diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2016-04-25 11:02:36 -0700 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2016-04-25 11:02:36 -0700 |
| commit | c72a0848224b544426eddec7c63186a5de04280e (patch) | |
| tree | e00a87e1f9a059533ee171cffbd226ccf01b340a /httemplate/view | |
| parent | 46fe3dbcb3ca97d1f3c70d49351846cf0ab6461d (diff) | |
xss
Diffstat (limited to 'httemplate/view')
| -rwxr-xr-x | httemplate/view/cust_main.cgi | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/httemplate/view/cust_main.cgi b/httemplate/view/cust_main.cgi index 3cd7d2bb3..fac126f92 100755 --- a/httemplate/view/cust_main.cgi +++ b/httemplate/view/cust_main.cgi @@ -225,16 +225,19 @@ my $cust_main = qsearchs( { }); die "Customer not found!" unless $cust_main; -my $title = mt("Customer").' #'. $cust_main->display_custnum. ': '. - encode_entities($cust_main->name); +my $title = mt("Customer").' #'. $cust_main->display_custnum. ': '; +my $title_noescape = $title. encode_entities($cust_main->name); +$title .= $cust_main->name; if ( $curuser->num_agents ) { - $title = encode_entities($cust_main->agent->agent). " $title"; + $title_noescape = + encode_entities($cust_main->agent->agent). " $title_noescape"; + $title = $cust_main->agent->agent. " $title"; } my $status = $cust_main->status_label; $status .= ' (Cancelled)' if $cust_main->is_status_delay_cancel; -my $title_noescape = $title. ' (<B><FONT COLOR="#'. $cust_main->statuscolor. '">'. $status. '</FONT></B>)'; +$title_noescape .= ' (<B><FONT COLOR="#'. $cust_main->statuscolor. '">'. $status. '</FONT></B>)'; $title .= " ($status)"; #false laziness w/pref/pref.html and Conf.pm (cust_main-default_view) |