[freeside-commits] branch master updated. b5bce398b1dd80089ec363eb14107645cc5a546f
Ivan Kohler
ivan at freeside.biz
Mon Nov 19 14:43:13 PST 2018
The branch, master has been updated
via b5bce398b1dd80089ec363eb14107645cc5a546f (commit)
from 12ac7af853e51693f1bc7e49669974b9cd54e9bb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b5bce398b1dd80089ec363eb14107645cc5a546f
Author: Ivan Kohler <ivan at freeside.biz>
Date: Mon Nov 19 14:43:12 2018 -0800
self-xss, RT#81757
diff --git a/fs_selfservice/FS-SelfService/cgi/contact.html b/fs_selfservice/FS-SelfService/cgi/contact.html
index 20c15df78..7ae0d4880 100644
--- a/fs_selfservice/FS-SelfService/cgi/contact.html
+++ b/fs_selfservice/FS-SelfService/cgi/contact.html
@@ -3,22 +3,22 @@
<TR>
<TH ALIGN="right"><%=$r%>Contact name<BR>(last, first)</TH>
<TD COLSPAN=5>
- <INPUT TYPE="text" NAME="<%=$pre%>last" VALUE="<%= ${$pre.'last'} %>" onChange="<%= $onchange %>" <%=$disabled%>> ,
- <INPUT TYPE="text" NAME="<%=$pre%>first" VALUE="<%= ${$pre.'first'} %>" onChange="<%= $onchange %>" <%=$disabled%>>
+ <INPUT TYPE="text" NAME="<%=$pre%>last" VALUE="<%= encode_entities(${$pre.'last'}) %>" onChange="<%= $onchange %>" <%=$disabled%>> ,
+ <INPUT TYPE="text" NAME="<%=$pre%>first" VALUE="<%= encode_entities(${$pre.'first'}) %>" onChange="<%= $onchange %>" <%=$disabled%>>
</TD>
</TR>
<TR>
<TD ALIGN="right">Company</TD>
<TD COLSPAN=7>
- <INPUT TYPE="text" NAME="<%=$pre%>company" VALUE="<%= ${$pre.'company'} %>" SIZE=70 onChange="<%= $onchange %>" <%=$disabled%>>
+ <INPUT TYPE="text" NAME="<%=$pre%>company" VALUE="<%= encode_entities(${$pre.'company'}) %>" SIZE=70 onChange="<%= $onchange %>" <%=$disabled%>>
</TD>
</TR>
<TR>
<TH ALIGN="right"><%=$r%>Address</TH>
<TD COLSPAN=7>
- <INPUT TYPE="text" NAME="<%=$pre%>address1" VALUE="<%= ${$pre.'address1'} %>" SIZE=70 onChange="<%= $onchange %>" <%=$disabled%>>
+ <INPUT TYPE="text" NAME="<%=$pre%>address1" VALUE="<%= encode_entities(${$pre.'address1'}) %>" SIZE=70 onChange="<%= $onchange %>" <%=$disabled%>>
</TD>
</TR>
@@ -37,14 +37,14 @@
%>
</TD>
<TD COLSPAN=7>
- <INPUT TYPE="text" NAME="<%=$pre%>address2" VALUE="<%= ${$pre.'address2'} %>" SIZE=70 onChange="<%= $onchange %>" <%=$disabled%>>
+ <INPUT TYPE="text" NAME="<%=$pre%>address2" VALUE="<%= encode_entities(${$pre.'address2'}) %>" SIZE=70 onChange="<%= $onchange %>" <%=$disabled%>>
</TD>
</TR>
<TR>
<TH ALIGN="right"><%=$r%>City</TH>
<TD>
- <INPUT TYPE="text" ID="<%=$pre%>city" NAME="<%=$pre%>city" VALUE="<%= ${$pre.'city'} %>" onChange="<%= $onchange %>" <%=$disabled%>>
+ <INPUT TYPE="text" ID="<%=$pre%>city" NAME="<%=$pre%>city" VALUE="<%= encode_entities(${$pre.'city'}) %>" onChange="<%= $onchange %>" <%=$disabled%>>
</TD>
<%=
($county_html, $state_html, $country_html) =
-----------------------------------------------------------------------
Summary of changes:
fs_selfservice/FS-SelfService/cgi/contact.html | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
More information about the freeside-commits
mailing list