X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fedit%2Fquick-charge.html;h=95ec70c54c9dd5f3d59031e4f9e6142482551888;hb=f9b6a37aaee52d875ea9393cda79d46f8916e593;hp=5d4bc2e1c50e07396e43b937d41d4cdf5b05782a;hpb=1c051f73e8abf23206d0373e7c83279b37bed708;p=freeside.git

diff --git a/httemplate/edit/quick-charge.html b/httemplate/edit/quick-charge.html
index 5d4bc2e1c..95ec70c54 100644
--- a/httemplate/edit/quick-charge.html
+++ b/httemplate/edit/quick-charge.html
@@ -2,10 +2,8 @@
             ( $cgi->param('error') ? '' : 'onload="addRow()"' ),
           )
 %>
-% if ( $cgi->param('error') ) { 
 
-  <FONT SIZE="+1" COLOR="#ff0000"><% $cgi->param('error') %></FONT><BR><BR>
-% } 
+<% include('/elements/error.html') %>
 
 <SCRIPT TYPE="text/javascript">
 
@@ -73,23 +71,23 @@ function validate_quick_charge () {
 
 </SCRIPT>
 
-
-
 <FORM ACTION="process/quick-charge.cgi" NAME="QuickChargeForm" METHOD="POST" onsubmit="document.QuickChargeForm.submit.disabled=true;return validate_quick_charge();">
 
-<INPUT TYPE="hidden" NAME="custnum" VALUE="<% $cgi->param('custnum') %>">
+<INPUT TYPE="hidden" NAME="custnum" VALUE="<% $custnum %>">
+
 <TABLE ID="QuickChargeTable" BGCOLOR="#cccccc" BORDER=0 CELLSPACING=0 STYLE="background-color: #cccccc">
 
 <TR>
   <TD ALIGN="right">Amount:</TD>
   <TD>
-    $<INPUT TYPE="text" NAME="amount" SIZE=6 VALUE="<% $cgi->param('amount') %>" onChange="enable_quick_charge()" onKeyPress="enable_quick_charge_amount()">
+    $<INPUT TYPE="text" NAME="amount" SIZE=6 VALUE="<% $amount %>" onChange="enable_quick_charge()" onKeyPress="enable_quick_charge_amount()">
   </TD>
+<% include('/elements/tr-select-pkg_class.html', '') %>
 <% include('/elements/tr-select-taxclass.html') %>
 </TR>
   <TD>Description:</TD>
   <TD>
-    <INPUT TYPE="text" NAME="pkg" SIZE="60" MAXLENGTH="65" VALUE="<% $cgi->param('pkg') %>" onChange="enable_quick_charge()" onKeyPress="enable_quick_charge_desc()">
+    <INPUT TYPE="text" NAME="pkg" SIZE="60" MAXLENGTH="65" VALUE="<% $pkg %>" onChange="enable_quick_charge()" onKeyPress="enable_quick_charge_desc()">
   </TD>
 </TR>
 <TR>
@@ -106,7 +104,7 @@ function validate_quick_charge () {
     <TR>
       <TD></TD>
       <TD>
-        <INPUT TYPE="text" NAME="description<% $row %>" SIZE="60" MAXLENGTH="65" VALUE="<% $param->{"description$row"} %>" rownum="<% $row %>" onkeyup = "possiblyAddRow;" >
+        <INPUT TYPE="text" NAME="description<% $row %>" SIZE="60" MAXLENGTH="65" VALUE="<% $param->{"description$row"} |h %>" rownum="<% $row %>" onkeyup = "possiblyAddRow;" >
       </TD>
     </TR>
 % } 
@@ -164,3 +162,21 @@ function validate_quick_charge () {
 
 </BODY>
 </HTML>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('One-time charge');
+
+$cgi->param('custnum') =~ /^(\d+)$/ or die 'illegal custnum';
+my $custnum = $1;
+
+my $amount = '';
+if ( $cgi->param('amount') =~ /^\s*\$?\s*(\d+(\.\d{1,2})?)\s*$/ ) {
+  $amount = $1;
+}
+
+$cgi->param('pkg') =~ /^([\w \!\@\#\$\%\&\(\)\-\+\;\:\'\"\,\.\?\/\=\[\]]*)$/ 
+  or die 'illegal description';
+my $pkg = $1;
+
+</%init>

Amount:	- $ + $
Description:	- +
	- " rownum="<% $row %>" onkeyup = "possiblyAddRow;" > + " rownum="<% $row %>" onkeyup = "possiblyAddRow;" >