[freeside-commits] branch master updated. da63c1a666c4a6ff2ca9ac8a53986f4497252909
Ivan
ivan at 420.am
Sat Jul 11 23:44:49 PDT 2015
The branch, master has been updated
via da63c1a666c4a6ff2ca9ac8a53986f4497252909 (commit)
from 990439e2c8c545ea75ba5ded346fd51c4560b805 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit da63c1a666c4a6ff2ca9ac8a53986f4497252909
Author: Ivan Kohler <ivan at freeside.biz>
Date: Sat Jul 11 23:44:45 2015 -0700
secure $cgi->param calls (and include to <& &>)
diff --git a/httemplate/misc/email-customers.html b/httemplate/misc/email-customers.html
index 0c90b07..d2a3928 100644
--- a/httemplate/misc/email-customers.html
+++ b/httemplate/misc/email-customers.html
@@ -50,13 +50,12 @@ should be used to set msgnum or from/subject/html_body cgi params
<FONT SIZE="+2">Sending notice</FONT>
- <% include('/elements/progress-init.html',
+ <& /elements/progress-init.html,
'OneTrueForm',
[ qw( search table from subject html_body text_body msgnum ) ],
$process_url,
$pdest,
- )
- %>
+ &>
% } elsif ( $cgi->param('action') eq 'preview' ) {
@@ -67,29 +66,26 @@ should be used to set msgnum or from/subject/html_body cgi params
% if ( $cgi->param('action') ) {
<TABLE CLASS="fsinnerbox">
- <INPUT TYPE="hidden" NAME="msgnum" VALUE="<% $cgi->param('msgnum') %>">
+ <INPUT TYPE="hidden" NAME="msgnum" VALUE="<% scalar($cgi->param('msgnum')) %>">
% if ( $msg_template ) {
- <% include('/elements/tr-fixed.html',
+ <& /elements/tr-fixed.html,
'label' => 'Template:',
'value' => $msg_template->msgname,
- )
- %>
+ &>
% }
- <% include('/elements/tr-fixed.html',
+ <& /elements/tr-fixed.html,
'field' => 'from',
'label' => 'From:',
'value' => scalar( $from ),
- )
- %>
+ &>
- <% include('/elements/tr-fixed.html',
+ <& /elements/tr-fixed.html,
'field' => 'subject',
'label' => 'Subject:',
'value' => scalar( $subject ),
- )
- %>
+ &>
<INPUT TYPE="hidden" NAME="html_body" VALUE="<% $html_body |h %>">
<TR><TD COLSPAN=2> </TD></TR>
@@ -175,12 +171,11 @@ Template:
'size' => 20,
&>></TD>
- <% include('/elements/tr-input-text.html',
+ <& /elements/tr-input-text.html,
'field' => 'subject',
'label' => 'Subject:',
'size' => 50,
- )
- %>
+ &>
<TR>
<TD ALIGN="right" VALIGN="top" STYLE="padding-top:3px">Message: </TD>
@@ -208,7 +203,7 @@ Template:
</SCRIPT>
% }
-<% include('/elements/footer.html') %>
+<& /elements/footer.html &>
<%init>
@@ -237,7 +232,7 @@ $pdest->{'url'} = $cgi->param('url') if $url;
my %search;
if ( $cgi->param('search') ) {
- %search = %{ thaw(decode_base64($cgi->param('search'))) };
+ %search = %{ thaw(decode_base64( $cgi->param('search') )) };
}
else {
%search = $cgi->Vars;
@@ -282,7 +277,7 @@ if ( $cgi->param('action') eq 'preview' ) {
if ( $cgi->param('msgnum') ) {
$msg_template = qsearchs('msg_template',
- { msgnum => $cgi->param('msgnum') } )
+ { msgnum => scalar($cgi->param('msgnum')) } )
or die "template not found: ".$cgi->param('msgnum');
$sql_query->{'extra_sql'} .= ' LIMIT 1';
$sql_query->{'select'} = "$table.*";
-----------------------------------------------------------------------
Summary of changes:
httemplate/misc/email-customers.html | 33 ++++++++++++++-------------------
1 file changed, 14 insertions(+), 19 deletions(-)
More information about the freeside-commits
mailing list