summaryrefslogtreecommitdiff
path: root/httemplate/edit/cust_main_attach.cgi
diff options
context:
space:
mode:
authormark <mark>2011-07-31 08:11:51 +0000
committermark <mark>2011-07-31 08:11:51 +0000
commitecacdc093c236a548e819406dbbd56067ec352e4 (patch)
treee304739c91a800e9dfb258f01e7292e016dd008a /httemplate/edit/cust_main_attach.cgi
parent8540e77a4e36da552b518c13200e07570182676b (diff)
clean attachment filenames, #13843
Diffstat (limited to 'httemplate/edit/cust_main_attach.cgi')
-rwxr-xr-xhttemplate/edit/cust_main_attach.cgi20
1 files changed, 11 insertions, 9 deletions
diff --git a/httemplate/edit/cust_main_attach.cgi b/httemplate/edit/cust_main_attach.cgi
index 4d9688fe9..0880c760a 100755
--- a/httemplate/edit/cust_main_attach.cgi
+++ b/httemplate/edit/cust_main_attach.cgi
@@ -6,19 +6,22 @@
<INPUT TYPE="hidden" NAME="custnum" VALUE="<% $custnum %>">
<INPUT TYPE="hidden" NAME="attachnum" VALUE="<% $attachnum %>">
-<BR><BR>
-
-<TABLE BGCOLOR="#cccccc" CELLSPACING=0>
% if(defined $attach) {
% if($curuser->access_right("Download attachment")) {
<A HREF="<% $p.'view/attachment.html?'.$attachnum %>">Download this file</A><BR>
% }
+% }
+
+<BR>
+<TABLE BGCOLOR="#cccccc" CELLSPACING=0>
+
+% if ( defined $attach ) {
<TR><TD> Filename </TD>
-<TD><INPUT TYPE="text" NAME="filename" SIZE=40 MAXLENGTH=255 VALUE="<% $attach->filename %>"<% $disabled %>></TD></TR>
+<TD><INPUT TYPE="text" NAME="file" SIZE=40 MAXLENGTH=255 VALUE="<% $cgi->param('file') || $attach->filename |h %>"<% $disabled %>></TD></TR>
<TR><TD> Description </TD>
-<TD><INPUT TYPE="text" NAME="title" SIZE=40 MAXLENGTH=80 VALUE="<% $attach->title %>"<% $disabled %></TD></TR>
+<TD><INPUT TYPE="text" NAME="title" SIZE=40 MAXLENGTH=80 VALUE="<% $cgi->param('title') || $attach->title |h %>"<% $disabled %></TD></TR>
<TR><TD> MIME type </TD>
-<TD><INPUT TYPE="text" NAME="mime_type" VALUE="<% $attach->mime_type %>"<% $disabled %></TD></TR>
+<TD><INPUT TYPE="text" NAME="mime_type" SIZE=40 VALUE="<% $cgi->param('mime_type') || $attach->mime_type |h %>"<% $disabled %></TD></TR>
<TR><TD> Size </TD><TD><% $attach->size %></TD></TR>
% }
% else { # !defined $attach
@@ -47,9 +50,8 @@ my $curuser = $FS::CurrentUser::CurrentUser;
my $attachnum = '';
my $attach;
-if ( $cgi->param('error') ) {
- #$comment = $cgi->param('comment');
-} elsif ( $cgi->param('attachnum') =~ /^(\d+)$/ ) {
+
+if ( $cgi->param('attachnum') =~ /^(\d+)$/ ) {
$attachnum = $1;
die "illegal query ". $cgi->keywords unless $attachnum;
$attach = qsearchs('cust_attachment', { 'attachnum' => $attachnum });
generated by cgit v1.2.1 (git 2.18.0) at 2025-06-13 11:45:23 +0000