xss

author: Ivan Kohler <ivan@freeside.biz> 2015-06-29 18:59:37 -0700
committer: Ivan Kohler <ivan@freeside.biz> 2015-06-29 18:59:37 -0700
commit: 344f30c6902376570437b322d4f57fbd1880a7fd (patch)
tree: 4ebdd6c3aadbfb44fe1c6b9beade2e516a2a680e
parent: 71dba4c13f3a420115ad87dfa6df82db6618bd97 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/httemplate/browse/cust_attachment.html b/httemplate/browse/cust_attachment.html
index 9d62e5609..f81ec1b6b 100755
--- a/httemplate/browse/cust_attachment.html
+++ b/httemplate/browse/cust_attachment.html
@@ -101,7 +101,7 @@ my $orderby = $cgi->param('orderby') || 'custnum';
 
 my $sub_cust = sub {
   my $c = qsearchs('cust_main', { custnum => shift->custnum } );
-  return $c ? $c->name : '<FONT COLOR="red"><B>(not found)</B></FONT>';
+  return $c ? encode_entities($c->name) : '<FONT COLOR="red"><B>(not found)</B></FONT>';
 };
 
 my $sub_date = sub {
author	Ivan Kohler <ivan@freeside.biz>	2015-06-29 18:59:37 -0700
committer	Ivan Kohler <ivan@freeside.biz>	2015-06-29 18:59:37 -0700
commit	344f30c6902376570437b322d4f57fbd1880a7fd (patch)
tree	4ebdd6c3aadbfb44fe1c6b9beade2e516a2a680e
parent	71dba4c13f3a420115ad87dfa6df82db6618bd97 (diff)