X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fsearch%2Fsql.html;h=71aa0067148e5552f8f63b838c92de8f3ba79630;hb=8baa8e46e67f00f297d7e10dad02c131d286f40e;hp=b28c045d1f3ed1ade30b1d465d9950b44d05b8b8;hpb=5cd995865b91204f7ce9233a8ba4d5eee62f9be4;p=freeside.git

diff --git a/httemplate/search/sql.html b/httemplate/search/sql.html
index b28c045d1..71aa00671 100644
--- a/httemplate/search/sql.html
+++ b/httemplate/search/sql.html
@@ -1,7 +1,15 @@
-<%= include( 'elements/search.html',
+<& elements/search.html,
                'title' => 'Query Results',
                'name'  => 'rows',
-               'query' => 'SELECT '. ( $cgi->param('sql')
-                                       || eidiot('Empty query') ),
-    )
-%>
+               'query' => "SELECT $sql",
+          
+&>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Raw SQL');
+
+my $sql = $cgi->param('sql') or errorpage('Empty query');
+$sql =~ s/;+\s*$//; #remove trailing ;
+
+</%init>