[freeside-commits] branch FREESIDE_3_BRANCH updated. 81ccfc6f631270015f2ae11d4019c4b8b9ce7514
Ivan
ivan at 420.am
Thu Oct 9 11:11:32 PDT 2014
The branch, FREESIDE_3_BRANCH has been updated
via 81ccfc6f631270015f2ae11d4019c4b8b9ce7514 (commit)
from 05a99e84eb795dcf19cda5133a4a89a1976fedfc (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 81ccfc6f631270015f2ae11d4019c4b8b9ce7514
Author: Ivan Kohler <ivan at freeside.biz>
Date: Thu Oct 9 11:11:31 2014 -0700
XSS
diff --git a/httemplate/browse/part_event.html b/httemplate/browse/part_event.html
index ba036c8..d2e6946 100644
--- a/httemplate/browse/part_event.html
+++ b/httemplate/browse/part_event.html
@@ -175,8 +175,10 @@ my $html_init =
' or <SELECT NAME="clone"><OPTION></OPTION>';
foreach my $part_event ( qsearch('part_event', {'disabled'=>''}) ) {
- $html_init .= '<OPTION VALUE="'. $part_event->eventpart. '">'.
- $part_event->eventpart. ': '. $part_event->event. '</OPTION>';
+ $html_init .= '<OPTION VALUE="'. $part_event->eventpart. '">'.
+ $part_event->eventpart. ': '.
+ encode_entities($part_event->event).
+ '</OPTION>';
}
$html_init .= '</SELECT><INPUT TYPE="submit" VALUE="Clone existing event">'.
-----------------------------------------------------------------------
Summary of changes:
httemplate/browse/part_event.html | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
More information about the freeside-commits
mailing list