[freeside-commits] branch master updated. 003eca97bc3a50b8f52a0713273ad60459e00c8f
Ivan
ivan at 420.am
Thu Oct 9 11:11:29 PDT 2014
The branch, master has been updated
via 003eca97bc3a50b8f52a0713273ad60459e00c8f (commit)
via 3146245f510ef873c4176bc06dc891f990db8f1e (commit)
via 7f2c31cd55d1f5c49db10e997b9e4756e4f46279 (commit)
from f31bdd8e04ddd743cd7e89b59e83dde2afc3aea0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 003eca97bc3a50b8f52a0713273ad60459e00c8f
Author: Ivan Kohler <ivan at freeside.biz>
Date: Thu Oct 9 11:11:27 2014 -0700
XSS
diff --git a/httemplate/browse/part_event.html b/httemplate/browse/part_event.html
index 575294e..4b95b86 100644
--- a/httemplate/browse/part_event.html
+++ b/httemplate/browse/part_event.html
@@ -175,8 +175,10 @@ my $html_init =
' or <SELECT NAME="clone"><OPTION></OPTION>';
foreach my $part_event ( qsearch('part_event', {'disabled'=>''}) ) {
- $html_init .= '<OPTION VALUE="'. $part_event->eventpart. '">'.
- $part_event->eventpart. ': '. $part_event->event. '</OPTION>';
+ $html_init .= '<OPTION VALUE="'. $part_event->eventpart. '">'.
+ $part_event->eventpart. ': '.
+ encode_entities($part_event->event).
+ '</OPTION>';
}
$html_init .= '</SELECT><INPUT TYPE="submit" VALUE="Clone existing event">'.
commit 3146245f510ef873c4176bc06dc891f990db8f1e
Merge: 7f2c31c f31bdd8
Author: Ivan Kohler <ivan at freeside.biz>
Date: Wed Oct 8 21:41:28 2014 -0700
Merge branch 'master' of git.freeside.biz:/home/git/freeside
diff --cc httemplate/search/rt_transaction.html
index c9a305f,71a2669..aace4e9
--- a/httemplate/search/rt_transaction.html
+++ b/httemplate/search/rt_transaction.html
@@@ -56,10 -56,21 +56,22 @@@ my @select =
);
my @select_total = ( 'COUNT(*)' );
-my ($transaction_time, $applied_time);
+my $transaction_time;
+my $applied_time = '';
my $join = 'JOIN Tickets ON Transactions.ObjectId = Tickets.Id '.
- 'JOIN Users ON Transactions.Creator = Users.Id '; #.
+ 'JOIN Users ON Transactions.Creator = Users.Id '.
+ "LEFT JOIN (
+ SELECT DISTINCT ON (ObjectId)
+ ObjectId, Content
+ FROM ObjectCustomFieldValues
+ JOIN CustomFields
+ ON (ObjectCustomFieldValues.CustomField = CustomFields.Id)
+ WHERE CustomFields.Name = 'TimeType'
+ AND ObjectCustomFieldValues.ObjectType = 'RT::Ticket'
+ AND ObjectCustomFieldValues.Disabled = 0
+ ORDER BY ObjectId ASC, ObjectCustomFieldValues.LastUpdated DESC
+ ) AS ocfv_TimeType ON (Tickets.Id = ocfv_TimeType.ObjectId)
+ ";
my $where = "WHERE Transactions.ObjectType = 'RT::Ticket'";
commit 7f2c31cd55d1f5c49db10e997b9e4756e4f46279
Author: Ivan Kohler <ivan at freeside.biz>
Date: Wed Oct 8 21:40:48 2014 -0700
init applied_time
diff --git a/httemplate/search/rt_transaction.html b/httemplate/search/rt_transaction.html
index eb250fb..c9a305f 100644
--- a/httemplate/search/rt_transaction.html
+++ b/httemplate/search/rt_transaction.html
@@ -56,7 +56,8 @@ my @select = (
);
my @select_total = ( 'COUNT(*)' );
-my ($transaction_time, $applied_time);
+my $transaction_time;
+my $applied_time = '';
my $join = 'JOIN Tickets ON Transactions.ObjectId = Tickets.Id '.
'JOIN Users ON Transactions.Creator = Users.Id '; #.
-----------------------------------------------------------------------
Summary of changes:
httemplate/browse/part_event.html | 6 ++++--
httemplate/search/rt_transaction.html | 3 ++-
2 files changed, 6 insertions(+), 3 deletions(-)
More information about the freeside-commits
mailing list