diff options
| author | ivan <ivan> | 2007-01-29 23:16:18 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2007-01-29 23:16:18 +0000 |
| commit | e75e410d0cdc5ca62af1888c3cb75163ca22d2ad (patch) | |
| tree | b6e96572c07b18e930c65c7b9f082bfd4eb249b3 /httemplate | |
| parent | 96192f1c88de6f54c856cac650bd2e1338e64fbc (diff) | |
putting the C in ACL
Diffstat (limited to 'httemplate')
| -rw-r--r-- | httemplate/config/config-process.cgi | 110 | ||||
| -rw-r--r-- | httemplate/config/config-view.cgi | 5 | ||||
| -rw-r--r-- | httemplate/config/config.cgi | 5 |
3 files changed, 68 insertions, 52 deletions
diff --git a/httemplate/config/config-process.cgi b/httemplate/config/config-process.cgi index a78f397..d8f0d8e 100644 --- a/httemplate/config/config-process.cgi +++ b/httemplate/config/config-process.cgi @@ -1,52 +1,62 @@ -% -% my $conf = new FS::Conf; -% $FS::Conf::DEBUG = 1; -% my @config_items = $conf->config_items; -% -% foreach my $i ( @config_items ) { -% my @touch = (); -% my @delete = (); -% my $n = 0; -% foreach my $type ( ref($i->type) ? @{$i->type} : $i->type ) { -% if ( $type eq '' ) { -% } elsif ( $type eq 'textarea' ) { -% if ( $cgi->param($i->key. $n) ne '' ) { -% my $value = $cgi->param($i->key. $n); -% $value =~ s/\r\n/\n/g; #browsers? -% $conf->set($i->key, $value); -% } else { -% $conf->delete($i->key); -% } -% } elsif ( $type eq 'checkbox' ) { -%# if ( defined($cgi->param($i->key. $n)) && $cgi->param($i->key. $n) ) { -% if ( defined $cgi->param($i->key. $n) ) { -% #$conf->touch($i->key); -% push @touch, $i->key; -% } else { -% #$conf->delete($i->key); -% push @delete, $i->key; -% } -% } elsif ( $type eq 'text' || $type eq 'select' || $type eq 'select-sub' ) { -% if ( $cgi->param($i->key. $n) ne '' ) { -% $conf->set($i->key, $cgi->param($i->key. $n)); -% } else { -% $conf->delete($i->key); -% } -% } elsif ( $type eq 'editlist' || $type eq 'selectmultiple' ) { -% if ( scalar(@{[ $cgi->param($i->key. $n) ]}) ) { -% $conf->set($i->key, join("\n", @{[ $cgi->param($i->key. $n) ]} )); -% } else { -% $conf->delete($i->key); -% } -% } else { -% } -% $n++; -% } -% # warn @touch; -% $conf->touch($_) foreach @touch; -% $conf->delete($_) foreach @delete; -% } -% -% +<%init> +die "access denied\n" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +# errant GET/POST protection +my $Vars = scalar($cgi->Vars); +my $num_Vars = scalar(keys %$Vars); +die "only received $num_Vars params; errant or truncated GET/POST?". + " aborting - not updating config\n" + unless $num_Vars > 100; + +my $conf = new FS::Conf; +$FS::Conf::DEBUG = 1; +my @config_items = $conf->config_items; + +foreach my $i ( @config_items ) { + my @touch = (); + my @delete = (); + my $n = 0; + foreach my $type ( ref($i->type) ? @{$i->type} : $i->type ) { + if ( $type eq '' ) { + } elsif ( $type eq 'textarea' ) { + if ( $cgi->param($i->key. $n) ne '' ) { + my $value = $cgi->param($i->key. $n); + $value =~ s/\r\n/\n/g; #browsers? + $conf->set($i->key, $value); + } else { + $conf->delete($i->key); + } + } elsif ( $type eq 'checkbox' ) { +# if ( defined($cgi->param($i->key. $n)) && $cgi->param($i->key. $n) ) { + if ( defined $cgi->param($i->key. $n) ) { + #$conf->touch($i->key); + push @touch, $i->key; + } else { + #$conf->delete($i->key); + push @delete, $i->key; + } + } elsif ( $type eq 'text' || $type eq 'select' || $type eq 'select-sub' ) { + if ( $cgi->param($i->key. $n) ne '' ) { + $conf->set($i->key, $cgi->param($i->key. $n)); + } else { + $conf->delete($i->key); + } + } elsif ( $type eq 'editlist' || $type eq 'selectmultiple' ) { + if ( scalar(@{[ $cgi->param($i->key. $n) ]}) ) { + $conf->set($i->key, join("\n", @{[ $cgi->param($i->key. $n) ]} )); + } else { + $conf->delete($i->key); + } + } else { + } + $n++; + } + # warn @touch; + $conf->touch($_) foreach @touch; + $conf->delete($_) foreach @delete; +} + +</%init> <% $cgi->redirect("config-view.cgi") %> diff --git a/httemplate/config/config-view.cgi b/httemplate/config/config-view.cgi index ff7913d..91ba337 100644 --- a/httemplate/config/config-view.cgi +++ b/httemplate/config/config-view.cgi @@ -1,4 +1,3 @@ -<!-- mason kludge --> <% include("/elements/header.html",'View Configuration', menubar( 'Main Menu' => $p, 'Edit Configuration' => 'config.cgi' ) ) %> % my $conf = new FS::Conf; my @config_items = $conf->config_items; @@ -90,3 +89,7 @@ </body></html> +<%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); +</%init> diff --git a/httemplate/config/config.cgi b/httemplate/config/config.cgi index 369314d..6c3a51a 100644 --- a/httemplate/config/config.cgi +++ b/httemplate/config/config.cgi @@ -1,4 +1,3 @@ -<!-- mason kludge --> <% include("/elements/header.html",'Edit Configuration', menubar( 'Main Menu' => $p ) ) %> <SCRIPT> var gSafeOnload = new Array(); @@ -258,3 +257,7 @@ function SafeOnsubmit() { </form> </body></html> +<%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); +</%init> |