Index: branches/stable/cgi-bin/main.cgi
===================================================================
--- branches/stable/cgi-bin/main.cgi	(revision 88)
+++ branches/stable/cgi-bin/main.cgi	(revision 89)
@@ -941,6 +941,6 @@
   $html =~ s|\$\$CIRCID\$\$|$webvar{circid}|g;
   $webvar{desc} = desanitize($webvar{desc});
+  $html =~ s|\$\$DESC\$\$|$webvar{desc}|g;
   $webvar{notes} = desanitize($webvar{notes});
-  $html =~ s|\$\$DESC\$\$|$webvar{desc}|g;
   $html =~ s|\$\$NOTES\$\$|$webvar{notes}|g;
   $html =~ s|\$\$ACTION\$\$|insert|g;
@@ -1316,10 +1316,14 @@
 
   $html =~ s/\$\$BLOCK\$\$/$webvar{block}/g;
+  $webvar{city} = desanitize($webvar{city});
   $html =~ s/\$\$CITY\$\$/$webvar{city}/g;
   $html =~ s/\$\$ALLOCTYPE\$\$/$webvar{alloctype}/g;
   $html =~ s/\$\$TYPEFULL\$\$/$full_alloc_types{$webvar{alloctype}}/g;
   $html =~ s/\$\$CUSTID\$\$/$webvar{custid}/g;
+  $webvar{circid} = desanitize($webvar{circid});
   $html =~ s/\$\$CIRCID\$\$/$webvar{circid}/g;
+  $webvar{desc} = desanitize($webvar{desc});
   $html =~ s/\$\$DESC\$\$/$webvar{desc}/g;
+  $webvar{notes} = desanitize($webvar{notes});
   $html =~ s/\$\$NOTES\$\$/$webvar{notes}/g;