X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fmisc%2Fprocess%2Ftimeworked.html;h=01752e1b70daab25469fc93fb014d0adbede98ac;hb=05dee44cdb4e93df6963ae396f916705c4086f86;hp=860118e0ca69bba935e49ff120e12d885dc14add;hpb=f00a18b9f7d4d7a4cd2e352555640d8d8422d3c1;p=freeside.git

diff --git a/httemplate/misc/process/timeworked.html b/httemplate/misc/process/timeworked.html
index 860118e0c..01752e1b7 100644
--- a/httemplate/misc/process/timeworked.html
+++ b/httemplate/misc/process/timeworked.html
@@ -1,13 +1,18 @@
 % if ($error) {
 <% $cgi->redirect(popurl(2). "timeworked.html?". $cgi->query_string) %>
 % } else {
-<% $cgi->redirect(popurl(3). "search/timeworked.html") %>
+<% $cgi->redirect(popurl(3). "search/timeworked.html?begin=$begin;end=$end;category=$category") %>
 % }
 <%init>
 
 die "access denied"
   unless $FS::CurrentUser::CurrentUser->access_right('Time queue');
 
+my($begin, $end) = FS::UI::Web::parse_beginning_ending($cgi);
+
+( my $category = $cgi->param('category') ) =~ /^\w*$/
+  or die 'illegal category';#no need for nice error messages for XSS, just avoid
+
 my @acct_rt_transaction;
 foreach my $transaction (
   map { /^transactionid(\d+)$/; $1; } grep /^transactionid\d+$/, $cgi->param