diff options
author | ivan <ivan> | 2008-01-13 21:35:54 +0000 |
---|---|---|
committer | ivan <ivan> | 2008-01-13 21:35:54 +0000 |
commit | 0930d22ffc440f80c1b222b2e750cadbabd9e8f6 (patch) | |
tree | 59d6738ed4c685cd9bec804e9d3f661f4f37d72c /httemplate/edit/process/quick-cust_pkg.cgi | |
parent | f49f11d4c3c4ba9480cc5c9acfaa606a5ba73ad1 (diff) |
ACLs
Diffstat (limited to 'httemplate/edit/process/quick-cust_pkg.cgi')
-rw-r--r-- | httemplate/edit/process/quick-cust_pkg.cgi | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/httemplate/edit/process/quick-cust_pkg.cgi b/httemplate/edit/process/quick-cust_pkg.cgi index 66d02e3..6b65653 100644 --- a/httemplate/edit/process/quick-cust_pkg.cgi +++ b/httemplate/edit/process/quick-cust_pkg.cgi @@ -1,17 +1,6 @@ -%#untaint custnum -%$cgi->param('custnum') =~ /^(\d+)$/ -% or die 'illegal custnum '. $cgi->param('custnum'); -%my $custnum = $1; -%$cgi->param('pkgpart') =~ /^(\d+)$/ -% or die 'illegal pkgpart '. $cgi->param('pkgpart'); -%my $pkgpart = $1; -% -%my @cust_pkg = (); -%my $error = FS::cust_pkg::order($custnum, [ $pkgpart ], [], \@cust_pkg, [ $cgi->param('refnum') ] ); -% %if ($error) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). 'misc/order_pkg.html?'. $cgi->query_string ); +<% $cgi->redirect(popurl(2). 'misc/order_pkg.html?'. $cgi->query_string ) %> %} else { % my $frag = "cust_pkg". $cust_pkg[0]->pkgnum; <% header('Package ordered') %> @@ -25,3 +14,20 @@ </BODY></HTML> %} +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Order customer package'); + +#untaint custnum +$cgi->param('custnum') =~ /^(\d+)$/ + or die 'illegal custnum '. $cgi->param('custnum'); +my $custnum = $1; +$cgi->param('pkgpart') =~ /^(\d+)$/ + or die 'illegal pkgpart '. $cgi->param('pkgpart'); +my $pkgpart = $1; + +my @cust_pkg = (); +my $error = FS::cust_pkg::order($custnum, [ $pkgpart ], [], \@cust_pkg, [ $cgi->param('refnum') ] ); + +</%init> |