diff options
Diffstat (limited to 'httemplate')
| -rw-r--r-- | httemplate/elements/menu.html | 4 | ||||
| -rwxr-xr-x | httemplate/elements/tr-select-reason.html | 2 | ||||
| -rwxr-xr-x | httemplate/misc/process/void-cust_bill.html | 2 | ||||
| -rwxr-xr-x | httemplate/misc/unapply-cust_credit.cgi | 2 | ||||
| -rwxr-xr-x | httemplate/misc/unapply-cust_pay.cgi | 2 | ||||
| -rwxr-xr-x | httemplate/misc/unvoid-cust_pay_void.cgi | 2 | ||||
| -rwxr-xr-x | httemplate/misc/void-cust_bill.cgi | 46 | ||||
| -rwxr-xr-x | httemplate/misc/void-cust_credit.cgi (renamed from httemplate/misc/void-cust_credit.html) | 2 | ||||
| -rwxr-xr-x | httemplate/misc/void-cust_pay.cgi | 70 | ||||
| -rwxr-xr-x | httemplate/search/report_tax-xls.cgi | 5 | ||||
| -rwxr-xr-x | httemplate/view/cust_bill.cgi | 23 | ||||
| -rw-r--r-- | httemplate/view/cust_main/payment_history/credit.html | 2 | ||||
| -rw-r--r-- | httemplate/view/cust_main/payment_history/invoice.html | 2 | ||||
| -rw-r--r-- | httemplate/view/cust_main/payment_history/payment.html | 20 | ||||
| -rw-r--r-- | httemplate/view/cust_main/payment_history/voided_invoice.html | 2 | ||||
| -rw-r--r-- | httemplate/view/cust_main/payment_history/voided_payment.html | 2 |
16 files changed, 156 insertions, 32 deletions
diff --git a/httemplate/elements/menu.html b/httemplate/elements/menu.html index dcc02c2b1..81c121259 100644 --- a/httemplate/elements/menu.html +++ b/httemplate/elements/menu.html @@ -721,6 +721,10 @@ if ( $curuser->access_right('Configuration') ) { $config_billing{'separator5'} = ''; #its a separator! $config_billing{'Refund reasons'} = [ $fsurl.'browse/reason.html?class=F', 'Refund reasons explain why a refund was issued.' ]; $config_billing{'Refund reason types'} = [ $fsurl.'browse/reason_type.html?class=F', 'Refund reason types define groups of reasons.' ]; + + $config_billing{'separator6'} = ''; #its a separator! + $config_billing{'Void reasons'} = [ $fsurl.'browse/reason.html?class=X', 'Void reasons explain why a void was issued.' ]; + $config_billing{'Void reason types'} = [ $fsurl.'browse/reason_type.html?class=X', 'Void reason types define groups of reasons.' ]; } #XXX also to be unified diff --git a/httemplate/elements/tr-select-reason.html b/httemplate/elements/tr-select-reason.html index 125874694..37a34baba 100755 --- a/httemplate/elements/tr-select-reason.html +++ b/httemplate/elements/tr-select-reason.html @@ -199,7 +199,7 @@ if ($class eq 'C') { } elsif ($class eq 'F') { $add_access_right = 'Add on-the-fly refund reason'; } elsif ($class eq 'X') { - $add_access_right = 'Add on-the-fly void credit reason'; + $add_access_right = 'Add on-the-fly void reason'; } else { die "illegal class: $class"; } diff --git a/httemplate/misc/process/void-cust_bill.html b/httemplate/misc/process/void-cust_bill.html index 7773b0ba9..c0f432b70 100755 --- a/httemplate/misc/process/void-cust_bill.html +++ b/httemplate/misc/process/void-cust_bill.html @@ -1,6 +1,6 @@ %if ( $error ) { % $cgi->param('error', $error); -<% $cgi->redirect(popurl(2). "void-cust_bill.html?". $cgi->query_string ) %> +<% $cgi->redirect(popurl(2). "void-cust_bill.cgi?". $cgi->query_string ) %> %} else { <& /elements/header-popup.html, 'Invoice voided' &> <SCRIPT TYPE="text/javascript"> diff --git a/httemplate/misc/unapply-cust_credit.cgi b/httemplate/misc/unapply-cust_credit.cgi index ed739ac1b..aa1a3a9c2 100755 --- a/httemplate/misc/unapply-cust_credit.cgi +++ b/httemplate/misc/unapply-cust_credit.cgi @@ -1,4 +1,4 @@ -<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %> +<% $cgi->redirect($p. "view/cust_main.cgi?custnum=". $custnum. ";show=payment_history") %> <%init> die "access denied" diff --git a/httemplate/misc/unapply-cust_pay.cgi b/httemplate/misc/unapply-cust_pay.cgi index b0343d034..34c1ecfd3 100755 --- a/httemplate/misc/unapply-cust_pay.cgi +++ b/httemplate/misc/unapply-cust_pay.cgi @@ -1,4 +1,4 @@ -<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %> +<% $cgi->redirect($p. "view/cust_main.cgi?custnum=". $custnum. ";show=payment_history") %> <%init> die "access denied" diff --git a/httemplate/misc/unvoid-cust_pay_void.cgi b/httemplate/misc/unvoid-cust_pay_void.cgi index 4726ee576..84b7879fb 100755 --- a/httemplate/misc/unvoid-cust_pay_void.cgi +++ b/httemplate/misc/unvoid-cust_pay_void.cgi @@ -1,7 +1,7 @@ %if ( $error ) { % errorpage($error); %} else { -<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %> +<% $cgi->redirect($p. "view/cust_main.cgi?custnum=". $custnum. ";show=payment_history") %> %} <%init> diff --git a/httemplate/misc/void-cust_bill.cgi b/httemplate/misc/void-cust_bill.cgi new file mode 100755 index 000000000..213cf9566 --- /dev/null +++ b/httemplate/misc/void-cust_bill.cgi @@ -0,0 +1,46 @@ +<& /elements/header-popup.html, mt('Void invoice') &> + +<% include('/elements/error.html') %> + +<% emt('Are you sure you want to void this invoice?') %> +<BR><BR> + +<% emt("Invoice #[_1] ([_2])",$cust_bill->display_invnum, $money_char. $cust_bill->owed) %> +<BR><BR> + +<FORM METHOD="POST" ACTION="process/void-cust_bill.html"> +<INPUT TYPE="hidden" NAME="invnum" VALUE="<% $invnum %>"> + +<% ntable("#cccccc", 2) %> +<& /elements/tr-select-reason.html, + 'field' => 'reasonnum', + 'reason_class' => 'X', + 'cgi' => $cgi +&> + +</TABLE> + +<BR> +<CENTER> +<BUTTON TYPE="submit">Yes, void invoice</BUTTON> \ +<BUTTON TYPE="button" onClick="parent.cClick();">No, do not void invoice</BUTTON> +</CENTER> + +</FORM> +</BODY> +</HTML> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Void invoices'); + +my $conf = new FS::Conf; +my $money_char = $conf->config('money_char') || '$'; + +#untaint invnum +$cgi->param('invnum') =~ /^(\d+)$/ || die "Illegal invnum"; +my $invnum = $1; + +my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum}); + +</%init> diff --git a/httemplate/misc/void-cust_credit.html b/httemplate/misc/void-cust_credit.cgi index 1e71f0030..f352e6090 100755 --- a/httemplate/misc/void-cust_credit.html +++ b/httemplate/misc/void-cust_credit.cgi @@ -12,7 +12,7 @@ <P ALIGN="center"><B><% mt('Void this credit?') |h %></B> -<FORM action="<% ${p} %>misc/void-cust_credit.html"> +<FORM action="<% ${p} %>misc/void-cust_credit.cgi"> <INPUT TYPE="hidden" NAME="crednum" VALUE="<% $crednum %>"> <TABLE BGCOLOR="#cccccc" BORDER="0" CELLSPACING="2" STYLE="margin-left:auto; margin-right:auto"> diff --git a/httemplate/misc/void-cust_pay.cgi b/httemplate/misc/void-cust_pay.cgi index 31b7a6201..784bb9a94 100755 --- a/httemplate/misc/void-cust_pay.cgi +++ b/httemplate/misc/void-cust_pay.cgi @@ -1,16 +1,52 @@ -%if ( $error ) { -% errorpage($error); +%if ( $success ) { +<& /elements/header-popup.html, mt("Payment voided") &> + <SCRIPT TYPE="text/javascript"> + window.top.location.reload(); + </SCRIPT> + </BODY> +</HTML> %} else { -<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %> +<& /elements/header-popup.html, mt('Void payment') &> + +<& /elements/error.html &> + +<P ALIGN="center"><B><% mt('Void this payment?') |h %></B> + +<FORM action="<% ${p} %>misc/void-cust_pay.cgi"> +<INPUT TYPE="hidden" NAME="paynum" VALUE="<% $paynum %>"> + +<TABLE BGCOLOR="#cccccc" BORDER="0" CELLSPACING="2" STYLE="margin-left:auto; margin-right:auto"> +<& /elements/tr-select-reason.html, + 'field' => 'reasonnum', + 'reason_class' => 'X', + 'cgi' => $cgi +&> +</TABLE> + +<BR> +<P ALIGN="CENTER"> +<INPUT TYPE="submit" NAME="confirm_void_payment" VALUE="<% mt('Void payment') |h %>"> + +<INPUT TYPE="BUTTON" VALUE="<% mt("Don't void payment") |h %>" onClick="parent.cClick();"> + +</FORM> +</BODY> +</HTML> + %} <%init> #untaint paynum -my($query) = $cgi->keywords; -$query =~ /^(\d+)$/ || die "Illegal paynum"; -my $paynum = $1; +my $paynum = $cgi->param('paynum'); +if ($paynum) { + $paynum =~ /^(\d+)$/ || die "Illegal paynum"; +} else { + my($query) = $cgi->keywords; + $query =~ /^(\d+)/ || die "Illegal paynum"; + $paynum = $1; +} -my $cust_pay = qsearchs('cust_pay',{'paynum'=>$paynum}); +my $cust_pay = qsearchs('cust_pay',{'paynum'=>$paynum}) || die "Payment not found"; my $right = 'Void payments'; $right = 'Credit card void' if $cust_pay->payby eq 'CARD'; @@ -19,8 +55,24 @@ $right = 'Echeck void' if $cust_pay->payby eq 'CHEK'; die "access denied" unless $FS::CurrentUser::CurrentUser->access_right($right); -my $custnum = $cust_pay->custnum; +my $success = 0; +if ($cgi->param('confirm_void_payment')) { + + #untaint reasonnum / create new reason + my ($reasonnum, $error) = $m->comp('process/elements/reason'); + if (!$reasonnum) { + $error = 'Reason required'; + } else { + my $reason = qsearchs('reason', { 'reasonnum' => $reasonnum }) + || die "Reason num $reasonnum not found in database"; + $error = $cust_pay->void($reason) unless $error; + } -my $error = $cust_pay->void; + if ($error) { + $cgi->param('error',$error); + } else { + $success = 1; + } +} </%init> diff --git a/httemplate/search/report_tax-xls.cgi b/httemplate/search/report_tax-xls.cgi index 07fcf7cfe..c914d5adc 100755 --- a/httemplate/search/report_tax-xls.cgi +++ b/httemplate/search/report_tax-xls.cgi @@ -24,8 +24,9 @@ if ( $cgi->param('agentnum') =~ /^(\d+)$/ ) { $agentname = $agent->agentname; } -if ( $cgi->param('taxname') =~ /^([\w ]+)$/ ) { - $params{taxname} = $1; +# allow anything in here; FS::Report::Tax will treat it as unsafe +if ( length($cgi->param('taxname')) ) { + $params{taxname} = $cgi->param('taxname'); } else { die "taxname required"; } diff --git a/httemplate/view/cust_bill.cgi b/httemplate/view/cust_bill.cgi index 8884ddea4..6d139747a 100755 --- a/httemplate/view/cust_bill.cgi +++ b/httemplate/view/cust_bill.cgi @@ -9,13 +9,30 @@ function areyousure(href, message) { } </SCRIPT> -% if ( !$cust_bill->closed && $curuser->access_right('Void invoices') ) { +% if ( !$cust_bill->closed ) { # otherwise allow no changes +% my $can_delete = $conf->exists('deleteinvoices') +% && $curuser->access_right('Delete invoices'); +% my $can_void = $curuser->access_right('Void invoices'); +% if ( $can_void ) { <& /elements/popup_link.html, 'label' => emt('Void this invoice'), 'actionlabel' => emt('Void this invoice'), - 'action' => $p.'misc/void-cust_bill.html?invnum='.$invnum, + 'action' => $p.'misc/void-cust_bill.cgi?invnum='.$invnum, &> - <BR><BR> +% } +% if ( $can_void and $can_delete ) { + | +% } +% if ( $can_delete ) { + <A href="" onclick="areyousure(\ + '<%$p%>misc/delete-cust_bill.html?<% $invnum %>',\ + <% mt('Are you sure you want to delete this invoice?') |js_string %>)"\ + TITLE = "<% mt('Delete this invoice from the database completely') |h %>">\ + <% emt('Delete this invoice') |h %></A> +% } +% if ( $can_void or $can_delete ) { + <BR><BR> +% } % } % if ( $cust_bill->owed > 0 diff --git a/httemplate/view/cust_main/payment_history/credit.html b/httemplate/view/cust_main/payment_history/credit.html index db2e5e582..81be1cd7a 100644 --- a/httemplate/view/cust_main/payment_history/credit.html +++ b/httemplate/view/cust_main/payment_history/credit.html @@ -130,7 +130,7 @@ my $void = ''; $void = ' ('. include( '/elements/popup_link.html', 'label' => emt('void'), - 'action' => "${p}misc/void-cust_credit.html?". + 'action' => "${p}misc/void-cust_credit.cgi?". $cust_credit->crednum, 'actionlabel' => emt('Void credit'), ). diff --git a/httemplate/view/cust_main/payment_history/invoice.html b/httemplate/view/cust_main/payment_history/invoice.html index 613936e00..ca59c15fd 100644 --- a/httemplate/view/cust_main/payment_history/invoice.html +++ b/httemplate/view/cust_main/payment_history/invoice.html @@ -27,7 +27,7 @@ if ( $cust_bill->closed !~ /^Y/i && $opt{'Void invoices'} ) { $void = ' ('. include('/elements/popup_link.html', 'label' => emt('void'), - 'action' => "${p}misc/void-cust_bill.html?;invnum=". + 'action' => "${p}misc/void-cust_bill.cgi?;invnum=". $cust_bill->invnum, 'actionlabel' => emt('Void Invoice'), ). diff --git a/httemplate/view/cust_main/payment_history/payment.html b/httemplate/view/cust_main/payment_history/payment.html index d72e34b38..77013140e 100644 --- a/httemplate/view/cust_main/payment_history/payment.html +++ b/httemplate/view/cust_main/payment_history/payment.html @@ -169,8 +169,9 @@ if ( $cust_pay->closed !~ /^Y/i && scalar(@refund_right) ) { my $refundtitle = ($cust_pay->payby =~ /^(CARD|CHEK)$/) - ? emt('Send a refund for this payment to the payment gateway') - : emt('Record a refund for this payment'); + ? emt('Send a refund for this payment to the payment gateway') + : emt('Record a refund for this payment'); + $refund = qq! (<A HREF="${p}edit/cust_refund.cgi?payby=$1;!. qq!paynum=!. $cust_pay->paynum. '"'. qq! TITLE="! . $refundtitle @@ -178,14 +179,17 @@ if ( $cust_pay->closed !~ /^Y/i } my $void = ''; -my $voidmsg = $cust_pay->payby =~ /^(CARD|CHEK)$/ +# note: "TOKN" is not yet supported in stock freeside +my $voidmsg = $cust_pay->payby =~ /^(CARD|CHEK|TOKN)$/ ? ' (' . emt('do not send anything to the payment gateway').')' : ''; -$void = areyousure_link("${p}misc/void-cust_pay.cgi?".$cust_pay->paynum, - emt('Are you sure you want to void this payment?'), - emt('Void this payment from the database') . $voidmsg, - emt('void') - ) +$void = ' ('. + include( '/elements/popup_link.html', + 'label' => emt('void'), + 'action' => "${p}misc/void-cust_pay.cgi?".$cust_pay->paynum, + 'actionlabel' => emt('Void payment'), + ). + ')' if $cust_pay->closed !~ /^Y/i && ( ( $cust_pay->payby eq 'CARD' && $opt{'Credit card void'} ) || ( $cust_pay->payby eq 'CHEK' && $opt{'Echeck void'} ) diff --git a/httemplate/view/cust_main/payment_history/voided_invoice.html b/httemplate/view/cust_main/payment_history/voided_invoice.html index ea61f8446..ff4d12f58 100644 --- a/httemplate/view/cust_main/payment_history/voided_invoice.html +++ b/httemplate/view/cust_main/payment_history/voided_invoice.html @@ -6,7 +6,7 @@ % } % my $reason = $cust_bill_void->reason; % if ($reason) { - (<% $reason %>) + (<% $reason |h %>) % } <% mt("on [_1]", time2str($date_format, $cust_bill_void->void_date) ) |h %> </I> diff --git a/httemplate/view/cust_main/payment_history/voided_payment.html b/httemplate/view/cust_main/payment_history/voided_payment.html index 5c43c91e5..e295f9b3b 100644 --- a/httemplate/view/cust_main/payment_history/voided_payment.html +++ b/httemplate/view/cust_main/payment_history/voided_payment.html @@ -6,7 +6,7 @@ % } % my $reason = $cust_pay_void->reason; % if ($reason) { - (<% $reason %>) + (<% $reason |h %>) % } <% mt("on [_1]", time2str($date_format, $cust_pay_void->void_date) ) |h %> </I> |