<TR>
<% note_datestr($attach,$conf,$bgcolor) %>
<TD CLASS="grid" BGCOLOR="<% $bgcolor %>">
- <% $attach->otaker%>
+ <% $attach->usernum ? $attach->access_user->name : $attach->otaker %>
</TD>
<TD CLASS="grid" BGCOLOR="<% $bgcolor %>">
- <% $attach->filename %>
+ <% $attach->filename |h %>
</TD>
<TD CLASS="grid" BGCOLOR="<% $bgcolor %>">
- <% $attach->title %>
+ <% $attach->title |h %>
<TD CLASS="grid" BGCOLOR="<% $bgcolor %>">
- <% $attach->mime_type %>
+ <% $attach->mime_type |h %>
</TD>
<TD CLASS="grid" BGCOLOR="<% $bgcolor %>">
<% size_units( $attach->size ) %>
my $conf = new FS::Conf;
my $curuser = $FS::CurrentUser::CurrentUser;
-
+die "access denied" if !$curuser->access_right('View attachments');
my(%opt) = @_;
my $custnum = $opt{'custnum'};