[freeside-commits] branch FREESIDE_3_BRANCH updated. 7df65c63a5c9ad6b79c60841d0e1eb2a7df520e2

Ivan ivan at 420.am
Tue Nov 18 20:10:46 PST 2014


The branch, FREESIDE_3_BRANCH has been updated
       via  7df65c63a5c9ad6b79c60841d0e1eb2a7df520e2 (commit)
      from  8c2c7b4dc761ce015972444fb9fb8df7e7a9a5a4 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 7df65c63a5c9ad6b79c60841d0e1eb2a7df520e2
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Tue Nov 18 20:10:45 2014 -0800

    fix time queue redirection after #30921

diff --git a/httemplate/misc/process/timeworked.html b/httemplate/misc/process/timeworked.html
index 200a751..01752e1 100644
--- a/httemplate/misc/process/timeworked.html
+++ b/httemplate/misc/process/timeworked.html
@@ -1,7 +1,7 @@
 % if ($error) {
 <% $cgi->redirect(popurl(2). "timeworked.html?". $cgi->query_string) %>
 % } else {
-<% $cgi->redirect(popurl(3). "search/timeworked.html?begin=$begin;end=$end") %>
+<% $cgi->redirect(popurl(3). "search/timeworked.html?begin=$begin;end=$end;category=$category") %>
 % }
 <%init>
 
@@ -10,6 +10,9 @@ die "access denied"
 
 my($begin, $end) = FS::UI::Web::parse_beginning_ending($cgi);
 
+( my $category = $cgi->param('category') ) =~ /^\w*$/
+  or die 'illegal category';#no need for nice error messages for XSS, just avoid
+
 my @acct_rt_transaction;
 foreach my $transaction (
   map { /^transactionid(\d+)$/; $1; } grep /^transactionid\d+$/, $cgi->param
diff --git a/httemplate/misc/timeworked.html b/httemplate/misc/timeworked.html
index e439282..a0cf743 100755
--- a/httemplate/misc/timeworked.html
+++ b/httemplate/misc/timeworked.html
@@ -82,8 +82,9 @@
 
 <BR>
 
-<INPUT TYPE="hidden" NAME="begin" VALUE="<% $cgi->param('begin') |h %>">
-<INPUT TYPE="hidden" NAME="end"   VALUE="<% $cgi->param('end')   |h %>">
+<INPUT TYPE="hidden" NAME="begin"    VALUE="<% $cgi->param('begin')    |h %>">
+<INPUT TYPE="hidden" NAME="end"      VALUE="<% $cgi->param('end')      |h %>">
+<INPUT TYPE="hidden" NAME="category" VALUE="<% $cgi->param('category') |h %>">
 
 <INPUT TYPE="submit" NAME="submit" VALUE="<% $title %>">
 </FORM>
diff --git a/httemplate/search/timeworked.html b/httemplate/search/timeworked.html
index 3e3ddcb..12c7da0 100644
--- a/httemplate/search/timeworked.html
+++ b/httemplate/search/timeworked.html
@@ -1,7 +1,7 @@
 <& elements/search.html,
                  'title'       => 'Time Worked',
                  'name'        => 'time',
-		 'html_form'   => qq!<FORM NAME="timeForm" ACTION="${p}misc/timeworked.html" METHOD="POST">!,
+		 'html_form'   => $html_form,
                  'query'       => $query,
                  'count_query' => $count_query,
                  'header' => [ '#',
@@ -91,10 +91,12 @@ my($begin, $end) = FS::UI::Web::parse_beginning_ending($cgi);
 $where .= " AND $str2time_sql Transactions.Created $closing >= $begin ".
           " AND $str2time_sql Transactions.Created $closing <= $end ";
 
+my $html_form =
+  qq( <FORM NAME="timeForm" ACTION="${p}misc/timeworked.html" METHOD="POST"> );
 if ($cgi->param('category') =~ /^(\w+)$/) {
   $where .= " AND ocfv_TimeType.Content = '$1'";
+  $html_form .= qq( <INPUT TYPE="hidden" NAME="category" VALUE="$1"> );
 }
-warn $where."\n";;
 
 my $from = "
     FROM Transactions

-----------------------------------------------------------------------

Summary of changes:
 httemplate/misc/process/timeworked.html |    5 ++++-
 httemplate/misc/timeworked.html         |    5 +++--
 httemplate/search/timeworked.html       |    6 ++++--
 3 files changed, 11 insertions(+), 5 deletions(-)




More information about the freeside-commits mailing list