projects / freeside.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'patch-19' of https://github.com/gjones2/Freeside
[freeside.git] / httemplate / search / sql.html
diff --git a/httemplate/search/sql.html b/httemplate/search/sql.html
index b28c045..71aa006 100644 (file)
--- a/httemplate/search/sql.html
+++ b/httemplate/search/sql.html
@@ -1,7 +1,15 @@
-<%= include( 'elements/search.html',
+<& elements/search.html,
                'title' => 'Query Results',
                'name'  => 'rows',
-               'query' => 'SELECT '. ( $cgi->param('sql')
-                                       || eidiot('Empty query') ),
-    )
-%>
+               'query' => "SELECT $sql",
+          
+&>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Raw SQL');
+
+my $sql = $cgi->param('sql') or errorpage('Empty query');
+$sql =~ s/;+\s*$//; #remove trailing ;
+
+</%init>
Freeside billing, trouble ticketing, network monitoring and provisioning