diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2015-06-29 18:59:37 -0700 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2015-06-30 23:22:49 -0700 |
| commit | b7e43528c43bc22a9a7725c1073c3aadb126290c (patch) | |
| tree | b51453300f21a2176f9a0341a2e123d7986fd6a5 | |
| parent | 32888fd335b717020552f56523d1f3131c66d804 (diff) | |
xss
| -rwxr-xr-x | httemplate/browse/cust_attachment.html | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/httemplate/browse/cust_attachment.html b/httemplate/browse/cust_attachment.html index 9d62e5609..f81ec1b6b 100755 --- a/httemplate/browse/cust_attachment.html +++ b/httemplate/browse/cust_attachment.html @@ -101,7 +101,7 @@ my $orderby = $cgi->param('orderby') || 'custnum'; my $sub_cust = sub { my $c = qsearchs('cust_main', { custnum => shift->custnum } ); - return $c ? $c->name : '<FONT COLOR="red"><B>(not found)</B></FONT>'; + return $c ? encode_entities($c->name) : '<FONT COLOR="red"><B>(not found)</B></FONT>'; }; my $sub_date = sub { |