X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=httemplate%2Fsearch%2Fsql.html;h=bf54469753c200868f4a50f82c16e6d4e1b5f760;hp=7d7fc0890070f6a96a88e6caa2617825af73cf09;hb=c3da5cf1caa244937d280e0f406927103beef148;hpb=eb9668a6f3181ee02cb335272c5ee4616e61fd09

diff --git a/httemplate/search/sql.html b/httemplate/search/sql.html
index 7d7fc0890..bf5446975 100644
--- a/httemplate/search/sql.html
+++ b/httemplate/search/sql.html
@@ -1,12 +1,15 @@
-<%= include( '/elements/header.html', 'Query Results',
-               include( '/elements/menubar.html', 'Main Menu' => $p )
-    )
-%>
-
-<%= include( 'elements/search.html',
+<% include( 'elements/search.html',
+               'title' => 'Query Results',
                'name'  => 'rows',
-               'query' => 'SELECT '. ( $cgi->param('sql')
-                                       || eidiot('Empty query') ),
-    )
+               'query' => "SELECT $sql",
+          )
 %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Raw SQL');
+
+my $sql = $cgi->param('sql') or errorpage('Empty query');
+$sql =~ s/;+\s*$//; #remove trailing ;
 
+</%init>