[freeside-commits] freeside/FS/FS Record.pm, 1.148, 1.149 access_user.pm, 1.18, 1.19
Ivan,,,
ivan at wavetail.420.am
Thu Feb 28 18:29:59 PST 2008
Update of /home/cvs/cvsroot/freeside/FS/FS
In directory wavetail.420.am:/tmp/cvs-serv17337
Modified Files:
Record.pm access_user.pm
Log Message:
disallow uppercase usernames in the first place. also Record::str2time_sql_closing snuck in.
Index: access_user.pm
===================================================================
RCS file: /home/cvs/cvsroot/freeside/FS/FS/access_user.pm,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- access_user.pm 19 Feb 2008 02:15:53 -0000 1.18
+++ access_user.pm 29 Feb 2008 02:29:57 -0000 1.19
@@ -90,6 +90,9 @@
sub insert {
my $self = shift;
+ my $error = $self->check;
+ return $error if $error;
+
local $SIG{HUP} = 'IGNORE';
local $SIG{INT} = 'IGNORE';
local $SIG{QUIT} = 'IGNORE';
@@ -101,7 +104,7 @@
local $FS::UID::AutoCommit = 0;
my $dbh = dbh;
- my $error = $self->htpasswd_kludge();
+ $error = $self->htpasswd_kludge();
if ( $error ) {
$dbh->rollback or die $dbh->errstr if $oldAutoCommit;
return $error;
@@ -111,7 +114,14 @@
if ( $error ) {
$dbh->rollback or die $dbh->errstr if $oldAutoCommit;
+
+ #make sure it isn't a dup username? or you could nuke people's passwords
+ #blah. really just should do our own login w/cookies
+ #and auth out of the db in the first place
+ #my $hterror = $self->htpasswd_kludge('-D');
+ #$error .= " - additionally received error cleaning up htpasswd file: $hterror"
return $error;
+
} else {
$dbh->commit or die $dbh->errstr if $oldAutoCommit;
'';
@@ -236,7 +246,7 @@
my $error =
$self->ut_numbern('usernum')
- || $self->ut_alpha('username')
+ || $self->ut_alpha_lower('username')
|| $self->ut_text('_password')
|| $self->ut_text('last')
|| $self->ut_text('first')
Index: Record.pm
===================================================================
RCS file: /home/cvs/cvsroot/freeside/FS/FS/Record.pm,v
retrieving revision 1.148
retrieving revision 1.149
diff -u -d -r1.148 -r1.149
--- Record.pm 1 Dec 2007 01:32:05 -0000 1.148
+++ Record.pm 29 Feb 2008 02:29:57 -0000 1.149
@@ -1555,6 +1555,20 @@
'';
}
+=item ut_alpha_lower COLUMN
+
+Check/untaint lowercase alphanumeric strings (no spaces). May not be null. If
+there is an error, returns the error, otherwise returns false.
+
+=cut
+
+sub ut_alpha_lower {
+ my($self,$field)=@_;
+ $self->getfield($field) =~ /[[:upper:]]/
+ and return "Uppercase characters are not permitted in $field";
+ $self->ut_alpha($field);
+}
+
=item ut_phonen COLUMN [ COUNTRY ]
Check/untaint phone numbers. May be null. If there is an error, returns
@@ -2238,9 +2252,9 @@
=item str2time_sql [ DRIVER_NAME ]
Returns a function to convert to unix time based on database type, such as
-"EXTRACT( EPOCH FROM" for Pg or "UNIX_TIMESTAMP(" for mysql. You are
-responsible for the closing parenthesis yourself. Don't let it down. It's a
-sensitive parenthesis.
+"EXTRACT( EPOCH FROM" for Pg or "UNIX_TIMESTAMP(" for mysql. See
+the str2time_sql_closing method to return a closing string rather than just
+using a closing parenthesis as previously suggested.
You can pass an optional driver name such as "Pg", "mysql" or
$dbh->{Driver}->{Name} to return a function for that database instead of
@@ -2260,6 +2274,24 @@
}
+=item str2time_sql_closing [ DRIVER_NAME ]
+
+Returns the closing suffix of a function to convert to unix time based on
+database type, such as ")::integer" for Pg or ")" for mysql.
+
+You can pass an optional driver name such as "Pg", "mysql" or
+$dbh->{Driver}->{Name} to return a function for that database instead of
+the current database.
+
+=cut
+
+sub str2time_sql_closing {
+ my $driver = shift || driver_name;
+
+ return ' )::INTEGER ' if $driver =~ /^Pg/i;
+ return ' ) ';
+}
+
=back
=head1 BUGS
More information about the freeside-commits
mailing list