projects
/
freeside.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
including error message, and moving session_id reset outside of the conditional block
[freeside.git]
/
httemplate
/
browse
/
part_event.html
diff --git
a/httemplate/browse/part_event.html
b/httemplate/browse/part_event.html
index
0399643
..
ba036c8
100644
(file)
--- a/
httemplate/browse/part_event.html
+++ b/
httemplate/browse/part_event.html
@@
-47,7
+47,7
@@
my $event_sub = sub {
my $onclick = include('/elements/popup_link_onclick.html',
action => $p.'view/part_event-targets.html?eventpart='.
$part_event->eventpart,
my $onclick = include('/elements/popup_link_onclick.html',
action => $p.'view/part_event-targets.html?eventpart='.
$part_event->eventpart,
- actionlabel => 'Event query - '.$part_event->event,
+ actionlabel => 'Event query
', #no, XSS
- '.$part_event->event,
width => 650,
height => 420,
close_text => 'Close',
width => 650,
height => 420,
close_text => 'Close',
@@
-55,14
+55,14
@@
my $event_sub = sub {
[#rows
[#subcolumns
{
[#rows
[#subcolumns
{
- 'data'
=> $part_event->event
,
- 'link' => $p.'edit/part_event.html?'.$part_event->eventpart,
+ 'data'
=> encode_entities($part_event->event)
,
+ 'link'
=> $p.'edit/part_event.html?'.$part_event->eventpart,
},
{
},
{
- 'data'
=> '
(query) ',
- 'size' => '-1',
- 'data_style'
=> 'b',
- 'onclick' => $onclick,
+ 'data'
=> '
(query) ',
+ 'size'
=> '-1',
+ 'data_style' => 'b',
+ 'onclick'
=> $onclick,
},
],
];
},
],
];
@@
-174,7
+174,7
@@
my $html_init =
qq!<A HREF="${p}edit/part_event.html"><I>Add a new event</I></A>!.
' or <SELECT NAME="clone"><OPTION></OPTION>';
qq!<A HREF="${p}edit/part_event.html"><I>Add a new event</I></A>!.
' or <SELECT NAME="clone"><OPTION></OPTION>';
-foreach my $part_event ( qsearch('part_event', {'diabled'=>''}) ) {
+foreach my $part_event ( qsearch('part_event', {'di
s
abled'=>''}) ) {
$html_init .= '<OPTION VALUE="'. $part_event->eventpart. '">'.
$part_event->eventpart. ': '. $part_event->event. '</OPTION>';
}
$html_init .= '<OPTION VALUE="'. $part_event->eventpart. '">'.
$part_event->eventpart. ': '. $part_event->event. '</OPTION>';
}
@@
-188,7
+188,7
@@
my $count_query = 'SELECT COUNT(*) FROM part_event WHERE '.
'viewall_right' => 'None',
);
'viewall_right' => 'None',
);
-my $join_conditions = FS::part_event_condition->join_conditions_sql;
+my $join_conditions = FS::part_event_condition->join_conditions_sql
('', 'time' => time)
;
my $order_conditions = FS::part_event_condition->order_conditions_sql;
</%init>
my $order_conditions = FS::part_event_condition->order_conditions_sql;
</%init>