From: Ivan Kohler <ivan@freeside.biz>
Date: Fri, 12 Apr 2013 01:10:13 +0000 (-0700)
Subject: fix XSS
X-Git-Url: http://git.freeside.biz/gitweb/?a=commitdiff_plain;h=0040c5d4586541fc06b53774bfeac61cd1958a9f;p=freeside.git

fix XSS
---

diff --git a/FS/FS/UI/Web.pm b/FS/FS/UI/Web.pm
index 22b445690..59e59d442 100644
--- a/FS/FS/UI/Web.pm
+++ b/FS/FS/UI/Web.pm
@@ -404,23 +404,26 @@ sub cust_fields_subs {
   my $unlinked_warn = 0;
   return map { 
     my $f = $_;
-    if( $unlinked_warn++ ) {
+    if ( $unlinked_warn++ ) {
+
       sub {
         my $record = shift;
-        if( $record->custnum ) {
-          $record->$f(@_);
-        }
-        else {
+        if ( $record->custnum ) {
+          encode_entities( $record->$f(@_) );
+        } else {
           '(unlinked)'
         };
-      }
-    } 
-    else {
+      };
+
+    } else {
+
       sub {
         my $record = shift;
-        $record->$f(@_) if $record->custnum;
-      }
+        $record->custnum ? encode_entities( $record->$f(@_) ) : '';
+      };
+
     }
+
   } @cust_fields;
 }