<% include('/elements/header-popup.html', "$action Customer Note") %>
-% if ( $cgi->param('error') ) {
- <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
- <BR><BR>
-% }
+<% include('/elements/error.html') %>
<FORM ACTION="<% popurl(1) %>process/cust_main_note.cgi" METHOD=POST>
<INPUT TYPE="hidden" NAME="custnum" VALUE="<% $custnum %>">
<INPUT TYPE="hidden" NAME="notenum" VALUE="<% $notenum %>">
-
-<BR><BR>
-<TEXTAREA NAME="comment" ROWS="12" COLS="60">
-<% $comment %>
-</TEXTAREA>
+% if( $FS::CurrentUser::CurrentUser->option('disable_html_editor') ) {
+ <TEXTAREA NAME="comment_plain" ROWS="12" COLS="60"><%
+ join '', split /<br \/>| /, $comment
+ %></TEXTAREA>
+% }
+% else {
+<% include('/elements/htmlarea.html', 'field' => 'comment_html',
+ 'curr_value' => $comment) %>
+% }
<BR><BR>
<INPUT TYPE="submit" VALUE="<% $notenum ? "Apply Changes" : "Add Note" %>">
</HTML>
<%init>
-my($custnum, $comment, $notenum, $action);
-$comment = '';
+my $comment;
+my $notenum = '';
if ( $cgi->param('error') ) {
$comment = $cgi->param('comment');
-}elsif ($cgi->param('notenum')) {
- $cgi->param('notenum') =~ /^(\d+)$/;
+} elsif ( $cgi->param('notenum') =~ /^(\d+)$/ ) {
$notenum = $1;
die "illegal query ". $cgi->keywords unless $notenum;
my $note = qsearchs('cust_main_note', { 'notenum' => $notenum });
$comment = $note->comments;
}
-$cgi->param('notenum') =~ /^(\d+)$/;
-$notenum = $1;
+$comment =~ s/\r//g; # remove weird line breaks to protect FCKeditor
-$cgi->param('custnum') =~ /^(\d+)$/;
-$custnum = $1;
+$cgi->param('custnum') =~ /^(\d+)$/ or die "illeagl custnum";
+my $custnum = $1;
-die "illegal query ". $cgi->keywords unless $custnum;
+my $action = $notenum ? 'Edit' : 'Add';
-$action = $notenum ? 'Edit' : 'Add';
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right("$action customer note");
</%init>