X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fbrowse%2Fcust_attachment.html;h=f81ec1b6ba0f7d3bc792d959c54be042418fcd32;hb=5b2b242ad80a2efac3fb3f4d919142307084bd73;hp=d95f2b18cd75e8dd3b022fd4d643b089356c314e;hpb=40a7b3dc653e099f7bd0bd762b649b04c4432db2;p=freeside.git
diff --git a/httemplate/browse/cust_attachment.html b/httemplate/browse/cust_attachment.html
index d95f2b18c..f81ec1b6b 100755
--- a/httemplate/browse/cust_attachment.html
+++ b/httemplate/browse/cust_attachment.html
@@ -13,7 +13,7 @@
,
'query' => { 'table' => 'cust_attachment',
'hashref' => $hashref,
- 'extra_sql' => 'ORDER BY '.$orderby,
+ 'order_by' => 'ORDER BY '.$orderby,
},
'count_query' => $count_query,
'header' => [ selflink('#',orderby => 'attachnum'),
@@ -62,7 +62,8 @@
<%init>
my $curuser = $FS::CurrentUser::CurrentUser;
-die "access denied" if !$curuser->access-right('View attachments');
+die "access denied" if !$curuser->access_right('View attachments')
+ or !$curuser->access_right('Browse attachments');
my $conf = new FS::Conf;
@@ -100,7 +101,7 @@ my $orderby = $cgi->param('orderby') || 'custnum';
my $sub_cust = sub {
my $c = qsearchs('cust_main', { custnum => shift->custnum } );
- return $c ? $c->name : '(not found)';
+ return $c ? encode_entities($c->name) : '(not found)';
};
my $sub_date = sub {