[freeside-commits] branch FREESIDE_4_BRANCH updated. 2d8ed14ea03c007dd041dd16cc2626959890dd48
Christopher Burger
burgerc at freeside.biz
Tue Feb 26 10:20:20 PST 2019
The branch, FREESIDE_4_BRANCH has been updated
via 2d8ed14ea03c007dd041dd16cc2626959890dd48 (commit)
from 905000c31f1d72055028c4e6db266e525a57eb8e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2d8ed14ea03c007dd041dd16cc2626959890dd48
Author: Christopher Burger <burgerc at freeside.biz>
Date: Tue Feb 26 11:06:33 2019 -0500
RT# 82092 - updated escaping html to use encode-entities
diff --git a/FS/FS/part_virtual_field.pm b/FS/FS/part_virtual_field.pm
index 63712b763..eae519f6d 100755
--- a/FS/FS/part_virtual_field.pm
+++ b/FS/FS/part_virtual_field.pm
@@ -2,7 +2,7 @@ package FS::part_virtual_field;
use base qw(FS::Record);
use strict;
-use CGI qw(escapeHTML);
+use HTML::Entities;
use FS::Schema qw( dbdef );
=head1 NAME
@@ -89,14 +89,14 @@ sub widget {
if ($ui_type eq 'HTML') {
if ($mode eq 'view') {
- $text = q!<TR><!.$header_col_type.q! ALIGN="right">! . $label .
- q!</!.$header_col_type.q!><TD BGCOLOR="#ffffff">! . $value .
+ $text = q!<TR><!.$header_col_type.q! ALIGN="right">! . encode_entities($label) .
+ q!</!.$header_col_type.q!><TD BGCOLOR="#ffffff">! . encode_entities($value) .
q!</TD></TR>! . "\n";
} elsif ($mode eq 'edit') {
- $text = q!<TR><!.$header_col_type.q! ALIGN="right">! . $label .
+ $text = q!<TR><!.$header_col_type.q! ALIGN="right">! . encode_entities($label) .
q!</!.$header_col_type.q!><TD>!;
$text .= q!<INPUT TYPE=text NAME="! . $self->name .
- q!" VALUE="! . escapeHTML($value) . q!"!;
+ q!" VALUE="! . encode_entities($value) . q!"!;
if ($self->length) {
$text .= q! SIZE="! . $self->length . q!"!;
}
diff --git a/httemplate/browse/router.cgi b/httemplate/browse/router.cgi
index c7713f313..354111875 100644
--- a/httemplate/browse/router.cgi
+++ b/httemplate/browse/router.cgi
@@ -17,8 +17,6 @@
%>
<%init>
-use CGI qw(escapeHTML);
-
die "access denied"
unless $FS::CurrentUser::CurrentUser->access_right('Broadband configuration')
|| $FS::CurrentUser::CurrentUser->access_right('Broadband global configuration');
@@ -50,8 +48,8 @@ my @links = ( [ "${p2}edit/router.cgi?", 'routernum' ],
);
foreach (FS::router->virtual_fields_hash) {
- push @header_fields, escapeHTML($_->{'label'});
- push @fields, escapeHTML($_->{'name'});
+ push @header_fields, encode_entities($_->{'label'});
+ push @fields, encode_entities($_->{'name'});
push @links, '';
}
diff --git a/httemplate/edit/elements/part_svc_column.html b/httemplate/edit/elements/part_svc_column.html
index 075f15e2c..bdbce7c79 100644
--- a/httemplate/edit/elements/part_svc_column.html
+++ b/httemplate/edit/elements/part_svc_column.html
@@ -97,7 +97,7 @@ my %communigate_fields = (
<TD ROWSPAN=2 CLASS="grid">
<INPUT NAME="<% $svcdb %>__<% $field %>_label"
STYLE="text-align: right"
- VALUE="<% $part_svc_column->columnlabel || escapeHTML($def->{'label'}) |h %>">
+ VALUE="<% $part_svc_column->columnlabel || $def->{'label'} |h %>">
</TD>
<TD ROWSPAN=1 CLASS="grid">
-----------------------------------------------------------------------
Summary of changes:
FS/FS/part_virtual_field.pm | 10 +++++-----
httemplate/browse/router.cgi | 6 ++----
httemplate/edit/elements/part_svc_column.html | 2 +-
3 files changed, 8 insertions(+), 10 deletions(-)
More information about the freeside-commits
mailing list