[freeside-commits] branch master updated. 0d13c4c4823794e26725303bc730d7f7d59ef4fb

Mitch Jackson mitch at freeside.biz
Sat Oct 27 10:02:30 PDT 2018 

The branch, master has been updated
       via  0d13c4c4823794e26725303bc730d7f7d59ef4fb (commit)
      from  b3cc8eb7ebeda6877548ba0640f754cf36e099b4 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0d13c4c4823794e26725303bc730d7f7d59ef4fb
Author: Mitch Jackson <mitch at freeside.biz>
Date:   Sat Oct 27 13:01:54 2018 -0400

    RT# 31964 Fix XSS

diff --git a/httemplate/view/prospect_main.html b/httemplate/view/prospect_main.html
index 504a5a8ec..d6bcbe7ad 100644
--- a/httemplate/view/prospect_main.html
+++ b/httemplate/view/prospect_main.html
@@ -24,18 +24,18 @@
 % foreach my $prospect_contact ( $prospect_main->prospect_contact ) {
 %   my $contact = $prospect_contact->contact;
     <TR>
-      <TH ALIGN="right" VALIGN="top"><% $prospect_contact->contact_classname %> Contact</TH>
+      <TH ALIGN="right" VALIGN="top"><% $prospect_contact->contact_classname |h %> Contact</TH>
       <TD BGCOLOR="#FFFFFF">
-          <% $contact->line %><br>
+          <% $contact->line |h %><br>
           <table>
 %         for my $row ( $contact->contact_email ) {
-            <tr><th>E-Mail:</th><td><% $row->emailaddress %></td></tr>
+            <tr><th>E-Mail:</th><td><% $row->emailaddress |h %></td></tr>
 %         }
 %         for my $row ( $contact->contact_phone ) {
-            <tr><th><% $row->phone_type->typename %>:</th><td><% $row->phonenum_pretty %></td></tr>
+            <tr><th><% $row->phone_type->typename |h %>:</th><td><% $row->phonenum_pretty |h %></td></tr>
 %         }
 %         if ( $prospect_contact->comment ) {
-            <tr><th>Comment:</th><td><% $prospect_contact->comment %></td></tr>
+            <tr><th>Comment:</th><td><% $prospect_contact->comment |h %></td></tr>
 %         }
           </table>
       </TD>

-----------------------------------------------------------------------

Summary of changes:
 httemplate/view/prospect_main.html | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

More information about the freeside-commits mailing list