X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fedit%2Fcust_main_note.cgi;h=1fdf0d9e5434d0107fbef5bdb89c27d9c2455cb4;hb=9c9a1838b54292c62e940d7e6cee5141ea8e9b5c;hp=58ea779a26effae7dfe66019533364c0b80928bd;hpb=2a6aa24137ddd389c1e644f5ece325c5b5dbaf3a;p=freeside.git

diff --git a/httemplate/edit/cust_main_note.cgi b/httemplate/edit/cust_main_note.cgi
index 58ea779a2..1fdf0d9e5 100755
--- a/httemplate/edit/cust_main_note.cgi
+++ b/httemplate/edit/cust_main_note.cgi
@@ -8,9 +8,11 @@
 
 
 <BR><BR>
-<TEXTAREA NAME="comment" ROWS="12" COLS="60">
-<% $comment %>
-</TEXTAREA>
+<% include('/elements/htmlarea.html', 'field' => 'comment',
+                                      'curr_value' => $comment) %>
+% #<TEXTAREA NAME="comment" ROWS="12" COLS="60">
+% # <% $comment %>
+% #</TEXTAREA>
 
 <BR><BR>
 <INPUT TYPE="submit" VALUE="<% $notenum ? "Apply Changes" : "Add Note" %>">
@@ -20,13 +22,12 @@
 </HTML>
 
 <%init>
-my($custnum, $comment, $notenum, $action); 
-$comment = '';
 
+my $comment;
+my $notenum = '';
 if ( $cgi->param('error') ) {
   $comment     = $cgi->param('comment');
-}elsif ($cgi->param('notenum')) {
-  $cgi->param('notenum') =~ /^(\d+)$/;
+} elsif ( $cgi->param('notenum') =~ /^(\d+)$/ ) {
   $notenum = $1;
   die "illegal query ". $cgi->keywords unless $notenum;
   my $note = qsearchs('cust_main_note', { 'notenum' => $notenum });
@@ -34,15 +35,15 @@ if ( $cgi->param('error') ) {
   $comment = $note->comments;
 }
 
-$cgi->param('notenum') =~ /^(\d+)$/;
-$notenum = $1;
+$comment =~ s/\r//g; # remove weird line breaks to protect FCKeditor
 
-$cgi->param('custnum') =~ /^(\d+)$/;
-$custnum     = $1;
+$cgi->param('custnum') =~ /^(\d+)$/ or die "illeagl custnum";
+my $custnum = $1;
 
-die "illegal query ". $cgi->keywords unless $custnum;
+my $action = $notenum ? 'Edit' : 'Add';
 
-$action = $notenum ? 'Edit' : 'Add';
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right("$action customer note");
 
 </%init>