diff options
| author | ivan <ivan> | 2007-12-26 07:51:37 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2007-12-26 07:51:37 +0000 |
| commit | ea75c42317d8f327d9dbbbf2f6127dc987f60b66 (patch) | |
| tree | 4d023c96dd21f138df07858ef1c01abef2f52ad9 | |
| parent | 2a6aa24137ddd389c1e644f5ece325c5b5dbaf3a (diff) | |
alas, XSSmas draws to a close
| -rw-r--r-- | httemplate/edit/quick-charge.html | 30 |
1 files changed, 21 insertions, 9 deletions
diff --git a/httemplate/edit/quick-charge.html b/httemplate/edit/quick-charge.html index 5d4bc2e1c..92e0ae753 100644 --- a/httemplate/edit/quick-charge.html +++ b/httemplate/edit/quick-charge.html @@ -2,10 +2,8 @@ ( $cgi->param('error') ? '' : 'onload="addRow()"' ), ) %> -% if ( $cgi->param('error') ) { - <FONT SIZE="+1" COLOR="#ff0000"><% $cgi->param('error') %></FONT><BR><BR> -% } +<% include('/elements/error.html') %> <SCRIPT TYPE="text/javascript"> @@ -73,23 +71,22 @@ function validate_quick_charge () { </SCRIPT> - - <FORM ACTION="process/quick-charge.cgi" NAME="QuickChargeForm" METHOD="POST" onsubmit="document.QuickChargeForm.submit.disabled=true;return validate_quick_charge();"> -<INPUT TYPE="hidden" NAME="custnum" VALUE="<% $cgi->param('custnum') %>"> +<INPUT TYPE="hidden" NAME="custnum" VALUE="<% $custnum %>"> + <TABLE ID="QuickChargeTable" BGCOLOR="#cccccc" BORDER=0 CELLSPACING=0 STYLE="background-color: #cccccc"> <TR> <TD ALIGN="right">Amount:</TD> <TD> - $<INPUT TYPE="text" NAME="amount" SIZE=6 VALUE="<% $cgi->param('amount') %>" onChange="enable_quick_charge()" onKeyPress="enable_quick_charge_amount()"> + $<INPUT TYPE="text" NAME="amount" SIZE=6 VALUE="<% $amount %>" onChange="enable_quick_charge()" onKeyPress="enable_quick_charge_amount()"> </TD> <% include('/elements/tr-select-taxclass.html') %> </TR> <TD>Description:</TD> <TD> - <INPUT TYPE="text" NAME="pkg" SIZE="60" MAXLENGTH="65" VALUE="<% $cgi->param('pkg') %>" onChange="enable_quick_charge()" onKeyPress="enable_quick_charge_desc()"> + <INPUT TYPE="text" NAME="pkg" SIZE="60" MAXLENGTH="65" VALUE="<% $pkg %>" onChange="enable_quick_charge()" onKeyPress="enable_quick_charge_desc()"> </TD> </TR> <TR> @@ -106,7 +103,7 @@ function validate_quick_charge () { <TR> <TD></TD> <TD> - <INPUT TYPE="text" NAME="description<% $row %>" SIZE="60" MAXLENGTH="65" VALUE="<% $param->{"description$row"} %>" rownum="<% $row %>" onkeyup = "possiblyAddRow;" > + <INPUT TYPE="text" NAME="description<% $row %>" SIZE="60" MAXLENGTH="65" VALUE="<% $param->{"description$row"} |h %>" rownum="<% $row %>" onkeyup = "possiblyAddRow;" > </TD> </TR> % } @@ -164,3 +161,18 @@ function validate_quick_charge () { </BODY> </HTML> +<%init> + +$cgi->param('custnum') =~ /^(\d+)$/ or die 'illegal custnum'; +my $custnum = $1; + +my $amount = ''; +if ( $cgi->param('amount') =~ /^\s*\$?\s*(\d+(\.\d{1,2})?)\s*$/ ) { + $amount = $1; +} + +$cgi->param('pkg') =~ /^([\w \!\@\#\$\%\&\(\)\-\+\;\:\'\"\,\.\?\/\=\[\]]*)$/ + or die 'illegal description'; +my $pkg = $1; + +</%init> |