From d5aaf28009ff269858f6b0532541da55b4968e6e Mon Sep 17 00:00:00 2001
From: ivan <ivan>
Date: Mon, 23 Oct 2006 08:47:07 +0000
Subject: [PATCH] better error message if you don't enter a reason. 
 FS::reason::check can untaint its data, and will allow punctuation in reasons

---
 httemplate/misc/process/cancel_pkg.html | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/httemplate/misc/process/cancel_pkg.html b/httemplate/misc/process/cancel_pkg.html
index 01433a3dc..dfe1317f4 100755
--- a/httemplate/misc/process/cancel_pkg.html
+++ b/httemplate/misc/process/cancel_pkg.html
@@ -34,22 +34,16 @@
 %$otaker = $FS::CurrentUser::CurrentUser->username
 %  if ($otaker eq "User, Legacy");
 %
-%my $error;
+%my $error = '';
 %if ($reasonnum == -1) {
-%  #untaint new reason
-%  my $nr = $cgi->param('newreasonnum');
-%  $nr =~ /^([\w\s]+)$/ || die "Illegal new reason";
-%  $nr = $1;
 %
-%  #untaint new reason type
-%  my $nrtype = $cgi->param('newreasonnumT');
-%  $nrtype =~ /^(\d+)$/ || die "Illegal new reason type";
-%  $nrtype = $1;
+%  $error = 'Enter a new reason (or select an existing oen)'
+%    unless $cgi->param('newreasonnum') !~ /^\s*$/;
 %
-%  my $reason = new FS::reason({ 'reason_type' => $nrtype,
-%                                'reason'      => $nr,
+%  my $reason = new FS::reason({ 'reason_type' => $cgi->param('newreasonnumT'),
+%                                'reason'      => $cgi->param('newreasonnum'),
 %                              });
-%  $error = $reason->insert;
+%  $error ||= $reason->insert;
 %  $reasonnum = $reason->reasonnum
 %    unless $error;
 %}
-- 
2.11.0