[interchange-cvs] interchange - heins modified code/Widget/country_select.widget

[interchange-cvs at icdevgroup.org]

User:      heins
Date:      2008-07-18 20:58:36 GMT
Modified:  code/Widget country_select.widget
Log:
* Prevent cross-site scripting problem. Found and fixed by Josh Lavin
  of Perusion.

Revision  Changes    Path
1.11                 interchange/code/Widget/country_select.widget


rev 1.11, prev_rev 1.10
Index: country_select.widget
===================================================================
RCS file: /var/cvs/interchange/code/Widget/country_select.widget,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- country_select.widget	30 Mar 2007 23:40:58 -0000	1.10
+++ country_select.widget	18 Jul 2008 20:58:35 -0000	1.11
@@ -5,7 +5,7 @@
 # the Free Software Foundation; either version 2 of the License, or
 # (at your option) any later version.  See the LICENSE file for details.
 # 
-# $Id: country_select.widget,v 1.10 2007-03-30 23:40:58 pajamian Exp $
+# $Id: country_select.widget,v 1.11 2008-07-18 20:58:35 mheins Exp $
 
 CodeDef state_select  Widget  1
 CodeDef state_select  Description State (needs country_select)
@@ -246,6 +246,7 @@
 EOF
 
 	my $sval = $CGI::values{$svar} || $::Values->{$svar};
+	$sval = HTML::Entities::encode($sval, $ESCAPE_CHARS::std);
 	$sval = $Tag->jsq($sval) || "''";
 	my $fname = $opt->{form_name} || 'nevairbe';