X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=FS%2FFS%2FMason.pm;h=16c9afd96c8a631abbf611fbc142fc10d0843f84;hp=fc45b99587e0968de3eb5821cec12ba4c48634e7;hb=f3c4966ed1f6ec3db7accd6dcdd3a5a3821d72a7;hpb=b4e0275bb2074630cea6fc2658d73aedcd29b239

diff --git a/FS/FS/Mason.pm b/FS/FS/Mason.pm
index fc45b9958..16c9afd96 100644
--- a/FS/FS/Mason.pm
+++ b/FS/FS/Mason.pm
@@ -55,7 +55,7 @@ if ( -e $addl_handler_use_file ) {
 
   #use CGI::Carp qw(fatalsToBrowser);
   use CGI::Cookie;
-  use List::Util qw( max min );
+  use List::Util qw( max min sum );
   use Data::Dumper;
   use Date::Format;
   use Time::Local;
@@ -64,6 +64,7 @@ if ( -e $addl_handler_use_file ) {
   use DateTime;
   use DateTime::Format::Strptime;
   use FS::Misc::DateTime qw( parse_datetime );
+  use FS::Misc::Geo qw( get_censustract get_district );
   use Lingua::EN::Inflect qw(PL);
   Lingua::EN::Inflect::classical names=>0; #Categorys
   use Tie::IxHash;
@@ -121,6 +122,7 @@ if ( -e $addl_handler_use_file ) {
   use FS::UID qw( getotaker dbh datasrc driver_name );
   use FS::Record qw( qsearch qsearchs fields dbdef
                     str2time_sql str2time_sql_closing
+                    midnight_sql
                    );
   use FS::Conf;
   use FS::CGI qw(header menubar table itable ntable idiot
@@ -302,6 +304,11 @@ if ( -e $addl_handler_use_file ) {
   use FS::discount_plan;
   use FS::tower;
   use FS::tower_sector;
+  use FS::sales;
+  use FS::access_groupsales;
+  use FS::contact_class;
+  use FS::part_svc_class;
+  use FS::ftp_target;
   # Sammath Naur
 
   if ( $FS::Mason::addl_handler_use ) {
@@ -545,6 +552,8 @@ sub mason_interps {
     ${$_[0]} =~ s/(['\\])/\\$1/g;
     ${$_[0]} =~ s/\r/\\r/g;
     ${$_[0]} =~ s/\n/\\n/g;
+    # prevent premature termination of the script
+    ${$_[0]} =~ s[</script>][<\\/script>]ig;
     ${$_[0]} = "'". ${$_[0]}. "'";
   };
 
@@ -570,11 +579,13 @@ sub mason_interps {
                       [ 'freeside' => '%%%FREESIDE_DOCUMENT_ROOT%%%'    ],
                     ],
     escape_flags => { 'h'         => \&RT::Interface::Web::EscapeUTF8,
+                      'u'         => \&RT::Interface::Web::EscapeURI,
+                      'j'         => \&RT::Interface::Web::EscapeJS,
                       'js_string' => $js_string_sub,
                     },
     compiler     => HTML::Mason::Compiler::ToObject->new(
                       default_escape_flags => 'h',
-                      allow_globals        => [qw(%session)],
+                      allow_globals        => [qw(%session $DECODED_ARGS)],
                     ),
   );