<% header("Package $past{$method}") %> <%once> my %past = ( 'cancel' => 'cancelled', 'expire' => 'expired', 'suspend' => 'suspended', 'adjourn' => 'adjourned', ); #i'm sure this is false laziness with somewhere, at least w/misc/cancel_pkg.html my %right = ( 'cancel' => 'Cancel customer package immediately', 'expire' => 'Cancel customer package later', 'suspend' => 'Suspend customer package', 'adjourn' => 'Suspend customer package later', ); <%init> #untaint method my $method = $cgi->param('method'); $method =~ /^(cancel|expire|suspend|adjourn)$/ or die "Illegal method"; $method = $1; die "access denied" unless $FS::CurrentUser::CurrentUser->access_right($right{$method}); #untaint pkgnum my $pkgnum = $cgi->param('pkgnum'); $pkgnum =~ /^(\d+)$/ or die "Illegal pkgnum"; $pkgnum = $1; #untaint reasonnum my $reasonnum = $cgi->param('reasonnum'); $reasonnum =~ /^(-?\d+)$/ or die "Illegal reasonnum"; $reasonnum = $1; my $date = time; if ($method eq 'expire' || $method eq 'adjourn'){ #untaint date $date = $cgi->param('date'); parse_datetime($cgi->param('date')) =~ /^(\d+)$/ or die "Illegal date"; $date = $1; $method = ($method eq 'expire') ? 'cancel' : 'suspend'; } my $cust_pkg = qsearchs( 'cust_pkg', {'pkgnum'=>$pkgnum} ); #my $otaker = $FS::CurrentUser::CurrentUser->name; #$otaker = $FS::CurrentUser::CurrentUser->username # if ($otaker eq "User, Legacy"); if ($reasonnum == -1) { $reasonnum = { 'typenum' => scalar( $cgi->param('newreasonnumT') ), 'reason' => scalar( $cgi->param('newreasonnum' ) ), }; } my $error = $cust_pkg->$method( 'reason' => $reasonnum, 'date' => $date ); if ($error) { $cgi->param('error', $error); print $cgi->redirect(popurl(2). "cancel_pkg.html?". $cgi->query_string ); }