+<% header("Package $past{$method}") %>
+ <SCRIPT TYPE="text/javascript">
+ window.top.location.reload();
+ </SCRIPT>
+ </BODY>
+</HTML>
+<%once>
+
+my %past = ( 'cancel' => 'cancelled',
+ 'expire' => 'expired',
+ 'suspend' => 'suspended',
+ 'adjourn' => 'adjourned',
+ );
+
+#i'm sure this is false laziness with somewhere, at least w/misc/cancel_pkg.html
+my %right = ( 'cancel' => 'Cancel customer package immediately',
+ 'expire' => 'Cancel customer package later',
+ 'suspend' => 'Suspend customer package',
+ 'adjourn' => 'Suspend customer package later',
+ );
+
+</%once>
<%init>
+
#untaint method
my $method = $cgi->param('method');
-$method =~ /^(cancel|expire|suspend|adjourn)$/ || die "Illegal method";
+$method =~ /^(cancel|expire|suspend|adjourn)$/ or die "Illegal method";
$method = $1;
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right($right{$method});
+
#untaint pkgnum
my $pkgnum = $cgi->param('pkgnum');
-$pkgnum =~ /^(\d+)$/ || die "Illegal pkgnum";
+$pkgnum =~ /^(\d+)$/ or die "Illegal pkgnum";
$pkgnum = $1;
#untaint reasonnum
my $reasonnum = $cgi->param('reasonnum');
-$reasonnum =~ /^(-?\d+)$/ || die "Illegal reasonnum";
+$reasonnum =~ /^(-?\d+)$/ or die "Illegal reasonnum";
$reasonnum = $1;
my $date = time;
if ($method eq 'expire' || $method eq 'adjourn'){
#untaint date
$date = $cgi->param('date');
- str2time($cgi->param('date')) =~ /^(\d+)$/ || die "Illegal date";
+ str2time($cgi->param('date')) =~ /^(\d+)$/ or die "Illegal date";
$date = $1;
}
$dbh->commit or die $dbh->errstr if $oldAutoCommit;
- my %past = ( 'cancel' => 'cancelled',
- 'expire' => 'expired',
- 'suspend' => 'suspended',
- 'adjourn' => 'adjourned',
- );
</%init>
-<% header("Package $past{$method}") %>
- <SCRIPT TYPE="text/javascript">
- window.top.location.reload();
- </SCRIPT>
- </BODY></HTML>
-
projects / freeside.git / blobdiff