% my $refcustlabel = "$referral_custnum: " .
% ( $cust_main->company || $cust_main->last. ', '. $cust_main->first );
referrals of
- <A HREF="<% popurl(2)."view/cust_main.cgi?$referral_custnum" %>"><% $refcustlabel %></A>
+ <A HREF="<% popurl(2)."view/cust_main.cgi?$referral_custnum" %>"><% $refcustlabel |h %></A>
<SELECT NAME="referral_depth" SIZE="1" onChange="changed(this)">';
% my $max = 8;
% $view = $p. 'view/cust_main.cgi?'. $custnum;
% }
% my $pcompany = $company
-% ? qq!<A HREF="$view"><FONT SIZE=-1>$company</FONT></A>!
+% ? qq!<A HREF="$view"><FONT SIZE=-1>!. encode_entities($company). '</FONT></A>'
% : '<FONT SIZE=-1> </FONT>';
%
% my $status = $cust_main->status;
<FONT SIZE="-1" COLOR="#<% $statuscol %>"><B><% ucfirst($status) %></B></FONT>
</TD>
<TD CLASS="grid" BGCOLOR="<% $bgcolor %>" ROWSPAN=<% $rowspan %>>
- <A HREF="<% $view %>"><FONT SIZE=-1><% "$last, $first" %></FONT></A>
+ <A HREF="<% $view %>"><FONT SIZE=-1><% "$last, $first" |h %></FONT></A>
</TD>
<TD CLASS="grid" BGCOLOR="<% $bgcolor %>" ROWSPAN=<% $rowspan %>>
<% $pcompany %>
% my $pkg_rowspan = shift @pkg_rowspans;
<% $n1 %><TD CLASS="grid" BGCOLOR="<% $bgcolor %>" ROWSPAN="<% $pkg_rowspan%>">
- <A HREF="<% $pkgview %>"><FONT SIZE=-1><% $pkg_comment %></FONT></A>
+ <A HREF="<% $pkgview %>"><FONT SIZE=-1><% $pkg_comment |h %></FONT></A>
</TD>
% my $n2 = '';
% }
%
% unless ( @{$all_pkgs{$custnum}} ) {
- <TD CLASS="grid" BGCOLOR="<% $bgcolor %>" COLSPAN=3> </TD>!;
+ <TD CLASS="grid" BGCOLOR="<% $bgcolor %>" COLSPAN=3> </TD>
% }
%
</TR>
my $curuser = $FS::CurrentUser::CurrentUser;
die "access denied"
- unless $curuser->access_right('List customers');
+ unless $curuser->access_right('List all customers');
my $conf = new FS::Conf;
my $maxrecords = $conf->config('maxsearchrecordsperpage');
if ( $cgi->param('search_cust') ) {
$sortby = \*company_sort;
$orderby = "ORDER BY LOWER(company || ' ' || last || ' ' || first )";
- push @cust_main, smart_search( 'search' => scalar($cgi->param('search_cust')),
- 'no_fuzzy_on_exact' => 1, #pref?
- );
+ push @cust_main, smart_search(
+ 'search' => scalar($cgi->param('search_cust')),
+ 'no_fuzzy_on_exact' => ! ( $curuser->option('enable_fuzzy_on_exact')
+ || $conf->exists('enable_fuzzy_on_exact')
+ ),
+ );
}
@cust_main = grep { $_->ncancelled_pkgs || ! $_->all_pkgs } @cust_main
my($card)=$cgi->param('card');
$card =~ s/\D//g;
- $card =~ /^(\d{13,16})$/ or errorpage(emt("Illegal card number"));
+ $card =~ /^(\d{13,16}|\d{8,9})$/ or errorpage(emt("Illegal card number"));
my($payinfo)=$1;
[ qsearch('cust_main',{'payinfo'=>$payinfo, 'payby'=>'CARD'}),