encode_entities for comments entries

[freeside.git] / httemplate / view / cust_main.cgi

diff --git a/httemplate/view/cust_main.cgi b/httemplate/view/cust_main.cgi
index dfa32d3..7d2d873 100755 (executable)
--- a/httemplate/view/cust_main.cgi
+++ b/httemplate/view/cust_main.cgi
@@ -241,9 +241,10 @@ print '</TD></TR></TABLE>';
 if ( defined $cust_main->dbdef_table->column('comments')
      && $cust_main->comments )
 {
-  print "<BR>Comments", &ntable("#cccccc"), "<TR><TD>",
-        &ntable("#cccccc",2),
-        '<TR><TD BGCOLOR="#ffffff"><PRE>', $cust_main->comments,
+  print "<BR>Comments". &ntable("#cccccc"). "<TR><TD>".
+        &ntable("#cccccc",2).
+        '<TR><TD BGCOLOR="#ffffff"><PRE>'.
+        encode_entities($cust_main->comments).
         '</PRE></TD></TR></TABLE></TABLE>';
 }
 
@@ -271,7 +272,7 @@ print '<BR>'.
   qq!<FORM ACTION="${p}edit/process/quick-charge.cgi" METHOD="POST">!.
   qq!<INPUT TYPE="hidden" NAME="custnum" VALUE="$custnum">!.
   qq!Description:<INPUT TYPE="text" NAME="pkg">!.
-  qq! Amount:<INPUT TYPE="text" NAME="amount" SIZE=6>!.
+  qq!&nbsp;Amount:<INPUT TYPE="text" NAME="amount" SIZE=6>!.
   qq!&nbsp;!;
 
 #false laziness w/ edit/part_pkg.cgi
@@ -295,7 +296,7 @@ print qq!<INPUT TYPE="submit" VALUE="One-time charge"></FORM><BR>!;
 print <<END;
 <SCRIPT>
 function cust_pkg_areyousure(href) {
-    if (confirm("Permanantly delete included services and cancel this package?") == true)
+    if (confirm("Permanently delete included services and cancel this package?") == true)
         window.location.href = href;
 }
 </SCRIPT>