diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2015-06-29 18:59:34 -0700 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2015-06-29 18:59:34 -0700 |
| commit | c9a2b10e9976847e6d96cb6998300ef73e84269a (patch) | |
| tree | 1094a094d6cf3b4463f6463b15778a7cbdd22c8d /httemplate/browse/cust_attachment.html | |
| parent | 1fa379f596dd95694ed4e37a19afd44d8e47e82a (diff) | |
xss
Diffstat (limited to 'httemplate/browse/cust_attachment.html')
| -rwxr-xr-x | httemplate/browse/cust_attachment.html | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/httemplate/browse/cust_attachment.html b/httemplate/browse/cust_attachment.html index 9d62e5609..f81ec1b6b 100755 --- a/httemplate/browse/cust_attachment.html +++ b/httemplate/browse/cust_attachment.html @@ -101,7 +101,7 @@ my $orderby = $cgi->param('orderby') || 'custnum'; my $sub_cust = sub { my $c = qsearchs('cust_main', { custnum => shift->custnum } ); - return $c ? $c->name : '<FONT COLOR="red"><B>(not found)</B></FONT>'; + return $c ? encode_entities($c->name) : '<FONT COLOR="red"><B>(not found)</B></FONT>'; }; my $sub_date = sub { |