diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2014-11-18 20:10:45 -0800 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2014-11-18 20:10:45 -0800 |
| commit | 7df65c63a5c9ad6b79c60841d0e1eb2a7df520e2 (patch) | |
| tree | 1066975e258a61014432e620d047b4e5a984c737 /httemplate/misc/process | |
| parent | 8c2c7b4dc761ce015972444fb9fb8df7e7a9a5a4 (diff) | |
fix time queue redirection after #30921
Diffstat (limited to 'httemplate/misc/process')
| -rw-r--r-- | httemplate/misc/process/timeworked.html | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/httemplate/misc/process/timeworked.html b/httemplate/misc/process/timeworked.html index 200a7511d..01752e1b7 100644 --- a/httemplate/misc/process/timeworked.html +++ b/httemplate/misc/process/timeworked.html @@ -1,7 +1,7 @@ % if ($error) { <% $cgi->redirect(popurl(2). "timeworked.html?". $cgi->query_string) %> % } else { -<% $cgi->redirect(popurl(3). "search/timeworked.html?begin=$begin;end=$end") %> +<% $cgi->redirect(popurl(3). "search/timeworked.html?begin=$begin;end=$end;category=$category") %> % } <%init> @@ -10,6 +10,9 @@ die "access denied" my($begin, $end) = FS::UI::Web::parse_beginning_ending($cgi); +( my $category = $cgi->param('category') ) =~ /^\w*$/ + or die 'illegal category';#no need for nice error messages for XSS, just avoid + my @acct_rt_transaction; foreach my $transaction ( map { /^transactionid(\d+)$/; $1; } grep /^transactionid\d+$/, $cgi->param |