projects
/
freeside.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
990439e
)
secure $cgi->param calls (and include to <& &>)
author
Ivan Kohler
<ivan@freeside.biz>
Sun, 12 Jul 2015 06:44:45 +0000
(23:44 -0700)
committer
Ivan Kohler
<ivan@freeside.biz>
Sun, 12 Jul 2015 06:44:45 +0000
(23:44 -0700)
httemplate/misc/email-customers.html
patch
|
blob
|
history
diff --git
a/httemplate/misc/email-customers.html
b/httemplate/misc/email-customers.html
index
0c90b07
..
d2a3928
100644
(file)
--- a/
httemplate/misc/email-customers.html
+++ b/
httemplate/misc/email-customers.html
@@
-50,13
+50,12
@@
should be used to set msgnum or from/subject/html_body cgi params
<FONT SIZE="+2">Sending notice</FONT>
<FONT SIZE="+2">Sending notice</FONT>
- <
% include('/elements/progress-init.html'
,
+ <
& /elements/progress-init.html
,
'OneTrueForm',
[ qw( search table from subject html_body text_body msgnum ) ],
$process_url,
$pdest,
'OneTrueForm',
[ qw( search table from subject html_body text_body msgnum ) ],
$process_url,
$pdest,
- )
- %>
+ &>
% } elsif ( $cgi->param('action') eq 'preview' ) {
% } elsif ( $cgi->param('action') eq 'preview' ) {
@@
-67,29
+66,26
@@
should be used to set msgnum or from/subject/html_body cgi params
% if ( $cgi->param('action') ) {
<TABLE CLASS="fsinnerbox">
% if ( $cgi->param('action') ) {
<TABLE CLASS="fsinnerbox">
- <INPUT TYPE="hidden" NAME="msgnum" VALUE="<%
$cgi->param('msgnum'
) %>">
+ <INPUT TYPE="hidden" NAME="msgnum" VALUE="<%
scalar($cgi->param('msgnum')
) %>">
% if ( $msg_template ) {
% if ( $msg_template ) {
- <
% include('/elements/tr-fixed.html'
,
+ <
& /elements/tr-fixed.html
,
'label' => 'Template:',
'value' => $msg_template->msgname,
'label' => 'Template:',
'value' => $msg_template->msgname,
- )
- %>
+ &>
% }
% }
- <
% include('/elements/tr-fixed.html'
,
+ <
& /elements/tr-fixed.html
,
'field' => 'from',
'label' => 'From:',
'value' => scalar( $from ),
'field' => 'from',
'label' => 'From:',
'value' => scalar( $from ),
- )
- %>
+ &>
- <
% include('/elements/tr-fixed.html'
,
+ <
& /elements/tr-fixed.html
,
'field' => 'subject',
'label' => 'Subject:',
'value' => scalar( $subject ),
'field' => 'subject',
'label' => 'Subject:',
'value' => scalar( $subject ),
- )
- %>
+ &>
<INPUT TYPE="hidden" NAME="html_body" VALUE="<% $html_body |h %>">
<TR><TD COLSPAN=2> </TD></TR>
<INPUT TYPE="hidden" NAME="html_body" VALUE="<% $html_body |h %>">
<TR><TD COLSPAN=2> </TD></TR>
@@
-175,12
+171,11
@@
Template:
'size' => 20,
&>></TD>
'size' => 20,
&>></TD>
- <
% include('/elements/tr-input-text.html'
,
+ <
& /elements/tr-input-text.html
,
'field' => 'subject',
'label' => 'Subject:',
'size' => 50,
'field' => 'subject',
'label' => 'Subject:',
'size' => 50,
- )
- %>
+ &>
<TR>
<TD ALIGN="right" VALIGN="top" STYLE="padding-top:3px">Message: </TD>
<TR>
<TD ALIGN="right" VALIGN="top" STYLE="padding-top:3px">Message: </TD>
@@
-208,7
+203,7
@@
Template:
</SCRIPT>
% }
</SCRIPT>
% }
-<
% include('/elements/footer.html') %
>
+<
& /elements/footer.html &
>
<%init>
<%init>
@@
-237,7
+232,7
@@
$pdest->{'url'} = $cgi->param('url') if $url;
my %search;
if ( $cgi->param('search') ) {
my %search;
if ( $cgi->param('search') ) {
- %search = %{ thaw(decode_base64(
$cgi->param('search')
)) };
+ %search = %{ thaw(decode_base64(
$cgi->param('search')
)) };
}
else {
%search = $cgi->Vars;
}
else {
%search = $cgi->Vars;
@@
-282,7
+277,7
@@
if ( $cgi->param('action') eq 'preview' ) {
if ( $cgi->param('msgnum') ) {
$msg_template = qsearchs('msg_template',
if ( $cgi->param('msgnum') ) {
$msg_template = qsearchs('msg_template',
- { msgnum =>
$cgi->param('msgnum'
) } )
+ { msgnum =>
scalar($cgi->param('msgnum')
) } )
or die "template not found: ".$cgi->param('msgnum');
$sql_query->{'extra_sql'} .= ' LIMIT 1';
$sql_query->{'select'} = "$table.*";
or die "template not found: ".$cgi->param('msgnum');
$sql_query->{'extra_sql'} .= ' LIMIT 1';
$sql_query->{'select'} = "$table.*";