,
'query' => { 'table' => 'cust_attachment',
'hashref' => $hashref,
- 'extra_sql' => 'ORDER BY '.$orderby,
+ 'order_by' => 'ORDER BY '.$orderby,
},
'count_query' => $count_query,
'header' => [ selflink('#',orderby => 'attachnum'),
<%init>
my $curuser = $FS::CurrentUser::CurrentUser;
+die "access denied" if !$curuser->access_right('View attachments')
+ or !$curuser->access_right('Browse attachments');
my $conf = new FS::Conf;
my $sub_cust = sub {
my $c = qsearchs('cust_main', { custnum => shift->custnum } );
- return $c ? $c->name : '<FONT COLOR="red"><B>(not found)</B></FONT>';
+ return $c ? encode_entities($c->name) : '<FONT COLOR="red"><B>(not found)</B></FONT>';
};
my $sub_date = sub {