From: Christopher Burger <burgerc@freeside.biz>
Date: Fri, 30 Jun 2017 17:24:29 +0000 (-0400)
Subject: RT# 74666 - fixed vulnerability by escaping quotation_description var
X-Git-Url: http://git.freeside.biz/gitweb/?a=commitdiff_plain;ds=sidebyside;h=c649441b5fdab63a35cdfe3907b486630af658bb;p=freeside.git

RT# 74666 - fixed vulnerability by escaping quotation_description var

Conflicts:
	httemplate/view/quotation.html
---

diff --git a/httemplate/view/quotation.html b/httemplate/view/quotation.html
index 4769934d9..0e3e8b3c6 100755
--- a/httemplate/view/quotation.html
+++ b/httemplate/view/quotation.html
@@ -11,7 +11,7 @@ function areyousure(href, message) {
 % if ( $quotation->custnum ) {
   <h2>Quotation #<% $quotationnum %>
 %   if ($quotation->quotation_description) {
-      (<% $quotation->quotation_description %>)  
+      (<% $quotation->quotation_description |h %>)  
 %   } 
   </h2>
 % }