diff options
| author | C.J. Adams-Collier <cjac@colliertech.org> | 2014-09-04 17:24:49 -0700 |
|---|---|---|
| committer | C.J. Adams-Collier <cjac@colliertech.org> | 2014-09-04 17:25:42 -0700 |
| commit | c9b7e9bd253b26a35e9821a877d0ae5d30105d38 (patch) | |
| tree | 4fefd1d658584d86943fe6299d10d9ead0de34e6 | |
| parent | 5f5fbed30812124e5865c4aaf20c927f7d2d01bd (diff) | |
fix for lack of input validation - RT#15405
| -rw-r--r-- | FS/FS/part_event/Condition/balance_age.pm | 40 | ||||
| -rw-r--r-- | httemplate/edit/process/part_event.html | 15 |
2 files changed, 55 insertions, 0 deletions
diff --git a/FS/FS/part_event/Condition/balance_age.pm b/FS/FS/part_event/Condition/balance_age.pm index 84806596a..701dafdfe 100644 --- a/FS/FS/part_event/Condition/balance_age.pm +++ b/FS/FS/part_event/Condition/balance_age.pm @@ -5,6 +5,46 @@ use base qw( FS::part_event::Condition ); sub description { 'Customer balance age'; } +=item check_options OPTIONS + +Validate options + +=cut + +my $duration_rx = qr/^(\d+)$/; +my $unit_rx = qr/^[wmdh]$/; +my $both_rx = qr/^(\d+)([wmdh])/; + +sub check_options { + my ($self, $options) = @_; + + my $age = $options->{age}; + my $age_units = $options->{age_units}; + + return "Invalid (age) must be defined: $age" + unless( defined $age ); + + # over-ride possibly inaccurate unit indicator + if( $age =~ /$both_rx/ ){ + $age = $1; + $age_units = $2; + } + + return "Invalid (age_units) must be defined: $age_units" + unless defined $age_units; + + return "Invalid (age) must be integer: $age" + unless( $age =~ /$duration_rx/ ); + + return "Invalid (age) must be non-zero: $age" + if ( $age == 0 ); + + return( "Invalid (age_units) must be m/w/d/h: $age_units" ) + unless( $age_units =~ /$unit_rx/i ); + + return ''; +} + sub option_fields { ( 'balance' => { 'label' => 'Balance over', diff --git a/httemplate/edit/process/part_event.html b/httemplate/edit/process/part_event.html index a8c434c1a..481439d53 100644 --- a/httemplate/edit/process/part_event.html +++ b/httemplate/edit/process/part_event.html @@ -85,6 +85,21 @@ if ( $cgi->param('_initialize') ) { $cgi->param('disabled', 'Y'); } + + my $balance_age_rx = qr/^(condition.+)\.balance_age\.age$/; + + foreach my $param ( keys %{ $cgi->Vars() } ){ + + next unless ( $param =~ /$balance_age_rx/ ); + next unless $cgi->param($1) eq 'balance_age'; + + my $errstr = FS::part_event::Condition::balance_age-> + check_options( { age => $cgi->param($param), + age_units => $cgi->param("${param}_units") } ); + + return $errstr if $errstr; + } + return ''; }, 'noerror_callback' => sub { |