From: ivan <ivan>
Date: Tue, 25 Dec 2007 23:49:23 +0000 (+0000)
Subject: ho ho ho, merry XSSmas
X-Git-Tag: TRIXBOX_2_6~153
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=2a6aa24137ddd389c1e644f5ece325c5b5dbaf3a

ho ho ho, merry XSSmas
---

diff --git a/httemplate/browse/addr_block.cgi b/httemplate/browse/addr_block.cgi
index 408d57298..8bbc5f350 100644
--- a/httemplate/browse/addr_block.cgi
+++ b/httemplate/browse/addr_block.cgi
@@ -1,6 +1,5 @@
 <% include("/elements/header.html",'Address Blocks', menubar('Main Menu'   => $p)) %>
-%
-%
+
 %use NetAddr::IP;
 %
 %my @addr_block = qsearch('addr_block', {});
@@ -8,14 +7,8 @@
 %my $block;
 %my $p2 = popurl(2);
 %my $path = $p2 . "edit/process/addr_block";
-%
-%
-% if ($cgi->param('error')) { 
-
-   <FONT SIZE="+1" COLOR="#ff0000">Error: <%$cgi->param('error')%></FONT>
-   <BR><BR>
-% } 
 
+<% include('/elements/error.html') %>
 
 <%table()%>
 % foreach $block (sort {$a->NetAddr cmp $b->NetAddr} @addr_block) { 
diff --git a/httemplate/browse/part_virtual_field.cgi b/httemplate/browse/part_virtual_field.cgi
index 2e12603a0..5a1abe213 100644
--- a/httemplate/browse/part_virtual_field.cgi
+++ b/httemplate/browse/part_virtual_field.cgi
@@ -1,6 +1,5 @@
 <% include("/elements/header.html",'Virtual field definitions', menubar('Main Menu'   => $p)) %>
-%
-%
+
 %my %pvfs;
 %my $block;
 %my $p2 = popurl(2);
@@ -9,13 +8,8 @@
 %foreach (qsearch('part_virtual_field', {})) {
 %  push @{ $pvfs{$_->dbtable} }, $_;
 %}
-%
-% if ($cgi->param('error')) { 
-
-   <FONT SIZE="+1" COLOR="#ff0000">Error: <%$cgi->param('error')%></FONT>
-   <BR><BR>
-% } 
 
+<% include('/elements/error.html') %>
 
 <A HREF="<%$p2%>edit/part_virtual_field.cgi"><I>Add a new field</I></A><BR><BR>
 % foreach $dbtable (sort { $a cmp $b } keys (%pvfs)) { 
diff --git a/httemplate/browse/router.cgi b/httemplate/browse/router.cgi
index 6dcd93a71..7ed0963db 100644
--- a/httemplate/browse/router.cgi
+++ b/httemplate/browse/router.cgi
@@ -1,16 +1,10 @@
 <% include("/elements/header.html",'Routers', menubar('Main Menu'   => $p)) %>
 %
-%
 %my @router = qsearch('router', {});
 %my $p2 = popurl(2);
-%
-%
-% if ($cgi->param('error')) { 
 
-   <FONT SIZE="+1" COLOR="#ff0000">Error: <%$cgi->param('error')%></FONT>
-   <BR><BR>
-% } 
-%
+<% include('/elements/error.html') %>
+
 %my $hidecustomerrouters = 0;
 %my $hideurl = '';
 %if ($cgi->param('hidecustomerrouters') eq '1') {
diff --git a/httemplate/config/config.cgi b/httemplate/config/config.cgi
index b32f654d4..d58c2f89b 100644
--- a/httemplate/config/config.cgi
+++ b/httemplate/config/config.cgi
@@ -20,10 +20,7 @@ function SafeOnsubmit() {
 }
 </SCRIPT>
 
-% if ( $cgi->param('error') ) { 
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-  <BR><BR>
-% } 
+<% include('/elements/error.html') %>
 
 <FORM NAME="OneTrueForm" ACTION="config-process.cgi" METHOD="POST" enctype="multipart/form-data" onSubmit="SafeOnsubmit()">
 <INPUT TYPE="hidden" NAME="agentnum" VALUE="<% $agentnum %>">
diff --git a/httemplate/edit/agent.cgi b/httemplate/edit/agent.cgi
index 830862ff8..46ab5c705 100755
--- a/httemplate/edit/agent.cgi
+++ b/httemplate/edit/agent.cgi
@@ -2,11 +2,8 @@
   'Main Menu' => $p,
   'View all agents' => $p. 'browse/agent.cgi',
 )) %>
-% if ( $cgi->param('error') ) { 
-
-<FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-% } 
 
+<% include('/elements/error.html') %>
 
 <FORM ACTION="<%popurl(1)%>process/agent.cgi" METHOD=POST>
 <INPUT TYPE="hidden" NAME="agentnum" VALUE="<% $agent->agentnum %>">
diff --git a/httemplate/edit/agent_payment_gateway.html b/httemplate/edit/agent_payment_gateway.html
index 08a2fa6bf..9692199ef 100644
--- a/httemplate/edit/agent_payment_gateway.html
+++ b/httemplate/edit/agent_payment_gateway.html
@@ -18,11 +18,8 @@
   #'View all payment gateways' => $p. 'browse/payment_gateway.html',
   'View all agents' => $p. 'browse/agent.html',
 )) %>
-% if ( $cgi->param('error') ) { 
-
-<FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-% } 
 
+<% include('/elements/error.html') %>
 
 <FORM ACTION="<%popurl(1)%>process/agent_payment_gateway.html" METHOD=POST>
 <INPUT TYPE="hidden" NAME="agentnum" VALUE="<% $agent->agentnum %>">
diff --git a/httemplate/edit/agent_type.cgi b/httemplate/edit/agent_type.cgi
index 5438e5c3b..bfef42fea 100755
--- a/httemplate/edit/agent_type.cgi
+++ b/httemplate/edit/agent_type.cgi
@@ -20,11 +20,8 @@
   'View all agent types' => "${p}browse/agent_type.cgi",
 ))
 %>
-% if ( $cgi->param('error') ) { 
-
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-% } 
 
+<% include('/elements/error.html') %>
 
 <FORM ACTION="<% popurl(1) %>process/agent_type.cgi" METHOD=POST>
 <INPUT TYPE="hidden" NAME="typenum" VALUE="<% $agent_type->typenum %>">
diff --git a/httemplate/edit/cust_bill_pay.cgi b/httemplate/edit/cust_bill_pay.cgi
index 498d477cd..44e783eb7 100755
--- a/httemplate/edit/cust_bill_pay.cgi
+++ b/httemplate/edit/cust_bill_pay.cgi
@@ -1,9 +1,6 @@
 <% header("Apply Payment", '') %>
 
-% if ( $cgi->param('error') ) { 
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-  <BR><BR>
-% } 
+<% include('/elements/error.html') %>
 
 <FORM ACTION="<% $p1 %>process/cust_bill_pay.cgi" METHOD=POST>
 
diff --git a/httemplate/edit/cust_credit.cgi b/httemplate/edit/cust_credit.cgi
index 2fadb4763..2ff09d00b 100755
--- a/httemplate/edit/cust_credit.cgi
+++ b/httemplate/edit/cust_credit.cgi
@@ -1,9 +1,6 @@
 <% include('/elements/header-popup.html', 'Enter Credit') %>
 
-% if ( $cgi->param('error') ) { 
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-  <BR><BR>
-% } 
+<% include('/elements/error.html') %>
 
 <FORM NAME="credit_popup" ACTION="<% $p1 %>process/cust_credit.cgi" METHOD=POST>
 <INPUT TYPE="hidden" NAME="crednum" VALUE="">
diff --git a/httemplate/edit/cust_credit_bill.cgi b/httemplate/edit/cust_credit_bill.cgi
index 249ba31d0..ee29f8e0c 100755
--- a/httemplate/edit/cust_credit_bill.cgi
+++ b/httemplate/edit/cust_credit_bill.cgi
@@ -1,9 +1,6 @@
 <%  header("Apply Credit", '') %>
 
-% if ( $cgi->param('error') ) { 
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-  <BR><BR>
-% } 
+<% include('/elements/error.html') %>
 
 <FORM ACTION="<% $p1 %>process/cust_credit_bill.cgi" METHOD=POST>
 
diff --git a/httemplate/edit/cust_main_note.cgi b/httemplate/edit/cust_main_note.cgi
index 303895bd8..58ea779a2 100755
--- a/httemplate/edit/cust_main_note.cgi
+++ b/httemplate/edit/cust_main_note.cgi
@@ -1,9 +1,6 @@
 <% include('/elements/header-popup.html', "$action Customer Note") %>
 
-% if ( $cgi->param('error') ) { 
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-  <BR><BR>
-% } 
+<% include('/elements/error.html') %>
 
 <FORM ACTION="<% popurl(1) %>process/cust_main_note.cgi" METHOD=POST>
 <INPUT TYPE="hidden" NAME="custnum" VALUE="<% $custnum %>">
diff --git a/httemplate/edit/cust_pay.cgi b/httemplate/edit/cust_pay.cgi
index 855fbfcf1..aaa200fc4 100755
--- a/httemplate/edit/cust_pay.cgi
+++ b/httemplate/edit/cust_pay.cgi
@@ -4,10 +4,7 @@
   <%  include("/elements/header.html", $title, '') %>
 % } 
 
-% if ( $cgi->param('error') ) { 
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-  <BR><BR>
-% } 
+<% include('/elements/error.html') %>
 
 <LINK REL="stylesheet" TYPE="text/css" HREF="../elements/calendar-win2k-2.css" TITLE="win2k-2">
 <SCRIPT TYPE="text/javascript" SRC="../elements/calendar_stripped.js"></SCRIPT>
diff --git a/httemplate/edit/cust_pkg.cgi b/httemplate/edit/cust_pkg.cgi
index 7a0432c5d..065136c55 100755
--- a/httemplate/edit/cust_pkg.cgi
+++ b/httemplate/edit/cust_pkg.cgi
@@ -31,11 +31,8 @@
 %
 %
 <% include('/elements/header.html', "Add/Edit Packages", '') %>
-% if ( $cgi->param('error') ) { 
-
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-% } 
 
+<% include('/elements/error.html') %>
 
 <FORM ACTION="<% $p1 %>process/cust_pkg.cgi" METHOD=POST>
 
diff --git a/httemplate/edit/cust_refund.cgi b/httemplate/edit/cust_refund.cgi
index 02f65d90a..b260949f0 100755
--- a/httemplate/edit/cust_refund.cgi
+++ b/httemplate/edit/cust_refund.cgi
@@ -29,12 +29,8 @@
 
 
 <% include('/elements/header.html', 'Refund '. ucfirst(lc($payby)). ' payment', '') %>
-% if ( $cgi->param('error') ) { 
-
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-  <BR><BR>
-% } 
 
+<% include('/elements/error.html') %>
 
 <% small_custview($custnum, $conf->config('countrydefault')) %>
 
diff --git a/httemplate/edit/elements/edit.html b/httemplate/edit/elements/edit.html
index d7d55a257..1a567a12e 100644
--- a/httemplate/edit/elements/edit.html
+++ b/httemplate/edit/elements/edit.html
@@ -119,10 +119,7 @@ Example:
            )
 %>
 
-% if ( $cgi->param('error') ) { 
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-  <BR><BR>
-% } 
+<% include('/elements/error.html') %>
 
 % my $url = $opt{'post_url'} || popurl(1)."process/$table.html";
 
diff --git a/httemplate/edit/msgcat.cgi b/httemplate/edit/msgcat.cgi
index b46cdfd46..85b300876 100755
--- a/httemplate/edit/msgcat.cgi
+++ b/httemplate/edit/msgcat.cgi
@@ -1,10 +1,7 @@
 <% header("Edit Message catalog" ) %>
 <BR>
 
-% if ( $cgi->param('error') ) {
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-  <BR><BR>
-% }
+<% include('/elements/error.html') %>
 
 <% $widget->html %>
 
diff --git a/httemplate/edit/part_bill_event.cgi b/httemplate/edit/part_bill_event.cgi
index ff0e0a334..bb7aea49b 100755
--- a/httemplate/edit/part_bill_event.cgi
+++ b/httemplate/edit/part_bill_event.cgi
@@ -39,11 +39,8 @@
       )
     )
 %>
-% if ( $cgi->param('error') ) { 
-
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-% } 
 
+<% include('/elements/error.html') %>
 
 <FORM ACTION="<% popurl(1) %>process/part_bill_event.cgi" NAME="editEvent" METHOD=POST>
 <INPUT TYPE="hidden" NAME="eventpart" VALUE="<% $part_bill_event->eventpart %>">
diff --git a/httemplate/edit/part_export.cgi b/httemplate/edit/part_export.cgi
index 6717471dd..72a07134b 100644
--- a/httemplate/edit/part_export.cgi
+++ b/httemplate/edit/part_export.cgi
@@ -105,12 +105,8 @@
   'Main Menu' => popurl(2),
 ), ' onLoad="visualize()"')
 %>
-% if ( $cgi->param('error') ) { 
-
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-  <BR><BR>
-% } 
 
+<% include('/elements/error.html') %>
 
 <FORM NAME="dummy">
 <INPUT TYPE="hidden" NAME="exportnum" VALUE="<% $part_export->exportnum %>">
diff --git a/httemplate/edit/part_pkg.cgi b/httemplate/edit/part_pkg.cgi
index 2837e47e7..a337d2272 100755
--- a/httemplate/edit/part_pkg.cgi
+++ b/httemplate/edit/part_pkg.cgi
@@ -4,9 +4,7 @@
 )) %>
 % #), ' onLoad="visualize()"'); 
 
-% if ( $cgi->param('error') ) { 
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-% } 
+<% include('/elements/error.html') %>
 
 <FORM NAME="dummy">
 
@@ -180,10 +178,18 @@ Line-item revenue recognition
 %  }
 %
 %  push @fixups, "pkg_svc$svcpart";
+%
+%  my $quan = 0;
+%  if ( $cgi->param("pkg_svc$svcpart") =~ /^\s*(\d+)\s*$/ ) {
+%    $quan = $1;
+%  } elsif ( $pkg_svc->quantity ) {
+%    $quan = $pkg_svc->quantity;
+%  }
+
 
   <TR>
     <TD>
-      <INPUT TYPE="text" NAME="pkg_svc<% $svcpart %>" SIZE=4 MAXLENGTH=3 VALUE="<% $cgi->param("pkg_svc$svcpart") || $pkg_svc->quantity || 0 %>">
+      <INPUT TYPE="text" NAME="pkg_svc<% $svcpart %>" SIZE=4 MAXLENGTH=3 VALUE="<% $quan %>">
     </TD>
    
     <TD>
@@ -207,10 +213,9 @@ Line-item revenue recognition
 
 
 </TR></TABLE></TD></TR></TABLE>
-% foreach my $f ( qw( clone pkgnum ) ) { 
-
-  <INPUT TYPE="hidden" NAME="<% $f %>" VALUE="<% $cgi->param($f) %>">
-% } 
+% foreach my $f ( qw( clone pkgnum ) ) { #safe, these were untained in %init 
+    <INPUT TYPE="hidden" NAME="<% $f %>" VALUE="<% $cgi->param($f) %>">
+% }
 
 <INPUT TYPE="hidden" NAME="pkgpart" VALUE="<% $part_pkg->pkgpart %>">
 %
diff --git a/httemplate/edit/part_virtual_field.cgi b/httemplate/edit/part_virtual_field.cgi
index 6fc908b2c..f7f20cfd7 100644
--- a/httemplate/edit/part_virtual_field.cgi
+++ b/httemplate/edit/part_virtual_field.cgi
@@ -23,12 +23,8 @@
 %
 %
 <% include('/elements/header.html', "$action Virtual Field Definition") %>
-% if ( $cgi->param('error') ) { 
-
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-  <BR><BR>
-% } 
 
+<% include('/elements/error.html') %>
 
 <FORM ACTION="<%$p1%>process/generic.cgi" METHOD="POST">
 
diff --git a/httemplate/edit/payment_gateway.html b/httemplate/edit/payment_gateway.html
index a618ecd26..84d453cdd 100644
--- a/httemplate/edit/payment_gateway.html
+++ b/httemplate/edit/payment_gateway.html
@@ -22,11 +22,8 @@
   'Main Menu' => $p,
   'View all payment gateways' => $p. 'browse/payment_gateway.html',
 )) %>
-% if ( $cgi->param('error') ) { 
-
-<FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-% } 
 
+<% include('/elements/error.html') %>
 
 <FORM ACTION="<%popurl(1)%>process/payment_gateway.html" METHOD=POST>
 <INPUT TYPE="hidden" NAME="gatewaynum" VALUE="<% $payment_gateway->gatewaynum %>">
diff --git a/httemplate/edit/reg_code.cgi b/httemplate/edit/reg_code.cgi
index f5f0f7b66..4ad39051a 100644
--- a/httemplate/edit/reg_code.cgi
+++ b/httemplate/edit/reg_code.cgi
@@ -11,24 +11,28 @@
       'Main Menu' => $p,
     ))
 %>
-% if ( $cgi->param('error') ) { 
-
-  <FONT SIZE="+1" COLOR="#FF0000">Error: <% $cgi->param('error') %></FONT>
-% } 
 
+<% include('/elements/error.html') %>
 
 <FORM ACTION="<%popurl(1)%>process/reg_code.cgi" METHOD="POST" NAME="OneTrueForm" onSubmit="document.OneTrueForm.submit.disabled=true">
 <INPUT TYPE="hidden" NAME="agentnum" VALUE="<% $agent->agentnum %>">
 
 Generate
-<INPUT TYPE="text" NAME="num" VALUE="<% $cgi->param('num') %>" SIZE=5 MAXLENGTH=4>
+% my $num = '';
+% if ( $cgi->param('num') =~ /^\s*(\d+)\s*$/ ) {
+%   $num = $1;
+% }
+<INPUT TYPE="text" NAME="num" VALUE="<% $num %>" SIZE=5 MAXLENGTH=4>
 registration codes for <B><% $agent->agent %></B> allowing the following packages:
 <BR><BR>
+
 % foreach my $part_pkg ( qsearch('part_pkg', { 'disabled' => '' } ) ) { 
+%   my $pkgpart = $part_pkg->pkgpart;
+
+    <INPUT TYPE="checkbox" NAME="pkgpart<% $pkgpart %>" <% $cgi->param("pkgpart$pkgpart") ? 'CHECKED' : '' %>>
+    <% $part_pkg->pkg %> - <% $part_pkg->comment %>
+    <BR>
 
-  <INPUT TYPE="checkbox" NAME="pkgpart<% $part_pkg->pkgpart %>">
-  <% $part_pkg->pkg %> - <% $part_pkg->comment %>
-  <BR>
 % } 
 
 
diff --git a/httemplate/edit/router.cgi b/httemplate/edit/router.cgi
index 0da45c00e..8b01035d5 100755
--- a/httemplate/edit/router.cgi
+++ b/httemplate/edit/router.cgi
@@ -22,12 +22,8 @@
 %));
 %
 %my $p3 = popurl(3);
-%
-%if($cgi->param('error')) {
-%
- <FONT SIZE="+1" COLOR="#ff0000">Error: <%$cgi->param('error')%></FONT>
-% } 
 
+<% include('/elements/error.html') %>
 
 <FORM ACTION="<%popurl(1)%>process/router.cgi" METHOD=POST>
   <INPUT TYPE="hidden" NAME="table" VALUE="router">
diff --git a/httemplate/edit/svc_acct.cgi b/httemplate/edit/svc_acct.cgi
index ed4760970..5bf3f0dd1 100755
--- a/httemplate/edit/svc_acct.cgi
+++ b/httemplate/edit/svc_acct.cgi
@@ -127,11 +127,9 @@
 
 
 <% include("/elements/header.html","$action $svc account") %>
-% if ( $cgi->param('error') ) { 
 
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-  <BR><BR>
-% } 
+<% include('/elements/error.html') %>
+
 % if ( $cust_main ) { 
 
   <% include( '/elements/small_custview.html', $cust_main, '', 1,
diff --git a/httemplate/edit/svc_broadband.cgi b/httemplate/edit/svc_broadband.cgi
index 2a5a6509a..a1580ce01 100644
--- a/httemplate/edit/svc_broadband.cgi
+++ b/httemplate/edit/svc_broadband.cgi
@@ -85,12 +85,9 @@
 %
 
 
-<%include("/elements/header.html","Broadband Service $action", '')%>
-% if ($cgi->param('error')) { 
-
-<FONT SIZE="+1" COLOR="#ff0000">Error: <%$cgi->param('error')%></FONT><BR>
-% } 
+<% include("/elements/header.html","Broadband Service $action", '') %>
 
+<% include('/elements/error.html') %>
 
 Service #<B><%$svcnum ? $svcnum : "(NEW)"%></B><BR><BR>
 
diff --git a/httemplate/edit/svc_domain.cgi b/httemplate/edit/svc_domain.cgi
index 5ec074bda..60c67a005 100755
--- a/httemplate/edit/svc_domain.cgi
+++ b/httemplate/edit/svc_domain.cgi
@@ -63,11 +63,8 @@
 
 
 <% include('/elements/header.html', "$action $svc", '') %>
-% if ( $cgi->param('error') ) { 
-
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-% } 
 
+<% include('/elements/error.html') %>
 
 <FORM ACTION="<% $p1 %>process/svc_domain.cgi" METHOD=POST>
 <INPUT TYPE="hidden" NAME="svcnum" VALUE="<% $svcnum %>">
diff --git a/httemplate/edit/svc_forward.cgi b/httemplate/edit/svc_forward.cgi
index ef08ffc16..c9159b3e1 100755
--- a/httemplate/edit/svc_forward.cgi
+++ b/httemplate/edit/svc_forward.cgi
@@ -106,12 +106,8 @@
 
 
 <% include("/elements/header.html","Mail Forward $action") %>
-% if ( $cgi->param('error') ) { 
-
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-  <BR><BR>
-% } 
 
+<% include('/elements/error.html') %>
 
 Service #<% $svcnum ? "<B>$svcnum</B>" : " (NEW)" %><BR>
 Service: <B><% $part_svc->svc %></B><BR><BR>
diff --git a/httemplate/elements/error.html b/httemplate/elements/error.html
index e8ba93010..f467de2a3 100644
--- a/httemplate/elements/error.html
+++ b/httemplate/elements/error.html
@@ -1,4 +1,4 @@
 % if ( $cgi->param('error') ) { 
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
+  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') |h %></FONT>
   <BR><BR>
 % } 
diff --git a/httemplate/misc/batch-cust_pay.html b/httemplate/misc/batch-cust_pay.html
index f2f446001..89dd68a62 100644
--- a/httemplate/misc/batch-cust_pay.html
+++ b/httemplate/misc/batch-cust_pay.html
@@ -2,12 +2,8 @@
             menubar( 'Main Menu' => $p ),
           )
 %>
-% if ( $cgi->param('error') ) { 
-
-  <FONT SIZE="+1" COLOR="#ff0000"><% $cgi->param('error') %></FONT><BR><BR>
-% } 
-
 
+<% include('/elements/error.html') %>
 
 <FORM ACTION="process/batch-cust_pay.cgi" NAME="OneTrueForm" METHOD="POST" onsubmit="document.OneTrueForm.submit.disabled=true;">
 
diff --git a/httemplate/misc/cancel_cust.html b/httemplate/misc/cancel_cust.html
index a757aa6e3..634000d70 100644
--- a/httemplate/misc/cancel_cust.html
+++ b/httemplate/misc/cancel_cust.html
@@ -1,9 +1,6 @@
 <% include('/elements/header-popup.html', 'Cancel customer' ) %>
 
-% if ( $cgi->param('error') ) { 
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-  <BR><BR>
-% } 
+<% include('/elements/error.html') %>
 
 <FORM NAME="cust_cancel_popup" ACTION="<% popurl(1) %>cust_main-cancel.cgi" METHOD=POST>
 <INPUT TYPE="hidden" NAME="custnum" VALUE="<% $custnum %>">
diff --git a/httemplate/misc/cancel_pkg.html b/httemplate/misc/cancel_pkg.html
index 642f0c83e..7cbaf1d82 100755
--- a/httemplate/misc/cancel_pkg.html
+++ b/httemplate/misc/cancel_pkg.html
@@ -9,10 +9,7 @@
 <SCRIPT TYPE="text/javascript" SRC="../elements/calendar-en.js"></SCRIPT>
 <SCRIPT TYPE="text/javascript" SRC="../elements/calendar-setup.js"></SCRIPT>
 
-% if ( $cgi->param('error') ) { 
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-  <BR><BR>
-% } 
+<% include('/elements/error.html') %>
 
 <FORM NAME="sc_popup" ACTION="<% popurl(1) %>process/cancel_pkg.html" METHOD=POST>
 <INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>">
diff --git a/httemplate/misc/change_pkg.cgi b/httemplate/misc/change_pkg.cgi
index 4bf15a1fa..7c88876d4 100755
--- a/httemplate/misc/change_pkg.cgi
+++ b/httemplate/misc/change_pkg.cgi
@@ -1,9 +1,6 @@
 <% include('/elements/header-popup.html', "Change Package") %>
 
-% if ( $cgi->param('error') ) {
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-  <BR><BR>
-% }
+<% include('/elements/error.html') %>
 
 <FORM ACTION="<% $p %>edit/process/cust_pkg.cgi" METHOD=POST>
 <INPUT TYPE="hidden" NAME="custnum" VALUE="<% $custnum %>">
diff --git a/httemplate/misc/process/meta-import.cgi b/httemplate/misc/process/meta-import.cgi
index 5a97d1160..1cf178c08 100644
--- a/httemplate/misc/process/meta-import.cgi
+++ b/httemplate/misc/process/meta-import.cgi
@@ -182,4 +182,6 @@ function SafeOnsubmit() {
 %  }
 %
 %
-
+<%init>
+die "meta-import script not currently enabled"; #make XSS-safe if this is used for more than just admins to import data....
+</%init>
diff --git a/httemplate/misc/recharge_svc.html b/httemplate/misc/recharge_svc.html
index 634be0600..a3de13d92 100755
--- a/httemplate/misc/recharge_svc.html
+++ b/httemplate/misc/recharge_svc.html
@@ -1,9 +1,6 @@
 <% include('/elements/header-popup.html', 'Recharge Service' ) %>
 
-% if ( $cgi->param('error') ) { 
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-  <BR><BR>
-% } 
+<% include('/elements/error.html') %>
 
 <FORM NAME="recharge_popup" ACTION="<% popurl(1) %>process/recharge_svc.html" METHOD=POST>
 <INPUT TYPE="hidden" NAME="svcnum" VALUE="<% $svcnum %>">
diff --git a/httemplate/search/cust_bill_event.html b/httemplate/search/cust_bill_event.html
index 0e78ce125..87bb3b7b3 100755
--- a/httemplate/search/cust_bill_event.html
+++ b/httemplate/search/cust_bill_event.html
@@ -8,7 +8,7 @@
     on open invoices.  See Reports-&gt;Billing events-&gt;Billing events for current event reports.</FONT><BR><BR>
 
     <FORM ACTION="cust_bill_event.cgi" METHOD="GET">
-    <INPUT TYPE="hidden" NAME="failed" VALUE="<% $cgi->param('failed') %>">
+    <INPUT TYPE="hidden" NAME="failed" VALUE="<% $cgi->param('failed') ? 1 : 0 %>">
     <TABLE>
 
       <% include( '/elements/tr-select-agent.html' ) %>
diff --git a/httemplate/search/report_cust_event.html b/httemplate/search/report_cust_event.html
index 44cbadbe6..c1f9edb2b 100644
--- a/httemplate/search/report_cust_event.html
+++ b/httemplate/search/report_cust_event.html
@@ -5,7 +5,7 @@
 %>
 
     <FORM ACTION="cust_event.html" METHOD="GET">
-    <INPUT TYPE="hidden" NAME="failed" VALUE="<% $cgi->param('failed') %>">
+    <INPUT TYPE="hidden" NAME="failed" VALUE="<% $cgi->param('failed') ? 1 : 0 %>">
     <TABLE>
 
       <% include( '/elements/tr-select-agent.html' ) %>