From c649441b5fdab63a35cdfe3907b486630af658bb Mon Sep 17 00:00:00 2001
From: Christopher Burger <burgerc@freeside.biz>
Date: Fri, 30 Jun 2017 13:24:29 -0400
Subject: [PATCH] RT# 74666 - fixed vulnerability by escaping
 quotation_description var

Conflicts:
	httemplate/view/quotation.html
---
 httemplate/view/quotation.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/httemplate/view/quotation.html b/httemplate/view/quotation.html
index 4769934d9..0e3e8b3c6 100755
--- a/httemplate/view/quotation.html
+++ b/httemplate/view/quotation.html
@@ -11,7 +11,7 @@ function areyousure(href, message) {
 % if ( $quotation->custnum ) {
   <h2>Quotation #<% $quotationnum %>
 %   if ($quotation->quotation_description) {
-      (<% $quotation->quotation_description %>)  
+      (<% $quotation->quotation_description |h %>)  
 %   } 
   </h2>
 % } 
-- 
2.11.0