<INPUT TYPE="hidden" NAME="msgnum" VALUE="<% $msg_template->msgnum %>">
% # kludge these through hidden inputs because they're not really part
% # of the template, but should be sticky during draft editing
- <INPUT TYPE="hidden" NAME="from_name" VALUE="<% $cgi->param('from_name') %>">
- <INPUT TYPE="hidden" NAME="from_addr" VALUE="<% $cgi->param('from_addr') %>">
+ <INPUT TYPE="hidden" NAME="from_name" VALUE="<% scalar($cgi->param('from_name')) |h %>">
+ <INPUT TYPE="hidden" NAME="from_addr" VALUE="<% scalar($cgi->param('from_addr')) |h %>">
% if ( !$msg_template->disabled ) {
<& /elements/tr-td-label.html, 'label' => 'Template:' &>
my $title = $opt{'title'} || 'Send customer notices';
push( @no_search_fields, @{$opt{'no_search_fields'}} ) if $opt{'no_search_fields'};
+$m->comp('/elements/handle_uri_query');
+
my $table = $cgi->param('table') or die "'table' required";
my $agent_virt_agentnum = $cgi->param('agent_virt_agentnum') || '';
my $cust_msg = $msg_template->prepare(%msgopts);
$from = $cust_msg->env_from;
$html_body = $cust_msg->preview;
- if ( $cust_msg->header =~ /^subject: (.*)/mi ) {
+#hmm. this came in with the #37098 rewrite, but isn't on v3 :/
+# causing problems with mangling subject of unrelated things
+# should probably decode instead of ignore the UTF-8 thing, but
+# this at least masks the ugliness for now :/
+ if ( $cust_msg->header =~ /^subject: (.*)/mi && $1 !~ /^\=\?UTF-8/ ) {
$subject = $1;
}
}