[freeside-commits] branch FREESIDE_4_BRANCH updated. 2d2c4981b8b2757afc4c7e70cbf2da02f0f7b4a5
Mitch Jackson
mitch at freeside.biz
Sat Oct 27 09:09:51 PDT 2018
The branch, FREESIDE_4_BRANCH has been updated
via 2d2c4981b8b2757afc4c7e70cbf2da02f0f7b4a5 (commit)
from d4df360c7618d45cc60647bb31520f757117992f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2d2c4981b8b2757afc4c7e70cbf2da02f0f7b4a5
Author: Mitch Jackson <mitch at freeside.biz>
Date: Sat Oct 27 12:05:19 2018 -0400
RT# 79353 Fix XSS
diff --git a/httemplate/search/cust_bill_pkg_discount.html b/httemplate/search/cust_bill_pkg_discount.html
index eb39dea8f..04cc828ad 100644
--- a/httemplate/search/cust_bill_pkg_discount.html
+++ b/httemplate/search/cust_bill_pkg_discount.html
@@ -39,8 +39,8 @@ Parameters:
# Standard discount, not a waived setup fee
my $discount = qsearchs('discount',{
discountnum => $_[0]->discountnum
- });
- return $discount->description;
+ }) || return 'Bad discountnum '.$_[0]->pkgdiscountnum;
+ return encode_entities $discount->description;
} else {
return 'Waive setup fee';
}
@@ -53,7 +53,7 @@ Parameters:
my $discount = qsearchs('discount',{
discountnum => $_[0]->discountnum
});
- return $discount->classname;
+ return encode_entities $discount->classname;
} else {
return 'n/a';
}
-----------------------------------------------------------------------
Summary of changes:
httemplate/search/cust_bill_pkg_discount.html | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
More information about the freeside-commits
mailing list