% if ($error) {
<% $cgi->redirect(popurl(2). "timeworked.html?". $cgi->query_string) %>
% } else {
-<% $cgi->redirect(popurl(3). "search/timeworked.html") %>
+<% $cgi->redirect(popurl(3). "search/timeworked.html?begin=$begin;end=$end;category=$category") %>
% }
<%init>
die "access denied"
unless $FS::CurrentUser::CurrentUser->access_right('Time queue');
+my($begin, $end) = FS::UI::Web::parse_beginning_ending($cgi);
+
+( my $category = $cgi->param('category') ) =~ /^\w*$/
+ or die 'illegal category';#no need for nice error messages for XSS, just avoid
+
my @acct_rt_transaction;
foreach my $transaction (
map { /^transactionid(\d+)$/; $1; } grep /^transactionid\d+$/, $cgi->param
) {
my $s = "multiplier${transaction}_";
- my %multipliers = map { /^$s(\d+)$/; $1 => $cgi->param("$s$1"); }
+ my %multipliers = map { /^$s(\d+)$/; $1 => scalar($cgi->param("$s$1")); }
grep /^$s\d+$/, $cgi->param;
my $msum = 0;
foreach(values %multipliers) {$msum += $_};
'custnum' => $customer,
'transaction_id' => $transaction,
'seconds' => $seconds{$customer},
- 'support' => $seconds{$customer} * $msum,
+ 'support' => int( $seconds{$customer} * $msum ),
};
}