projects
/
freeside.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
RT# 74666 - fixed vulnerability by escaping quotation_description var
[freeside.git]
/
httemplate
/
view
/
quotation.html
diff --git
a/httemplate/view/quotation.html
b/httemplate/view/quotation.html
index
4769934
..
0e3e8b3
100755
(executable)
--- a/
httemplate/view/quotation.html
+++ b/
httemplate/view/quotation.html
@@
-11,7
+11,7
@@
function areyousure(href, message) {
% if ( $quotation->custnum ) {
<h2>Quotation #<% $quotationnum %>
% if ($quotation->quotation_description) {
- (<% $quotation->quotation_description %>)
+ (<% $quotation->quotation_description
|h
%>)
% }
</h2>
% }
projects / freeside.git / blobdiff