From f49f11d4c3c4ba9480cc5c9acfaa606a5ba73ad1 Mon Sep 17 00:00:00 2001 From: ivan Date: Sun, 13 Jan 2008 21:14:19 +0000 Subject: ACLs --- httemplate/misc/delete-cust_pay.cgi | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) (limited to 'httemplate/misc/delete-cust_pay.cgi') diff --git a/httemplate/misc/delete-cust_pay.cgi b/httemplate/misc/delete-cust_pay.cgi index a0fa414d5..38e7e4ba1 100755 --- a/httemplate/misc/delete-cust_pay.cgi +++ b/httemplate/misc/delete-cust_pay.cgi @@ -1,17 +1,21 @@ -% -% -%#untaint paynum -%my($query) = $cgi->keywords; -%$query =~ /^(\d+)$/ || die "Illegal paynum"; -%my $paynum = $1; -% -%my $cust_pay = qsearchs('cust_pay',{'paynum'=>$paynum}); -%my $custnum = $cust_pay->custnum; -% -%my $error = $cust_pay->delete; -%errorpage($error) if $error; -% -%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum); -% -% +% if ( $error ) { +% errorpage($error); +% } else { +<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %> +% } +<%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Delete payment'); + +#untaint paynum +my($query) = $cgi->keywords; +$query =~ /^(\d+)$/ || die "Illegal paynum"; +my $paynum = $1; + +my $cust_pay = qsearchs('cust_pay',{'paynum'=>$paynum}); +my $custnum = $cust_pay->custnum; + +my $error = $cust_pay->delete; + + -- cgit v1.2.1