[freeside-commits] branch master updated. cabd4b54169356d298b05c826c3fd549c2fb22bf
David F. Houghton
houghton at 420.am
Wed Sep 10 14:00:28 PDT 2014
The branch, master has been updated
via cabd4b54169356d298b05c826c3fd549c2fb22bf (commit)
from 55a9939e17ab945d00336317b9842f17cc27ba6e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit cabd4b54169356d298b05c826c3fd549c2fb22bf
Author: David Houghton <houghton at freeside.biz>
Date: Wed Sep 10 16:54:37 2014 -0400
ticket: 27309; use dbh->quote
Sorry, I shouldn't have missed this. I've gotten used to using either
DBIx::Class to construct queries for me or using whole prepared statements,
which handle the quoting automagically. I've gotten out of practice with
SQL created piecemeal.
diff --git a/httemplate/search/cdr.html b/httemplate/search/cdr.html
index 10b3863..778799b 100644
--- a/httemplate/search/cdr.html
+++ b/httemplate/search/cdr.html
@@ -264,11 +264,9 @@ if ( $cgi->param('acctid') =~ /\d/ ) {
if ( $cgi->param('accountcode') =~ /\S/ ) {
my $accountcode = $cgi->param('accountcode');
my @accountcode = map {
- ( my $v = $_ ) =~ s/^\s+|\s+$//g;
- if ( $v =~ /'/ ) { $v =~ s/'/\\'/g; $v = "E'$v'" }
- elsif ( length $v ) { $v = "'$v'" }
- length $v ? $v : ()
- } grep /\S/, split /\R/, $accountcode;
+ ( my $v = $_ ) =~ s/^\s+|\s+$//g; # trim margin whitespace
+ length $v ? dbh->quote($v) : ()
+ } grep /\S/, split /\R/, $accountcode; # collect non-trivial lines
if (@accountcode) {
my $search = 'accountcode IN ( ' . join( ',', @accountcode ) . ' )';
push @qsearch, $search;
-----------------------------------------------------------------------
Summary of changes:
httemplate/search/cdr.html | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
More information about the freeside-commits
mailing list