Reverted menu-left-example.png back to original and cleaned up menu-top-example to...

[freeside.git] / httemplate / browse / cust_attachment.html

diff --git a/httemplate/browse/cust_attachment.html b/httemplate/browse/cust_attachment.html
index d95f2b1..f81ec1b 100755 (executable)
--- a/httemplate/browse/cust_attachment.html
+++ b/httemplate/browse/cust_attachment.html
@@ -13,7 +13,7 @@
                     , 
                  'query'       => { 'table'     => 'cust_attachment',
                                     'hashref'   => $hashref,
-                                    'extra_sql' => 'ORDER BY '.$orderby,
+                                    'order_by' => 'ORDER BY '.$orderby,
                                   },
                  'count_query' => $count_query,
                  'header' => [ selflink('#',orderby => 'attachnum'),
@@ -62,7 +62,8 @@
 <%init>
 
 my $curuser = $FS::CurrentUser::CurrentUser;
-die "access denied" if !$curuser->access-right('View attachments');
+die "access denied" if !$curuser->access_right('View attachments')
+                    or !$curuser->access_right('Browse attachments');
 
 my $conf = new FS::Conf;
 
@@ -100,7 +101,7 @@ my $orderby = $cgi->param('orderby') || 'custnum';
 
 my $sub_cust = sub {
   my $c = qsearchs('cust_main', { custnum => shift->custnum } );
-  return $c ? $c->name : '<FONT COLOR="red"><B>(not found)</B></FONT>';
+  return $c ? encode_entities($c->name) : '<FONT COLOR="red"><B>(not found)</B></FONT>';
 };
 
 my $sub_date = sub {