Skip to content

Commit

Permalink
bugfix: avoid XSS in balance list (LMS #1910)
Browse files Browse the repository at this point in the history
  • Loading branch information
@chilek
chilek committed May 25, 2022
1 parent b02521c commit 021effd
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions templates/default/balance/balancelist.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,13 +203,13 @@ <H1>{$layout.pagetitle}</H1>
{$balance.time|date_format:"%Y/%m/%d %H:%M"}
</TD>
<TD class="nobr">
{if $balance.userid}{$balance.user|truncate:16:"&hellip;":true}{else}-{/if}
{if $balance.userid}{$balance.user|trunescape:16}{else}-{/if}
</TD>
<TD class="text-right nobr">
{if $balance.covenant}{moneyf($balance.value*-1, $balance.currency)}{else}-{/if}
</TD>
<TD class="text-right nobr">
{if !$balance.covenant && $balance.value > 0}{moneyf($balance.value, $balance.currency)}{else}-{/if}
{if !$balance.covenant && $balance.value > 0}{moneyf($balance.value, $balance.currency)}{else}-{/if}
</TD>
<TD class="text-right nobr">
{if !$balance.covenant && $balance.value < 0}{moneyf($balance.value*-1, $balance.currency)}{else}-{/if}
Expand All @@ -218,13 +218,13 @@ <H1>{$layout.pagetitle}</H1>
&raquo;
</TD>
<TD class="text-right nobr">
{if $balance.covenant}-{else}{moneyf($balance.after)}{/if}
{if $balance.covenant}-{else}{moneyf($balance.after)}{/if}
</TD>
<TD class="text-right nobr">
{if $balance.customerid}<A HREF="?m=customerinfo&id={$balance.customerid}">{$balance.customername|trunescape:20}</A>{else} - {/if}
</TD>
<TD>
{$balance.comment}
{$balance.comment|escape}
</TD>
<TD class="text-right nobr">
{if $balance.docid}
Expand Down

0 comments on commit 021effd

Please sign in to comment.