X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fsearch%2Fsql.html;h=71aa0067148e5552f8f63b838c92de8f3ba79630;hb=1ab3d1021689645456ef4073066c60043ea1633b;hp=681a95d6018039d0f9d94f411c70a575728857bd;hpb=3ce7691203a7737406bf2d4442f7fd84b81f847e;p=freeside.git

diff --git a/httemplate/search/sql.html b/httemplate/search/sql.html
index 681a95d60..71aa00671 100644
--- a/httemplate/search/sql.html
+++ b/httemplate/search/sql.html
@@ -1,7 +1,15 @@
-<% include( 'elements/search.html',
+<& elements/search.html,
                'title' => 'Query Results',
                'name'  => 'rows',
-               'query' => 'SELECT '. ( $cgi->param('sql')
-                                       || eidiot('Empty query') ),
-    )
-%>
+               'query' => "SELECT $sql",
+          
+&>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Raw SQL');
+
+my $sql = $cgi->param('sql') or errorpage('Empty query');
+$sql =~ s/;+\s*$//; #remove trailing ;
+
+</%init>