';
- $html = qq!View
'
+ $html = qq!'
if $url;
$html .= 'Customer #'. $cust_main->display_custnum. ''.
@@ -58,12 +58,13 @@ sub small_custview {
$html .=
ntable('#e8e8e8'). '
'. ntable("#cccccc",2).
' |
Billing Address | '.
- $cust_main->getfield('last'). ', '. $cust_main->first. ' ';
+ encode_entities($cust_main->getfield('last')). ', '.
+ encode_entities($cust_main->first). ' ';
- $html .= $cust_main->company. ' ' if $cust_main->company;
- $html .= $cust_main->address1. ' ';
- $html .= $cust_main->address2. ' ' if $cust_main->address2;
- $html .= $cust_main->city. ', '. $cust_main->state. ' '. $cust_main->zip. ' ';
+ $html .= encode_entities($cust_main->company). ' ' if $cust_main->company;
+ $html .= encode_entities($cust_main->address1). ' ';
+ $html .= encode_entities($cust_main->address2). ' ' if $cust_main->address2;
+ $html .= encode_entities($cust_main->city). ', '. $cust_main->state. ' '. $cust_main->zip. ' ';
$html .= $cust_main->country. ' '
if $cust_main->country && $cust_main->country ne $countrydefault;
@@ -87,7 +88,7 @@ sub small_custview {
$html .= ' | '. ntable("#cccccc",2).
' |
Service Address | ';
$html .= join(' ',
- grep $_,
+ map encode_entities($_), grep $_,
$cust_main->contact,
$cust_main->company,
$ship->address1,
|