my $onclick = include('/elements/popup_link_onclick.html',
action => $p.'view/part_event-targets.html?eventpart='.
$part_event->eventpart,
- actionlabel => 'Event query - '.$part_event->event,
+ actionlabel => 'Event query', #no, XSS - '.$part_event->event,
width => 650,
height => 420,
close_text => 'Close',
[#rows
[#subcolumns
{
- 'data' => $part_event->event,
- 'link' => $p.'edit/part_event.html?'.$part_event->eventpart,
+ 'data' => encode_entities($part_event->event),
+ 'link' => $p.'edit/part_event.html?'.$part_event->eventpart,
},
{
- 'data' => ' (query) ',
- 'size' => '-1',
- 'data_style' => 'b',
- 'onclick' => $onclick,
+ 'data' => '(query) ',
+ 'size' => '-1',
+ 'data_style' => 'b',
+ 'onclick' => $onclick,
},
],
];
' or <SELECT NAME="clone"><OPTION></OPTION>';
foreach my $part_event ( qsearch('part_event', {'disabled'=>''}) ) {
- $html_init .= '<OPTION VALUE="'. $part_event->eventpart. '">'.
- $part_event->eventpart. ': '. $part_event->event. '</OPTION>';
+ $html_init .= '<OPTION VALUE="'. $part_event->eventpart. '">'.
+ $part_event->eventpart. ': '.
+ encode_entities($part_event->event).
+ '</OPTION>';
}
$html_init .= '</SELECT><INPUT TYPE="submit" VALUE="Clone existing event">'.
'viewall_right' => 'None',
);
-my $join_conditions = FS::part_event_condition->join_conditions_sql;
+my $join_conditions = FS::part_event_condition->join_conditions_sql('', 'time' => time);
my $order_conditions = FS::part_event_condition->order_conditions_sql;
</%init>