[freeside-commits] branch master updated. e9b2a0d4a388aeb876560aa243d4b9d90ba8c84b

Ivan ivan at 420.am
Tue Nov 18 20:10:45 PST 2014 

The branch, master has been updated
       via  e9b2a0d4a388aeb876560aa243d4b9d90ba8c84b (commit)
      from  5499e8e571862b071e1b072a017aba16636ea34b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e9b2a0d4a388aeb876560aa243d4b9d90ba8c84b
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Tue Nov 18 20:10:44 2014 -0800

    fix time queue redirection after #30921

diff --git a/httemplate/misc/process/timeworked.html b/httemplate/misc/process/timeworked.html
index 200a751..01752e1 100644
--- a/httemplate/misc/process/timeworked.html
+++ b/httemplate/misc/process/timeworked.html
@@ -1,7 +1,7 @@
 % if ($error) {
 <% $cgi->redirect(popurl(2). "timeworked.html?". $cgi->query_string) %>
 % } else {
-<% $cgi->redirect(popurl(3). "search/timeworked.html?begin=$begin;end=$end") %>
+<% $cgi->redirect(popurl(3). "search/timeworked.html?begin=$begin;end=$end;category=$category") %>
 % }
 <%init>
 
@@ -10,6 +10,9 @@ die "access denied"
 
 my($begin, $end) = FS::UI::Web::parse_beginning_ending($cgi);
 
+( my $category = $cgi->param('category') ) =~ /^\w*$/
+  or die 'illegal category';#no need for nice error messages for XSS, just avoid
+
 my @acct_rt_transaction;
 foreach my $transaction (
   map { /^transactionid(\d+)$/; $1; } grep /^transactionid\d+$/, $cgi->param
diff --git a/httemplate/misc/timeworked.html b/httemplate/misc/timeworked.html
index e439282..a0cf743 100755
--- a/httemplate/misc/timeworked.html
+++ b/httemplate/misc/timeworked.html
@@ -82,8 +82,9 @@
 
 <BR>
 
-<INPUT TYPE="hidden" NAME="begin" VALUE="<% $cgi->param('begin') |h %>">
-<INPUT TYPE="hidden" NAME="end"   VALUE="<% $cgi->param('end')   |h %>">
+<INPUT TYPE="hidden" NAME="begin"    VALUE="<% $cgi->param('begin')    |h %>">
+<INPUT TYPE="hidden" NAME="end"      VALUE="<% $cgi->param('end')      |h %>">
+<INPUT TYPE="hidden" NAME="category" VALUE="<% $cgi->param('category') |h %>">
 
 <INPUT TYPE="submit" NAME="submit" VALUE="<% $title %>">
 </FORM>
diff --git a/httemplate/search/timeworked.html b/httemplate/search/timeworked.html
index 3e3ddcb..12c7da0 100644
--- a/httemplate/search/timeworked.html
+++ b/httemplate/search/timeworked.html
@@ -1,7 +1,7 @@
 <& elements/search.html,
                  'title'       => 'Time Worked',
                  'name'        => 'time',
-		 'html_form'   => qq!<FORM NAME="timeForm" ACTION="${p}misc/timeworked.html" METHOD="POST">!,
+		 'html_form'   => $html_form,
                  'query'       => $query,
                  'count_query' => $count_query,
                  'header' => [ '#',
@@ -91,10 +91,12 @@ my($begin, $end) = FS::UI::Web::parse_beginning_ending($cgi);
 $where .= " AND $str2time_sql Transactions.Created $closing >= $begin ".
           " AND $str2time_sql Transactions.Created $closing <= $end ";
 
+my $html_form =
+  qq( <FORM NAME="timeForm" ACTION="${p}misc/timeworked.html" METHOD="POST"> );
 if ($cgi->param('category') =~ /^(\w+)$/) {
   $where .= " AND ocfv_TimeType.Content = '$1'";
+  $html_form .= qq( <INPUT TYPE="hidden" NAME="category" VALUE="$1"> );
 }
-warn $where."\n";;
 
 my $from = "
     FROM Transactions

-----------------------------------------------------------------------

Summary of changes:
 httemplate/misc/process/timeworked.html |    5 ++++-
 httemplate/misc/timeworked.html         |    5 +++--
 httemplate/search/timeworked.html       |    6 ++++--
 3 files changed, 11 insertions(+), 5 deletions(-)

More information about the freeside-commits mailing list