X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fbrowse%2Fcust_main_county.cgi;h=736d7fdbe19ad67a220b8bfb967736cc86a01e3e;hb=52b311cb03ee6714c2ea8d108efdfef86c2c3e1d;hp=c4d1d18823aa75acde5c40ff9ead5022e3e30325;hpb=d8cb6cd67cc574c90dbbfbd8db2da6711c516d65;p=freeside.git

diff --git a/httemplate/browse/cust_main_county.cgi b/httemplate/browse/cust_main_county.cgi
index c4d1d1882..736d7fdbe 100755
--- a/httemplate/browse/cust_main_county.cgi
+++ b/httemplate/browse/cust_main_county.cgi
@@ -148,7 +148,11 @@ if ( $country && $cgi->param('state') =~ /^([\w \-\'\[\]]+)$/ ) {
 $cgi->delete('state');
 
 my $county = '';
-if ( $country && $state && $cgi->param('county') =~ /^([\w \-\'\[\]]+)$/ ) {
+if ( $country && $state &&
+     $cgi->param('county') =~
+       /^([\w \!\@\#\$\%\&\(\)\-\+\;\:\'\"\,\.\?\/\=\[\]]+)$/
+   )
+{
   $county = $1;
   if ( $county eq '__NONE__' ) {
     $title = "No county, $title";
@@ -175,9 +179,9 @@ $cgi->param('dummy', 1);
 
 my $filter_change =
   "window.location = '". $cgi->self_url.
-  ";country=' + document.getElementById('country').options[document.getElementById('country').selectedIndex].value + ".
-  "';state='   + document.getElementById('state').options[document.getElementById('state').selectedIndex].value +".
-  "';county='  + document.getElementById('county').options[document.getElementById('county').selectedIndex].value;";
+  ";country=' + encodeURIComponent( document.getElementById('country').options[document.getElementById('country').selectedIndex].value ) + ".
+  "';state='   + encodeURIComponent( document.getElementById('state').options[document.getElementById('state').selectedIndex].value ) +".
+  "';county='  + encodeURIComponent( document.getElementById('county').options[document.getElementById('county').selectedIndex].value );";
 
 #restore this so pagination works
 $cgi->param('country',  $country) if $country;
@@ -186,7 +190,7 @@ $cgi->param('county',   $county ) if $county;
 $cgi->param('taxclass', $county ) if $taxclass;
 
 my $html_posttotal =
-  '( show country: '.
+  '<BR>( show country: '.
   include('/elements/select-country.html',
             'country'             => $country,
             'onchange'            => $filter_change,