[freeside-commits] branch 3.x-pre updated. 344f30c6902376570437b322d4f57fbd1880a7fd

[Ivan]

The branch, 3.x-pre has been updated
       via  344f30c6902376570437b322d4f57fbd1880a7fd (commit)
      from  71dba4c13f3a420115ad87dfa6df82db6618bd97 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 344f30c6902376570437b322d4f57fbd1880a7fd
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Mon Jun 29 18:59:37 2015 -0700

    xss

diff --git a/httemplate/browse/cust_attachment.html b/httemplate/browse/cust_attachment.html
index 9d62e56..f81ec1b 100755
--- a/httemplate/browse/cust_attachment.html
+++ b/httemplate/browse/cust_attachment.html
@@ -101,7 +101,7 @@ my $orderby = $cgi->param('orderby') || 'custnum';
 
 my $sub_cust = sub {
   my $c = qsearchs('cust_main', { custnum => shift->custnum } );
-  return $c ? $c->name : '<FONT COLOR="red"><B>(not found)</B></FONT>';
+  return $c ? encode_entities($c->name) : '<FONT COLOR="red"><B>(not found)</B></FONT>';
 };
 
 my $sub_date = sub {

-----------------------------------------------------------------------

Summary of changes:
 httemplate/browse/cust_attachment.html |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)