[freeside-commits] branch master updated. b3cc8eb7ebeda6877548ba0640f754cf36e099b4
Mitch Jackson
mitch at freeside.biz
Sat Oct 27 09:08:33 PDT 2018
The branch, master has been updated
via b3cc8eb7ebeda6877548ba0640f754cf36e099b4 (commit)
via 766d55d2439f63d20dcda10411ebc5665205f977 (commit)
from ec5b34c097718b91d98d90fece500864e50892b9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b3cc8eb7ebeda6877548ba0640f754cf36e099b4
Author: Mitch Jackson <mitch at freeside.biz>
Date: Sat Oct 27 12:05:19 2018 -0400
RT# 79353 Fix XSS
diff --git a/httemplate/search/cust_bill_pkg_discount.html b/httemplate/search/cust_bill_pkg_discount.html
index eb39dea8f..04cc828ad 100644
--- a/httemplate/search/cust_bill_pkg_discount.html
+++ b/httemplate/search/cust_bill_pkg_discount.html
@@ -39,8 +39,8 @@ Parameters:
# Standard discount, not a waived setup fee
my $discount = qsearchs('discount',{
discountnum => $_[0]->discountnum
- });
- return $discount->description;
+ }) || return 'Bad discountnum '.$_[0]->pkgdiscountnum;
+ return encode_entities $discount->description;
} else {
return 'Waive setup fee';
}
@@ -53,7 +53,7 @@ Parameters:
my $discount = qsearchs('discount',{
discountnum => $_[0]->discountnum
});
- return $discount->classname;
+ return encode_entities $discount->classname;
} else {
return 'n/a';
}
commit 766d55d2439f63d20dcda10411ebc5665205f977
Author: Mitch Jackson <mitch at freeside.biz>
Date: Sat Oct 27 11:24:17 2018 -0400
RT# 73422 Fix XSS
diff --git a/httemplate/search/contact.html b/httemplate/search/contact.html
index 35a74a593..50935baf4 100644
--- a/httemplate/search/contact.html
+++ b/httemplate/search/contact.html
@@ -162,10 +162,10 @@ my %classname =
# And now for something completly different:
my @report = (
- { label => 'First', field => sub { encode_entities shift->contact_first }},
- { label => 'Last', field => sub { encode_entities shift->contact_last }},
- { label => 'Title', field => sub { encode_entities shift->contact_title }},
- { label => 'E-Mail', field => sub { encode_entities shift->contact_email_emailaddress }},
+ { label => 'First', field => 'contact_first' },
+ { label => 'Last', field => 'contact_last' },
+ { label => 'Title', field => 'contact_title' },
+ { label => 'E-Mail', field => 'contact_email_emailaddress' },
{ label => 'Work Phone', field => $get_phone_sub->('Work') },
{ label => 'Mobile Phone', field => $get_phone_sub->('Mobile') },
{ label => 'Home Phone', field => $get_phone_sub->('Home') },
-----------------------------------------------------------------------
Summary of changes:
httemplate/search/contact.html | 8 ++++----
httemplate/search/cust_bill_pkg_discount.html | 6 +++---
2 files changed, 7 insertions(+), 7 deletions(-)
More information about the freeside-commits
mailing list