diff options
| author | C.J. Adams-Collier <cjac@colliertech.org> | 2014-09-04 17:24:49 -0700 |
|---|---|---|
| committer | C.J. Adams-Collier <cjac@colliertech.org> | 2014-09-04 17:25:42 -0700 |
| commit | c9b7e9bd253b26a35e9821a877d0ae5d30105d38 (patch) | |
| tree | 4fefd1d658584d86943fe6299d10d9ead0de34e6 /httemplate/edit/process | |
| parent | 5f5fbed30812124e5865c4aaf20c927f7d2d01bd (diff) | |
fix for lack of input validation - RT#15405
Diffstat (limited to 'httemplate/edit/process')
| -rw-r--r-- | httemplate/edit/process/part_event.html | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/httemplate/edit/process/part_event.html b/httemplate/edit/process/part_event.html index a8c434c1a..481439d53 100644 --- a/httemplate/edit/process/part_event.html +++ b/httemplate/edit/process/part_event.html @@ -85,6 +85,21 @@ if ( $cgi->param('_initialize') ) { $cgi->param('disabled', 'Y'); } + + my $balance_age_rx = qr/^(condition.+)\.balance_age\.age$/; + + foreach my $param ( keys %{ $cgi->Vars() } ){ + + next unless ( $param =~ /$balance_age_rx/ ); + next unless $cgi->param($1) eq 'balance_age'; + + my $errstr = FS::part_event::Condition::balance_age-> + check_options( { age => $cgi->param($param), + age_units => $cgi->param("${param}_units") } ); + + return $errstr if $errstr; + } + return ''; }, 'noerror_callback' => sub { |