Auch versteckte Variablen HTML-escapen.

author Moritz Bunkus <m.bunkus@linet-services.de>

Fri, 26 Sep 2008 08:35:33 +0000 (08:35 +0000)

committer Moritz Bunkus <m.bunkus@linet-services.de>

Fri, 26 Sep 2008 08:35:33 +0000 (08:35 +0000)
author Moritz Bunkus <m.bunkus@linet-services.de>
Fri, 26 Sep 2008 08:35:33 +0000 (08:35 +0000)
committer Moritz Bunkus <m.bunkus@linet-services.de>
Fri, 26 Sep 2008 08:35:33 +0000 (08:35 +0000)
diff --git a/bin/mozilla/is.pl b/bin/mozilla/is.pl

index e7c5a44..8576815 100644 (file)
--- a/bin/mozilla/is.pl
+++ b/bin/mozilla/is.pl
@@ -637,10 +637,10 @@ sub form_header {
        <table>
          <tr>
            $customers
-          <input type="hidden" name="customer_klass" value="$form->{customer_klass}">
-          <input type="hidden" name="customer_id" value="$form->{customer_id}">
-          <input type="hidden" name="oldcustomer" value="$form->{oldcustomer}">
-          <input type="hidden" name="selectcustomer" value="$form->{selectcustomer}">
+          <input type="hidden" name="customer_klass" value="| . H($form->{customer_klass}) . qq|">
+          <input type="hidden" name="customer_id" value="| . H($form->{customer_id}) . qq|">
+          <input type="hidden" name="oldcustomer" value="| . H($form->{oldcustomer}) . qq|">
+          <input type="hidden" name="selectcustomer" value="| . H($form->{selectcustomer}) . qq|">
          </tr>
          $contact
          $shipto
author	Moritz Bunkus <m.bunkus@linet-services.de>
	Fri, 26 Sep 2008 08:35:33 +0000 (08:35 +0000)
committer	Moritz Bunkus <m.bunkus@linet-services.de>
	Fri, 26 Sep 2008 08:35:33 +0000 (08:35 +0000)