[freeside-commits] branch FREESIDE_3_BRANCH updated. 802d5ba5da8a49c2df8c5c6fda4c06d4ce6ad7fc
Ivan Kohler
ivan at freeside.biz
Mon Nov 19 14:43:19 PST 2018
The branch, FREESIDE_3_BRANCH has been updated
via 802d5ba5da8a49c2df8c5c6fda4c06d4ce6ad7fc (commit)
from 20319dfaa1c0f3ca4dc4c9685e3582154dcce517 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 802d5ba5da8a49c2df8c5c6fda4c06d4ce6ad7fc
Author: Ivan Kohler <ivan at freeside.biz>
Date: Mon Nov 19 14:43:18 2018 -0800
self-xss, RT#81757
diff --git a/fs_selfservice/FS-SelfService/cgi/contact.html b/fs_selfservice/FS-SelfService/cgi/contact.html
index 20c15df78..7ae0d4880 100644
--- a/fs_selfservice/FS-SelfService/cgi/contact.html
+++ b/fs_selfservice/FS-SelfService/cgi/contact.html
@@ -3,22 +3,22 @@
<TR>
<TH ALIGN="right"><%=$r%>Contact name<BR>(last, first)</TH>
<TD COLSPAN=5>
- <INPUT TYPE="text" NAME="<%=$pre%>last" VALUE="<%= ${$pre.'last'} %>" onChange="<%= $onchange %>" <%=$disabled%>> ,
- <INPUT TYPE="text" NAME="<%=$pre%>first" VALUE="<%= ${$pre.'first'} %>" onChange="<%= $onchange %>" <%=$disabled%>>
+ <INPUT TYPE="text" NAME="<%=$pre%>last" VALUE="<%= encode_entities(${$pre.'last'}) %>" onChange="<%= $onchange %>" <%=$disabled%>> ,
+ <INPUT TYPE="text" NAME="<%=$pre%>first" VALUE="<%= encode_entities(${$pre.'first'}) %>" onChange="<%= $onchange %>" <%=$disabled%>>
</TD>
</TR>
<TR>
<TD ALIGN="right">Company</TD>
<TD COLSPAN=7>
- <INPUT TYPE="text" NAME="<%=$pre%>company" VALUE="<%= ${$pre.'company'} %>" SIZE=70 onChange="<%= $onchange %>" <%=$disabled%>>
+ <INPUT TYPE="text" NAME="<%=$pre%>company" VALUE="<%= encode_entities(${$pre.'company'}) %>" SIZE=70 onChange="<%= $onchange %>" <%=$disabled%>>
</TD>
</TR>
<TR>
<TH ALIGN="right"><%=$r%>Address</TH>
<TD COLSPAN=7>
- <INPUT TYPE="text" NAME="<%=$pre%>address1" VALUE="<%= ${$pre.'address1'} %>" SIZE=70 onChange="<%= $onchange %>" <%=$disabled%>>
+ <INPUT TYPE="text" NAME="<%=$pre%>address1" VALUE="<%= encode_entities(${$pre.'address1'}) %>" SIZE=70 onChange="<%= $onchange %>" <%=$disabled%>>
</TD>
</TR>
@@ -37,14 +37,14 @@
%>
</TD>
<TD COLSPAN=7>
- <INPUT TYPE="text" NAME="<%=$pre%>address2" VALUE="<%= ${$pre.'address2'} %>" SIZE=70 onChange="<%= $onchange %>" <%=$disabled%>>
+ <INPUT TYPE="text" NAME="<%=$pre%>address2" VALUE="<%= encode_entities(${$pre.'address2'}) %>" SIZE=70 onChange="<%= $onchange %>" <%=$disabled%>>
</TD>
</TR>
<TR>
<TH ALIGN="right"><%=$r%>City</TH>
<TD>
- <INPUT TYPE="text" ID="<%=$pre%>city" NAME="<%=$pre%>city" VALUE="<%= ${$pre.'city'} %>" onChange="<%= $onchange %>" <%=$disabled%>>
+ <INPUT TYPE="text" ID="<%=$pre%>city" NAME="<%=$pre%>city" VALUE="<%= encode_entities(${$pre.'city'}) %>" onChange="<%= $onchange %>" <%=$disabled%>>
</TD>
<%=
($county_html, $state_html, $country_html) =
-----------------------------------------------------------------------
Summary of changes:
fs_selfservice/FS-SelfService/cgi/contact.html | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
More information about the freeside-commits
mailing list