encode_entities for comments entries

[freeside.git] / httemplate / view / cust_main.cgi

diff --git a/httemplate/view/cust_main.cgi b/httemplate/view/cust_main.cgi
index f0d3426..7d2d873 100755 (executable)
--- a/httemplate/view/cust_main.cgi
+++ b/httemplate/view/cust_main.cgi
@@ -241,9 +241,10 @@ print '</TD></TR></TABLE>';
 if ( defined $cust_main->dbdef_table->column('comments')
      && $cust_main->comments )
 {
-  print "<BR>Comments", &ntable("#cccccc"), "<TR><TD>",
-        &ntable("#cccccc",2),
-        '<TR><TD BGCOLOR="#ffffff"><PRE>', $cust_main->comments,
+  print "<BR>Comments". &ntable("#cccccc"). "<TR><TD>".
+        &ntable("#cccccc",2).
+        '<TR><TD BGCOLOR="#ffffff"><PRE>'.
+        encode_entities($cust_main->comments).
         '</PRE></TD></TR></TABLE></TABLE>';
 }
 
@@ -295,7 +296,7 @@ print qq!<INPUT TYPE="submit" VALUE="One-time charge"></FORM><BR>!;
 print <<END;
 <SCRIPT>
 function cust_pkg_areyousure(href) {
-    if (confirm("Permanantly delete included services and cancel this package?") == true)
+    if (confirm("Permanently delete included services and cancel this package?") == true)
         window.location.href = href;
 }
 </SCRIPT>