summaryrefslogtreecommitdiff
path: root/httemplate/misc
diff options
context:
space:
mode:
authorivan <ivan>2007-12-25 23:50:19 +0000
committerivan <ivan>2007-12-25 23:50:19 +0000
commit954ed54e8053a3333ca407deb5efcfffb4f28f8d (patch)
tree660ae00d4b5cd34b86df03ab341ba693414453d1 /httemplate/misc
parent5b154002e54a10d763d0039fe925a98c04da18e2 (diff)
ho ho ho, merry XSSmas
Diffstat (limited to 'httemplate/misc')
-rw-r--r--httemplate/misc/batch-cust_pay.html6
-rw-r--r--httemplate/misc/cancel_cust.html5
-rwxr-xr-xhttemplate/misc/cancel_pkg.html5
-rwxr-xr-xhttemplate/misc/change_pkg.cgi5
-rw-r--r--httemplate/misc/process/meta-import.cgi4
-rwxr-xr-xhttemplate/misc/recharge_svc.html5
6 files changed, 8 insertions, 22 deletions
diff --git a/httemplate/misc/batch-cust_pay.html b/httemplate/misc/batch-cust_pay.html
index d85f3b6c3..341629ba6 100644
--- a/httemplate/misc/batch-cust_pay.html
+++ b/httemplate/misc/batch-cust_pay.html
@@ -5,12 +5,8 @@
( $cgi->param('error') ? '' : 'onload="addRow()"' ),
)
%>
-% if ( $cgi->param('error') ) {
-
- <FONT SIZE="+1" COLOR="#ff0000"><% $cgi->param('error') %></FONT><BR><BR>
-% }
-
+<% include('/elements/error.html') %>
<FORM ACTION="process/batch-cust_pay.cgi" NAME="OneTrueForm" METHOD="POST" onsubmit="document.OneTrueForm.submit.disabled=true;">
diff --git a/httemplate/misc/cancel_cust.html b/httemplate/misc/cancel_cust.html
index 022fc108f..11ade7e15 100644
--- a/httemplate/misc/cancel_cust.html
+++ b/httemplate/misc/cancel_cust.html
@@ -1,9 +1,6 @@
<% include('/elements/header-popup.html', 'Cancel customer' ) %>
-% if ( $cgi->param('error') ) {
- <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
- <BR><BR>
-% }
+<% include('/elements/error.html') %>
<FORM NAME="cust_cancel_popup" ACTION="<% popurl(1) %>cust_main-cancel.cgi" METHOD=POST>
<INPUT TYPE="hidden" NAME="custnum" VALUE="<% $custnum %>">
diff --git a/httemplate/misc/cancel_pkg.html b/httemplate/misc/cancel_pkg.html
index b085d2281..28d0dd912 100755
--- a/httemplate/misc/cancel_pkg.html
+++ b/httemplate/misc/cancel_pkg.html
@@ -9,10 +9,7 @@
<SCRIPT TYPE="text/javascript" SRC="../elements/calendar-en.js"></SCRIPT>
<SCRIPT TYPE="text/javascript" SRC="../elements/calendar-setup.js"></SCRIPT>
-% if ( $cgi->param('error') ) {
- <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
- <BR><BR>
-% }
+<% include('/elements/error.html') %>
<FORM NAME="sc_popup" ACTION="<% popurl(1) %>process/cancel_pkg.html" METHOD=POST>
<INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>">
diff --git a/httemplate/misc/change_pkg.cgi b/httemplate/misc/change_pkg.cgi
index 4bf15a1fa..7c88876d4 100755
--- a/httemplate/misc/change_pkg.cgi
+++ b/httemplate/misc/change_pkg.cgi
@@ -1,9 +1,6 @@
<% include('/elements/header-popup.html', "Change Package") %>
-% if ( $cgi->param('error') ) {
- <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
- <BR><BR>
-% }
+<% include('/elements/error.html') %>
<FORM ACTION="<% $p %>edit/process/cust_pkg.cgi" METHOD=POST>
<INPUT TYPE="hidden" NAME="custnum" VALUE="<% $custnum %>">
diff --git a/httemplate/misc/process/meta-import.cgi b/httemplate/misc/process/meta-import.cgi
index 5a97d1160..1cf178c08 100644
--- a/httemplate/misc/process/meta-import.cgi
+++ b/httemplate/misc/process/meta-import.cgi
@@ -182,4 +182,6 @@ function SafeOnsubmit() {
% }
%
%
-
+<%init>
+die "meta-import script not currently enabled"; #make XSS-safe if this is used for more than just admins to import data....
+</%init>
diff --git a/httemplate/misc/recharge_svc.html b/httemplate/misc/recharge_svc.html
index 634be0600..a3de13d92 100755
--- a/httemplate/misc/recharge_svc.html
+++ b/httemplate/misc/recharge_svc.html
@@ -1,9 +1,6 @@
<% include('/elements/header-popup.html', 'Recharge Service' ) %>
-% if ( $cgi->param('error') ) {
- <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
- <BR><BR>
-% }
+<% include('/elements/error.html') %>
<FORM NAME="recharge_popup" ACTION="<% popurl(1) %>process/recharge_svc.html" METHOD=POST>
<INPUT TYPE="hidden" NAME="svcnum" VALUE="<% $svcnum %>">