diff options
author | ivan <ivan> | 2007-12-25 23:49:23 +0000 |
---|---|---|
committer | ivan <ivan> | 2007-12-25 23:49:23 +0000 |
commit | 2a6aa24137ddd389c1e644f5ece325c5b5dbaf3a (patch) | |
tree | 4880aeadc116d1dcb04bb6d0914ac39c17bddc8e /httemplate/edit/part_pkg.cgi | |
parent | a35faaccc20e2214d91876744c45322a3a220bb5 (diff) |
ho ho ho, merry XSSmas
Diffstat (limited to 'httemplate/edit/part_pkg.cgi')
-rwxr-xr-x | httemplate/edit/part_pkg.cgi | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/httemplate/edit/part_pkg.cgi b/httemplate/edit/part_pkg.cgi index 2837e47e7..a337d2272 100755 --- a/httemplate/edit/part_pkg.cgi +++ b/httemplate/edit/part_pkg.cgi @@ -4,9 +4,7 @@ )) %> % #), ' onLoad="visualize()"'); -% if ( $cgi->param('error') ) { - <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT> -% } +<% include('/elements/error.html') %> <FORM NAME="dummy"> @@ -180,10 +178,18 @@ Line-item revenue recognition % } % % push @fixups, "pkg_svc$svcpart"; +% +% my $quan = 0; +% if ( $cgi->param("pkg_svc$svcpart") =~ /^\s*(\d+)\s*$/ ) { +% $quan = $1; +% } elsif ( $pkg_svc->quantity ) { +% $quan = $pkg_svc->quantity; +% } + <TR> <TD> - <INPUT TYPE="text" NAME="pkg_svc<% $svcpart %>" SIZE=4 MAXLENGTH=3 VALUE="<% $cgi->param("pkg_svc$svcpart") || $pkg_svc->quantity || 0 %>"> + <INPUT TYPE="text" NAME="pkg_svc<% $svcpart %>" SIZE=4 MAXLENGTH=3 VALUE="<% $quan %>"> </TD> <TD> @@ -207,10 +213,9 @@ Line-item revenue recognition </TR></TABLE></TD></TR></TABLE> -% foreach my $f ( qw( clone pkgnum ) ) { - - <INPUT TYPE="hidden" NAME="<% $f %>" VALUE="<% $cgi->param($f) %>"> -% } +% foreach my $f ( qw( clone pkgnum ) ) { #safe, these were untained in %init + <INPUT TYPE="hidden" NAME="<% $f %>" VALUE="<% $cgi->param($f) %>"> +% } <INPUT TYPE="hidden" NAME="pkgpart" VALUE="<% $part_pkg->pkgpart %>"> % |