projects
/
freeside.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
add comment selection and change zero recurring flags, RT#41733
[freeside.git]
/
httemplate
/
misc
/
process
/
timeworked.html
diff --git
a/httemplate/misc/process/timeworked.html
b/httemplate/misc/process/timeworked.html
index
200a751
..
01752e1
100644
(file)
--- a/
httemplate/misc/process/timeworked.html
+++ b/
httemplate/misc/process/timeworked.html
@@
-1,7
+1,7
@@
% if ($error) {
<% $cgi->redirect(popurl(2). "timeworked.html?". $cgi->query_string) %>
% } else {
% if ($error) {
<% $cgi->redirect(popurl(2). "timeworked.html?". $cgi->query_string) %>
% } else {
-<% $cgi->redirect(popurl(3). "search/timeworked.html?begin=$begin;end=$end") %>
+<% $cgi->redirect(popurl(3). "search/timeworked.html?begin=$begin;end=$end
;category=$category
") %>
% }
<%init>
% }
<%init>
@@
-10,6
+10,9
@@
die "access denied"
my($begin, $end) = FS::UI::Web::parse_beginning_ending($cgi);
my($begin, $end) = FS::UI::Web::parse_beginning_ending($cgi);
+( my $category = $cgi->param('category') ) =~ /^\w*$/
+ or die 'illegal category';#no need for nice error messages for XSS, just avoid
+
my @acct_rt_transaction;
foreach my $transaction (
map { /^transactionid(\d+)$/; $1; } grep /^transactionid\d+$/, $cgi->param
my @acct_rt_transaction;
foreach my $transaction (
map { /^transactionid(\d+)$/; $1; } grep /^transactionid\d+$/, $cgi->param