From e3b6e7c7f11580b3633967fef64f0234ea1a5da4 Mon Sep 17 00:00:00 2001
From: conradverm <conradverm@c91229c3-7414-0410-bfa2-8a42b809f60b>
Date: Fri, 20 Jul 2007 13:38:44 +0000
Subject: [PATCH] KTS-2178 "cross site scripting" Implemented.

---
 templates/ktcore/action/checkout_final.smarty | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/ktcore/action/checkout_final.smarty b/templates/ktcore/action/checkout_final.smarty
index 969f141..43f5268 100644
--- a/templates/ktcore/action/checkout_final.smarty
+++ b/templates/ktcore/action/checkout_final.smarty
@@ -3,7 +3,7 @@
 {$context->oPage->requireJSResource("thirdpartyjs/MochiKit/Iter.js")}
 {$context->oPage->requireJSResource("thirdpartyjs/MochiKit/DOM.js")}
 
-{capture assign=sLocation}action=checkout_final&fDocumentId={$context->oDocument->getId()}&reason={$reason}{/capture}
+{capture assign=sLocation}action=checkout_final&fDocumentId={$context->oDocument->getId()}&reason={$reason|escape:'url'}{/capture}
 
 {capture assign=sJavascript}
 function doCheckout () {ldelim}
--
libgit2 0.21.4