[freeside-commits] branch master updated. b00bc7c2acc8fc20cb6cf4b3dad03da47f414499
Mitch Jackson
mitch at freeside.biz
Tue Oct 23 17:54:45 PDT 2018
The branch, master has been updated
via b00bc7c2acc8fc20cb6cf4b3dad03da47f414499 (commit)
via f1d7da36b1cb88df944ad7fb39967b63a29183e5 (commit)
from fad1695f2df61d3fadc5d6fc85527e09d083bf20 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b00bc7c2acc8fc20cb6cf4b3dad03da47f414499
Author: Mitch Jackson <mitch at freeside.biz>
Date: Tue Oct 23 19:18:58 2018 -0400
RT# 73422 Fix XSS
diff --git a/httemplate/search/contact.html b/httemplate/search/contact.html
index aaa591cf4..35a74a593 100644
--- a/httemplate/search/contact.html
+++ b/httemplate/search/contact.html
@@ -162,10 +162,10 @@ my %classname =
# And now for something completly different:
my @report = (
- { label => 'First', field => sub { shift->contact_first }},
- { label => 'Last', field => sub { shift->contact_last }},
- { label => 'Title', field => sub { shift->contact_title }},
- { label => 'E-Mail', field => sub { shift->contact_email_emailaddress }},
+ { label => 'First', field => sub { encode_entities shift->contact_first }},
+ { label => 'Last', field => sub { encode_entities shift->contact_last }},
+ { label => 'Title', field => sub { encode_entities shift->contact_title }},
+ { label => 'E-Mail', field => sub { encode_entities shift->contact_email_emailaddress }},
{ label => 'Work Phone', field => $get_phone_sub->('Work') },
{ label => 'Mobile Phone', field => $get_phone_sub->('Mobile') },
{ label => 'Home Phone', field => $get_phone_sub->('Home') },
@@ -204,10 +204,15 @@ my @report = (
field => sub {
my $rec = shift;
if ($rec->prospect_contact_prospectnum) {
- return $rec->contact_company
- || $rec->contact_last.' '.$rec->contact_first;
+ return encode_entities(
+ $rec->contact_company
+ || $rec->contact_last.' '.$rec->contact_first
+ );
}
- $rec->cust_main_company || $rec->cust_main_last.' '.$rec->cust_main_first;
+ encode_entities(
+ $rec->cust_main_company
+ || $rec->cust_main_last.' '.$rec->cust_main_first
+ );
}},
{ label => 'Self-service',
field => sub {
@@ -218,9 +223,11 @@ my @report = (
{ label => 'Comment',
field => sub {
my $rec = shift;
- $rec->prospect_contact_prospectnum
- ? $rec->prospect_contact_comment
- : $rec->cust_contact_comment;
+ encode_entities(
+ $rec->prospect_contact_prospectnum
+ ? $rec->prospect_contact_comment
+ : $rec->cust_contact_comment
+ );
}},
);
commit f1d7da36b1cb88df944ad7fb39967b63a29183e5
Author: Mitch Jackson <mitch at freeside.biz>
Date: Tue Oct 23 18:49:05 2018 -0400
RT# 74031 Fix XSS
diff --git a/httemplate/browse/realestate_unit.html b/httemplate/browse/realestate_unit.html
index 399cd2583..a2fff7bc2 100644
--- a/httemplate/browse/realestate_unit.html
+++ b/httemplate/browse/realestate_unit.html
@@ -41,8 +41,8 @@
'unit_title',
sub {
return '' unless $_[0]->custnum;
- return $_[0]->company if $_[0]->company;
- return $_[0]->first.' '.$_[0]->last;
+ return encode_entities( $_[0]->company ) if $_[0]->company;
+ return encode_entities( $_[0]->first.' '.$_[0]->last );
},
],
links => [
-----------------------------------------------------------------------
Summary of changes:
httemplate/browse/realestate_unit.html | 4 ++--
httemplate/search/contact.html | 27 +++++++++++++++++----------
2 files changed, 19 insertions(+), 12 deletions(-)
More information about the freeside-commits
mailing list