->env_from;
     $html_body = $cust_msg->preview;
-    if ( $cust_msg->header =~ /^subject: (.*)/mi ) {
+#hmm.  this came in with the #37098 rewrite, but isn't on v3 :/
+# causing problems with mangling subject of unrelated things
+# should probably decode instead of ignore the UTF-8 thing, but
+# this at least masks the ugliness for now :/
+    if ( $cust_msg->header =~ /^subject: (.*)/mi && $1 !~ /^\=\?UTF-8/ ) {
       $subject = $1;
     }
   }

commit c8e285347d6f794e9b21ce539dcb0d89c77495fa
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Mon Mar 6 20:15:32 2017 -0800

    xss

diff --git a/httemplate/misc/email-customers.html b/httemplate/misc/email-customers.html
index b228b72..981d0e6 100644
--- a/httemplate/misc/email-customers.html
+++ b/httemplate/misc/email-customers.html
@@ -67,8 +67,8 @@ from/subject/body cgi params
     <INPUT TYPE="hidden" NAME="msgnum" VALUE="<% $msg_template->msgnum %>">
 %   # kludge these through hidden inputs because they're not really part
 %   # of the template, but should be sticky during draft editing
-    <INPUT TYPE="hidden" NAME="from_name" VALUE="<% $cgi->param('from_name') %>">
-    <INPUT TYPE="hidden" NAME="from_addr" VALUE="<% $cgi->param('from_addr') %>">
+    <INPUT TYPE="hidden" NAME="from_name" VALUE="<% scalar($cgi->param('from_name')) |h %>">
+    <INPUT TYPE="hidden" NAME="from_addr" VALUE="<% scalar($cgi->param('from_addr')) |h %>">
 
 %   if ( !$msg_template->disabled ) {
       <& /elements/tr-td-label.html, 'label' => 'Template:' &>

-----------------------------------------------------------------------

Summary of changes:
 httemplate/misc/email-customers.html |   10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

More information about the freeside-commits mailing list