better error message if you don't enter a reason. FS::reason::check can untaint...

author ivan <ivan>

Mon, 23 Oct 2006 08:47:07 +0000 (08:47 +0000)

committer ivan <ivan>

Mon, 23 Oct 2006 08:47:07 +0000 (08:47 +0000)
author ivan <ivan>
Mon, 23 Oct 2006 08:47:07 +0000 (08:47 +0000)
committer ivan <ivan>
Mon, 23 Oct 2006 08:47:07 +0000 (08:47 +0000)
diff --git a/httemplate/misc/process/cancel_pkg.html b/httemplate/misc/process/cancel_pkg.html

index 01433a3..dfe1317 100755 (executable)
--- a/httemplate/misc/process/cancel_pkg.html
+++ b/httemplate/misc/process/cancel_pkg.html
@@ -34,22 +34,16 @@
  %$otaker = $FS::CurrentUser::CurrentUser->username
  %  if ($otaker eq "User, Legacy");
  %
-%my $error;
+%my $error = '';
  %if ($reasonnum == -1) {
-%  #untaint new reason
-%  my $nr = $cgi->param('newreasonnum');
-%  $nr =~ /^([\w\s]+)$/ || die "Illegal new reason";
-%  $nr = $1;
  %
-%  #untaint new reason type
-%  my $nrtype = $cgi->param('newreasonnumT');
-%  $nrtype =~ /^(\d+)$/ || die "Illegal new reason type";
-%  $nrtype = $1;
+%  $error = 'Enter a new reason (or select an existing oen)'
+%    unless $cgi->param('newreasonnum') !~ /^\s*$/;
  %
-%  my $reason = new FS::reason({ 'reason_type' => $nrtype,
-%                                'reason'      => $nr,
+%  my $reason = new FS::reason({ 'reason_type' => $cgi->param('newreasonnumT'),
+%                                'reason'      => $cgi->param('newreasonnum'),
  %                              });
-%  $error = $reason->insert;
+%  $error ||= $reason->insert;
  %  $reasonnum = $reason->reasonnum
  %    unless $error;
  %}