[freeside-commits] freeside/httemplate/config config-process.cgi, 1.9, 1.10 config-view.cgi, 1.14, 1.15 config.cgi, 1.19, 1.20

Ivan,,, ivan at wavetail.420.am
Mon Jan 29 15:16:21 PST 2007 

Update of /home/cvs/cvsroot/freeside/httemplate/config
In directory wavetail:/tmp/cvs-serv14698

Modified Files:
	config-process.cgi config-view.cgi config.cgi 
Log Message:
putting the C in ACL

Index: config.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/config/config.cgi,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -d -r1.19 -r1.20
--- config.cgi	23 Aug 2006 22:25:37 -0000	1.19
+++ config.cgi	29 Jan 2007 23:16:18 -0000	1.20
@@ -1,4 +1,3 @@
-<!-- mason kludge -->
 <% include("/elements/header.html",'Edit Configuration', menubar( 'Main Menu' => $p ) ) %>
 <SCRIPT>
 var gSafeOnload = new Array();
@@ -258,3 +257,7 @@
 </form>
 
 </body></html>
+<%init>
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+</%init>

Index: config-view.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/config/config-view.cgi,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- config-view.cgi	23 Aug 2006 22:25:37 -0000	1.14
+++ config-view.cgi	29 Jan 2007 23:16:18 -0000	1.15
@@ -1,4 +1,3 @@
-<!-- mason kludge -->
 <% include("/elements/header.html",'View Configuration', menubar( 'Main Menu' => $p,
                                      'Edit Configuration' => 'config.cgi' ) ) %>
 % my $conf = new FS::Conf; my @config_items = $conf->config_items; 
@@ -90,3 +89,7 @@
 
 
 </body></html>
+<%init>
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+</%init>

Index: config-process.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/config/config-process.cgi,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- config-process.cgi	31 Aug 2006 21:26:55 -0000	1.9
+++ config-process.cgi	29 Jan 2007 23:16:18 -0000	1.10
@@ -1,52 +1,62 @@
-%
-%  my $conf = new FS::Conf;
-%  $FS::Conf::DEBUG = 1;
-%  my @config_items = $conf->config_items;
-%
-%  foreach my $i ( @config_items ) {
-%    my @touch = ();
-%    my @delete = ();
-%    my $n = 0;
-%    foreach my $type ( ref($i->type) ? @{$i->type} : $i->type ) {
-%      if ( $type eq '' ) {
-%      } elsif ( $type eq 'textarea' ) {
-%        if ( $cgi->param($i->key. $n) ne '' ) {
-%          my $value = $cgi->param($i->key. $n);
-%          $value =~ s/\r\n/\n/g; #browsers?
-%          $conf->set($i->key, $value);
-%        } else {
-%          $conf->delete($i->key);
-%        }
-%      } elsif ( $type eq 'checkbox' ) {
-%#        if ( defined($cgi->param($i->key. $n)) && $cgi->param($i->key. $n) ) {
-%        if ( defined $cgi->param($i->key. $n) ) {
-%          #$conf->touch($i->key);
-%          push @touch, $i->key;
-%        } else {
-%          #$conf->delete($i->key);
-%          push @delete, $i->key;
-%        }
-%      } elsif ( $type eq 'text' || $type eq 'select' || $type eq 'select-sub' )  {
-%        if ( $cgi->param($i->key. $n) ne '' ) {
-%          $conf->set($i->key, $cgi->param($i->key. $n));
-%        } else {
-%          $conf->delete($i->key);
-%        }
-%      } elsif ( $type eq 'editlist' || $type eq 'selectmultiple' )  {
-%        if ( scalar(@{[ $cgi->param($i->key. $n) ]}) ) {
-%          $conf->set($i->key, join("\n", @{[ $cgi->param($i->key. $n) ]} ));
-%        } else {
-%          $conf->delete($i->key);
-%        }
-%      } else {
-%      }
-%      $n++;
-%    }
-%   # warn @touch;
-%    $conf->touch($_) foreach @touch;
-%    $conf->delete($_) foreach @delete;
-%  }
-%
-%
+<%init>
+
+die "access denied\n"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+# errant GET/POST protection
+my $Vars = scalar($cgi->Vars);
+my $num_Vars = scalar(keys %$Vars);
+die "only received $num_Vars params; errant or truncated GET/POST?".
+    "  aborting - not updating config\n"
+  unless $num_Vars > 100;
+
+my $conf = new FS::Conf;
+$FS::Conf::DEBUG = 1;
+my @config_items = $conf->config_items;
 
+foreach my $i ( @config_items ) {
+  my @touch = ();
+  my @delete = ();
+  my $n = 0;
+  foreach my $type ( ref($i->type) ? @{$i->type} : $i->type ) {
+    if ( $type eq '' ) {
+    } elsif ( $type eq 'textarea' ) {
+      if ( $cgi->param($i->key. $n) ne '' ) {
+        my $value = $cgi->param($i->key. $n);
+        $value =~ s/\r\n/\n/g; #browsers?
+        $conf->set($i->key, $value);
+      } else {
+        $conf->delete($i->key);
+      }
+    } elsif ( $type eq 'checkbox' ) {
+#        if ( defined($cgi->param($i->key. $n)) && $cgi->param($i->key. $n) ) {
+      if ( defined $cgi->param($i->key. $n) ) {
+        #$conf->touch($i->key);
+        push @touch, $i->key;
+      } else {
+        #$conf->delete($i->key);
+        push @delete, $i->key;
+      }
+    } elsif ( $type eq 'text' || $type eq 'select' || $type eq 'select-sub' )  {
+      if ( $cgi->param($i->key. $n) ne '' ) {
+        $conf->set($i->key, $cgi->param($i->key. $n));
+      } else {
+        $conf->delete($i->key);
+      }
+    } elsif ( $type eq 'editlist' || $type eq 'selectmultiple' )  {
+      if ( scalar(@{[ $cgi->param($i->key. $n) ]}) ) {
+        $conf->set($i->key, join("\n", @{[ $cgi->param($i->key. $n) ]} ));
+      } else {
+        $conf->delete($i->key);
+      }
+    } else {
+    }
+    $n++;
+  }
+ # warn @touch;
+  $conf->touch($_) foreach @touch;
+  $conf->delete($_) foreach @delete;
+}
+
+</%init>
 <% $cgi->redirect("config-view.cgi") %>

More information about the freeside-commits mailing list