From: ivan <ivan>
Date: Mon, 23 Oct 2006 08:47:07 +0000 (+0000)
Subject: better error message if you don't enter a reason.  FS::reason::check can untaint... 
X-Git-Tag: TRIXBOX_2_6~901
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=d5aaf28009ff269858f6b0532541da55b4968e6e

better error message if you don't enter a reason.  FS::reason::check can untaint its data, and will allow punctuation in reasons
---

diff --git a/httemplate/misc/process/cancel_pkg.html b/httemplate/misc/process/cancel_pkg.html
index 01433a3dc..dfe1317f4 100755
--- a/httemplate/misc/process/cancel_pkg.html
+++ b/httemplate/misc/process/cancel_pkg.html
@@ -34,22 +34,16 @@
 %$otaker = $FS::CurrentUser::CurrentUser->username
 %  if ($otaker eq "User, Legacy");
 %
-%my $error;
+%my $error = '';
 %if ($reasonnum == -1) {
-%  #untaint new reason
-%  my $nr = $cgi->param('newreasonnum');
-%  $nr =~ /^([\w\s]+)$/ || die "Illegal new reason";
-%  $nr = $1;
 %
-%  #untaint new reason type
-%  my $nrtype = $cgi->param('newreasonnumT');
-%  $nrtype =~ /^(\d+)$/ || die "Illegal new reason type";
-%  $nrtype = $1;
+%  $error = 'Enter a new reason (or select an existing oen)'
+%    unless $cgi->param('newreasonnum') !~ /^\s*$/;
 %
-%  my $reason = new FS::reason({ 'reason_type' => $nrtype,
-%                                'reason'      => $nr,
+%  my $reason = new FS::reason({ 'reason_type' => $cgi->param('newreasonnumT'),
+%                                'reason'      => $cgi->param('newreasonnum'),
 %                              });
-%  $error = $reason->insert;
+%  $error ||= $reason->insert;
 %  $reasonnum = $reason->reasonnum
 %    unless $error;
 %}