[freeside-commits] branch FREESIDE_3_BRANCH updated. dd769e3736c49fa4cedf16f13db3a58cc7573cbb
Mitch Jackson
mitch at freeside.biz
Sat Oct 27 09:16:52 PDT 2018
The branch, FREESIDE_3_BRANCH has been updated
via dd769e3736c49fa4cedf16f13db3a58cc7573cbb (commit)
from 8120b9af43dac87f1a41ac3c8434465517235a25 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit dd769e3736c49fa4cedf16f13db3a58cc7573cbb
Author: Mitch Jackson <mitch at freeside.biz>
Date: Sat Oct 27 12:05:19 2018 -0400
RT# 79353 Fix XSS
diff --git a/httemplate/search/cust_bill_pkg_discount.html b/httemplate/search/cust_bill_pkg_discount.html
index 691a11e60..9ddc97da2 100644
--- a/httemplate/search/cust_bill_pkg_discount.html
+++ b/httemplate/search/cust_bill_pkg_discount.html
@@ -39,8 +39,8 @@ Parameters:
# Standard discount, not a waived setup fee
my $discount = qsearchs('discount',{
discountnum => $_[0]->discountnum
- });
- return $discount->description;
+ }) || return 'Bad discountnum '.$_[0]->pkgdiscountnum;
+ return encode_entities $discount->description;
} else {
return 'Waive setup fee';
}
@@ -53,7 +53,7 @@ Parameters:
my $discount = qsearchs('discount',{
discountnum => $_[0]->discountnum
});
- return $discount->classname;
+ return encode_entities $discount->classname;
} else {
return 'n/a';
}
-----------------------------------------------------------------------
Summary of changes:
httemplate/search/cust_bill_pkg_discount.html | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
More information about the freeside-commits
mailing list