[freeside-commits] branch FREESIDE_4_BRANCH updated. 06ae1b10ae5e0aa00b9947edeaf1ef263fc71dc7
Ivan
ivan at 420.am
Sat Jul 11 23:44:55 PDT 2015
The branch, FREESIDE_4_BRANCH has been updated
via 06ae1b10ae5e0aa00b9947edeaf1ef263fc71dc7 (commit)
from 05290277c18bd1465fd772da9e23e54dab310115 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 06ae1b10ae5e0aa00b9947edeaf1ef263fc71dc7
Author: Ivan Kohler <ivan at freeside.biz>
Date: Sat Jul 11 23:44:52 2015 -0700
secure $cgi->param calls (and include to <& &>)
diff --git a/httemplate/misc/email-customers.html b/httemplate/misc/email-customers.html
index 0c90b07..d2a3928 100644
--- a/httemplate/misc/email-customers.html
+++ b/httemplate/misc/email-customers.html
@@ -50,13 +50,12 @@ should be used to set msgnum or from/subject/html_body cgi params
<FONT SIZE="+2">Sending notice</FONT>
- <% include('/elements/progress-init.html',
+ <& /elements/progress-init.html,
'OneTrueForm',
[ qw( search table from subject html_body text_body msgnum ) ],
$process_url,
$pdest,
- )
- %>
+ &>
% } elsif ( $cgi->param('action') eq 'preview' ) {
@@ -67,29 +66,26 @@ should be used to set msgnum or from/subject/html_body cgi params
% if ( $cgi->param('action') ) {
<TABLE CLASS="fsinnerbox">
- <INPUT TYPE="hidden" NAME="msgnum" VALUE="<% $cgi->param('msgnum') %>">
+ <INPUT TYPE="hidden" NAME="msgnum" VALUE="<% scalar($cgi->param('msgnum')) %>">
% if ( $msg_template ) {
- <% include('/elements/tr-fixed.html',
+ <& /elements/tr-fixed.html,
'label' => 'Template:',
'value' => $msg_template->msgname,
- )
- %>
+ &>
% }
- <% include('/elements/tr-fixed.html',
+ <& /elements/tr-fixed.html,
'field' => 'from',
'label' => 'From:',
'value' => scalar( $from ),
- )
- %>
+ &>
- <% include('/elements/tr-fixed.html',
+ <& /elements/tr-fixed.html,
'field' => 'subject',
'label' => 'Subject:',
'value' => scalar( $subject ),
- )
- %>
+ &>
<INPUT TYPE="hidden" NAME="html_body" VALUE="<% $html_body |h %>">
<TR><TD COLSPAN=2> </TD></TR>
@@ -175,12 +171,11 @@ Template:
'size' => 20,
&>></TD>
- <% include('/elements/tr-input-text.html',
+ <& /elements/tr-input-text.html,
'field' => 'subject',
'label' => 'Subject:',
'size' => 50,
- )
- %>
+ &>
<TR>
<TD ALIGN="right" VALIGN="top" STYLE="padding-top:3px">Message: </TD>
@@ -208,7 +203,7 @@ Template:
</SCRIPT>
% }
-<% include('/elements/footer.html') %>
+<& /elements/footer.html &>
<%init>
@@ -237,7 +232,7 @@ $pdest->{'url'} = $cgi->param('url') if $url;
my %search;
if ( $cgi->param('search') ) {
- %search = %{ thaw(decode_base64($cgi->param('search'))) };
+ %search = %{ thaw(decode_base64( $cgi->param('search') )) };
}
else {
%search = $cgi->Vars;
@@ -282,7 +277,7 @@ if ( $cgi->param('action') eq 'preview' ) {
if ( $cgi->param('msgnum') ) {
$msg_template = qsearchs('msg_template',
- { msgnum => $cgi->param('msgnum') } )
+ { msgnum => scalar($cgi->param('msgnum')) } )
or die "template not found: ".$cgi->param('msgnum');
$sql_query->{'extra_sql'} .= ' LIMIT 1';
$sql_query->{'select'} = "$table.*";
-----------------------------------------------------------------------
Summary of changes:
httemplate/misc/email-customers.html | 33 ++++++++++++++-------------------
1 file changed, 14 insertions(+), 19 deletions(-)
More information about the freeside-commits
mailing list