$cgi->delete('state');
my $county = '';
-if ( $country && $state && $cgi->param('county') =~ /^([\w \-\'\[\]]+)$/ ) {
+if ( $country && $state &&
+ $cgi->param('county') =~
+ /^([\w \!\@\#\$\%\&\(\)\-\+\;\:\'\"\,\.\?\/\=\[\]]+)$/
+ )
+{
$county = $1;
if ( $county eq '__NONE__' ) {
$title = "No county, $title";
my $filter_change =
"window.location = '". $cgi->self_url.
- ";country=' + document.getElementById('country').options[document.getElementById('country').selectedIndex].value + ".
- "';state=' + document.getElementById('state').options[document.getElementById('state').selectedIndex].value +".
- "';county=' + document.getElementById('county').options[document.getElementById('county').selectedIndex].value;";
+ ";country=' + encodeURIComponent( document.getElementById('country').options[document.getElementById('country').selectedIndex].value ) + ".
+ "';state=' + encodeURIComponent( document.getElementById('state').options[document.getElementById('state').selectedIndex].value ) +".
+ "';county=' + encodeURIComponent( document.getElementById('county').options[document.getElementById('county').selectedIndex].value );";
#restore this so pagination works
$cgi->param('country', $country) if $country;
$cgi->param('taxclass', $county ) if $taxclass;
my $html_posttotal =
- '( show country: '.
+ '<BR>( show country: '.
include('/elements/select-country.html',
'country' => $country,
'onchange' => $filter_change,
projects / freeside.git / blobdiff