ho ho ho, merry XSSmas

author: ivan <ivan> 2007-12-25 23:49:23 +0000
committer: ivan <ivan> 2007-12-25 23:49:23 +0000
commit: 2a6aa24137ddd389c1e644f5ece325c5b5dbaf3a (patch)
tree: 4880aeadc116d1dcb04bb6d0914ac39c17bddc8e /httemplate/misc
parent: a35faaccc20e2214d91876744c45322a3a220bb5 (diff)
6 files changed, 8 insertions, 22 deletions
diff --git a/httemplate/misc/batch-cust_pay.html b/httemplate/misc/batch-cust_pay.html
index f2f446001..89dd68a62 100644
--- a/httemplate/misc/batch-cust_pay.html
+++ b/httemplate/misc/batch-cust_pay.html
@@ -2,12 +2,8 @@
             menubar( 'Main Menu' => $p ),
           )
 %>
-% if ( $cgi->param('error') ) { 
-
-  <FONT SIZE="+1" COLOR="#ff0000"><% $cgi->param('error') %></FONT><BR><BR>
-% } 
-
 
+<% include('/elements/error.html') %>
 
 <FORM ACTION="process/batch-cust_pay.cgi" NAME="OneTrueForm" METHOD="POST" onsubmit="document.OneTrueForm.submit.disabled=true;">
 
diff --git a/httemplate/misc/cancel_cust.html b/httemplate/misc/cancel_cust.html
index a757aa6e3..634000d70 100644
--- a/httemplate/misc/cancel_cust.html
+++ b/httemplate/misc/cancel_cust.html
@@ -1,9 +1,6 @@
 <% include('/elements/header-popup.html', 'Cancel customer' ) %>
 
-% if ( $cgi->param('error') ) { 
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-  <BR><BR>
-% } 
+<% include('/elements/error.html') %>
 
 <FORM NAME="cust_cancel_popup" ACTION="<% popurl(1) %>cust_main-cancel.cgi" METHOD=POST>
 <INPUT TYPE="hidden" NAME="custnum" VALUE="<% $custnum %>">
diff --git a/httemplate/misc/cancel_pkg.html b/httemplate/misc/cancel_pkg.html
index 642f0c83e..7cbaf1d82 100755
--- a/httemplate/misc/cancel_pkg.html
+++ b/httemplate/misc/cancel_pkg.html
@@ -9,10 +9,7 @@
 <SCRIPT TYPE="text/javascript" SRC="../elements/calendar-en.js"></SCRIPT>
 <SCRIPT TYPE="text/javascript" SRC="../elements/calendar-setup.js"></SCRIPT>
 
-% if ( $cgi->param('error') ) { 
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-  <BR><BR>
-% } 
+<% include('/elements/error.html') %>
 
 <FORM NAME="sc_popup" ACTION="<% popurl(1) %>process/cancel_pkg.html" METHOD=POST>
 <INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>">
diff --git a/httemplate/misc/change_pkg.cgi b/httemplate/misc/change_pkg.cgi
index 4bf15a1fa..7c88876d4 100755
--- a/httemplate/misc/change_pkg.cgi
+++ b/httemplate/misc/change_pkg.cgi
@@ -1,9 +1,6 @@
 <% include('/elements/header-popup.html', "Change Package") %>
 
-% if ( $cgi->param('error') ) {
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-  <BR><BR>
-% }
+<% include('/elements/error.html') %>
 
 <FORM ACTION="<% $p %>edit/process/cust_pkg.cgi" METHOD=POST>
 <INPUT TYPE="hidden" NAME="custnum" VALUE="<% $custnum %>">
diff --git a/httemplate/misc/process/meta-import.cgi b/httemplate/misc/process/meta-import.cgi
index 5a97d1160..1cf178c08 100644
--- a/httemplate/misc/process/meta-import.cgi
+++ b/httemplate/misc/process/meta-import.cgi
@@ -182,4 +182,6 @@ function SafeOnsubmit() {
 %  }
 %
 %
-
+<%init>
+die "meta-import script not currently enabled"; #make XSS-safe if this is used for more than just admins to import data....
+</%init>
diff --git a/httemplate/misc/recharge_svc.html b/httemplate/misc/recharge_svc.html
index 634be0600..a3de13d92 100755
--- a/httemplate/misc/recharge_svc.html
+++ b/httemplate/misc/recharge_svc.html
@@ -1,9 +1,6 @@
 <% include('/elements/header-popup.html', 'Recharge Service' ) %>
 
-% if ( $cgi->param('error') ) { 
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-  <BR><BR>
-% } 
+<% include('/elements/error.html') %>
 
 <FORM NAME="recharge_popup" ACTION="<% popurl(1) %>process/recharge_svc.html" METHOD=POST>
 <INPUT TYPE="hidden" NAME="svcnum" VALUE="<% $svcnum %>">
author	ivan <ivan>	2007-12-25 23:49:23 +0000
committer	ivan <ivan>	2007-12-25 23:49:23 +0000
commit	2a6aa24137ddd389c1e644f5ece325c5b5dbaf3a (patch)
tree	4880aeadc116d1dcb04bb6d0914ac39c17bddc8e /httemplate/misc
parent	a35faaccc20e2214d91876744c45322a3a220bb5 (diff)