projects
/
freeside.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
usability: customer tags with checkboxes instead of a select-multiple
[freeside.git]
/
httemplate
/
browse
/
cust_attachment.html
diff --git
a/httemplate/browse/cust_attachment.html
b/httemplate/browse/cust_attachment.html
index
0fdc745
..
f81ec1b
100755
(executable)
--- a/
httemplate/browse/cust_attachment.html
+++ b/
httemplate/browse/cust_attachment.html
@@
-13,7
+13,7
@@
,
'query' => { 'table' => 'cust_attachment',
'hashref' => $hashref,
,
'query' => { 'table' => 'cust_attachment',
'hashref' => $hashref,
- '
extra_sql
' => 'ORDER BY '.$orderby,
+ '
order_by
' => 'ORDER BY '.$orderby,
},
'count_query' => $count_query,
'header' => [ selflink('#',orderby => 'attachnum'),
},
'count_query' => $count_query,
'header' => [ selflink('#',orderby => 'attachnum'),
@@
-62,6
+62,8
@@
<%init>
my $curuser = $FS::CurrentUser::CurrentUser;
<%init>
my $curuser = $FS::CurrentUser::CurrentUser;
+die "access denied" if !$curuser->access_right('View attachments')
+ or !$curuser->access_right('Browse attachments');
my $conf = new FS::Conf;
my $conf = new FS::Conf;
@@
-99,7
+101,7
@@
my $orderby = $cgi->param('orderby') || 'custnum';
my $sub_cust = sub {
my $c = qsearchs('cust_main', { custnum => shift->custnum } );
my $sub_cust = sub {
my $c = qsearchs('cust_main', { custnum => shift->custnum } );
- return $c ?
$c->name
: '<FONT COLOR="red"><B>(not found)</B></FONT>';
+ return $c ?
encode_entities($c->name)
: '<FONT COLOR="red"><B>(not found)</B></FONT>';
};
my $sub_date = sub {
};
my $sub_date = sub {