X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fbrowse%2Fcust_main_county.cgi;h=736d7fdbe19ad67a220b8bfb967736cc86a01e3e;hb=04a69f9d197efee6fa396bd35d04ae553e669978;hp=256c51d4b229cbb4a5b2a13eaade843a12ce5253;hpb=0cc06d0142a93722c14da37369ad9745c2d0e571;p=freeside.git

diff --git a/httemplate/browse/cust_main_county.cgi b/httemplate/browse/cust_main_county.cgi
index 256c51d4b..736d7fdbe 100755
--- a/httemplate/browse/cust_main_county.cgi
+++ b/httemplate/browse/cust_main_county.cgi
@@ -148,7 +148,11 @@ if ( $country && $cgi->param('state') =~ /^([\w \-\'\[\]]+)$/ ) {
 $cgi->delete('state');
 
 my $county = '';
-if ( $country && $state && $cgi->param('county') =~ /^([\w \-\'\[\]]+)$/ ) {
+if ( $country && $state &&
+     $cgi->param('county') =~
+       /^([\w \!\@\#\$\%\&\(\)\-\+\;\:\'\"\,\.\?\/\=\[\]]+)$/
+   )
+{
   $county = $1;
   if ( $county eq '__NONE__' ) {
     $title = "No county, $title";
@@ -175,9 +179,9 @@ $cgi->param('dummy', 1);
 
 my $filter_change =
   "window.location = '". $cgi->self_url.
-  ";country=' + document.getElementById('country').options[document.getElementById('country').selectedIndex].value + ".
-  "';state='   + document.getElementById('state').options[document.getElementById('state').selectedIndex].value +".
-  "';county='  + document.getElementById('county').options[document.getElementById('county').selectedIndex].value;";
+  ";country=' + encodeURIComponent( document.getElementById('country').options[document.getElementById('country').selectedIndex].value ) + ".
+  "';state='   + encodeURIComponent( document.getElementById('state').options[document.getElementById('state').selectedIndex].value ) +".
+  "';county='  + encodeURIComponent( document.getElementById('county').options[document.getElementById('county').selectedIndex].value );";
 
 #restore this so pagination works
 $cgi->param('country',  $country) if $country;