From 344f30c6902376570437b322d4f57fbd1880a7fd Mon Sep 17 00:00:00 2001
From: Ivan Kohler <ivan@freeside.biz>
Date: Mon, 29 Jun 2015 18:59:37 -0700
Subject: [PATCH] xss

---
 httemplate/browse/cust_attachment.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/httemplate/browse/cust_attachment.html b/httemplate/browse/cust_attachment.html
index 9d62e5609..f81ec1b6b 100755
--- a/httemplate/browse/cust_attachment.html
+++ b/httemplate/browse/cust_attachment.html
@@ -101,7 +101,7 @@ my $orderby = $cgi->param('orderby') || 'custnum';
 
 my $sub_cust = sub {
   my $c = qsearchs('cust_main', { custnum => shift->custnum } );
-  return $c ? $c->name : '<FONT COLOR="red"><B>(not found)</B></FONT>';
+  return $c ? encode_entities($c->name) : '<FONT COLOR="red"><B>(not found)</B></FONT>';
 };
 
 my $sub_date = sub {
-- 
2.11.0