diff options
Diffstat (limited to 'FS/FS')
-rw-r--r-- | FS/FS/Record.pm | 36 | ||||
-rw-r--r-- | FS/FS/cust_main.pm | 92 |
2 files changed, 114 insertions, 14 deletions
diff --git a/FS/FS/Record.pm b/FS/FS/Record.pm index 646a576..82f590f 100644 --- a/FS/FS/Record.pm +++ b/FS/FS/Record.pm @@ -74,6 +74,7 @@ FS::Record - Database record objects $value = $record->ut_alphan('column'); $value = $record->ut_phonen('column'); $value = $record->ut_anythingn('column'); + $value = $record->ut_name('column'); $dbdef = reload_dbdef; $dbdef = reload_dbdef "/non/standard/filename"; @@ -789,8 +790,37 @@ sub ut_domain { ''; } +=item ut_name COLUMN + +Check/untaint proper names; allows alphanumerics, spaces and the following +punctuation: , . - ' + +May not be null. + +=cut + +sub ut_name { + my( $self, $field ) = @_; + $self->getfield($field) =~ /^([\w \,\.\-\']+)$/ + or return "Illegal (name) $field: ". $self->getfield($field); + $self->setfield($field,$1); + ''; +} + +=item ut_zip COLUMN + +Check/untaint zip codes. + =cut +sub ut_zip { + my( $self, $field ) = @_; + $self->getfield($field) =~ /^\s*(\w[\w\-\s]{2,8}\w)\s*$/ + or return "Illegal (zip) $field: ". $self->getfield($field); + $self->setfield($field,$1); + ''; +} + =item ut_anything COLUMN Untaints arbitrary data. Be careful. @@ -919,7 +949,7 @@ sub DESTROY { return; } =head1 VERSION -$Id: Record.pm,v 1.18 2001-07-30 07:33:08 ivan Exp $ +$Id: Record.pm,v 1.19 2001-07-30 10:41:44 ivan Exp $ =head1 BUGS @@ -949,7 +979,7 @@ The ut_money method assumes money has two decimal digits. The Pg money kludge in the new method only strips `$'. -The ut_phonen method assumes US-style phone numbers. +The ut_phonen method only checks US-style phone numbers. The _quote function should probably use ut_float instead of a regex. @@ -962,6 +992,8 @@ As of 1.14, DBI fetchall_hashref( {} ) doesn't set fetchrow_hashref NAME_lc, or allow it to be set. Working around it is ugly any way around - DBI should be fixed. (only affects RDBMS which return uppercase column names) +ut_zip should take an optional country like ut_phone. + =head1 SEE ALSO L<DBIx::DBSchema>, L<FS::UID>, L<DBI> diff --git a/FS/FS/cust_main.pm b/FS/FS/cust_main.pm index 2d7dae4..e6b7531 100644 --- a/FS/FS/cust_main.pm +++ b/FS/FS/cust_main.pm @@ -149,6 +149,32 @@ FS::Record. The following fields are currently supported: =item fax - phone (optional) +=item ship_first - name + +=item ship_last - name + +=item ship_company - (optional) + +=item ship_address1 + +=item ship_address2 - (optional) + +=item ship_city + +=item ship_county - (optional, see L<FS::cust_main_county>) + +=item ship_state - (see L<FS::cust_main_county>) + +=item ship_zip + +=item ship_country - (see L<FS::cust_main_county>) + +=item ship_daytime - phone (optional) + +=item ship_night - phone (optional) + +=item ship_fax - phone (optional) + =item payby - `CARD' (credit cards), `BILL' (billing), `COMP' (free), or `PREPAY' (special billing type: applies a credit - see L<FS::prepay_credit> and sets billing type to BILL) =item payinfo - card number, P.O., comp issuer (4-8 lowercase alphanumerics; think username) or prepayment identifier (see L<FS::prepay_credit>) @@ -386,6 +412,8 @@ sub check { $self->ut_numbern('custnum') || $self->ut_number('agentnum') || $self->ut_number('refnum') + || $self->ut_name('last') + || $self->ut_name('first') || $self->ut_textn('company') || $self->ut_text('address1') || $self->ut_textn('address2') @@ -404,14 +432,6 @@ sub check { return "Unknown referral" unless qsearchs( 'part_referral', { 'refnum' => $self->refnum } ); - $self->getfield('last') =~ /^([\w \,\.\-\']+)$/ - or return "Illegal last name: ". $self->getfield('last'); - $self->setfield('last',$1); - - $self->first =~ /^([\w \,\.\-\']+)$/ - or return "Illegal first name: ". $self->first; - $self->first($1); - if ( $self->ss eq '' ) { $self->ss(''); } else { @@ -441,12 +461,60 @@ sub check { $self->ut_phonen('daytime', $self->country) || $self->ut_phonen('night', $self->country) || $self->ut_phonen('fax', $self->country) + || $self->ut_zip('zip', $self->country) ; return $error if $error; - $self->zip =~ /^\s*(\w[\w\-\s]{2,8}\w)\s*$/ - or return "Illegal zip: ". $self->zip; - $self->zip($1); + if ( defined $self->dbdef_table->column('ship_last') ) { + if ( grep { $self->getfield($_) ne $self->getfield("ship_$_") } + qw( last first company address1 address2 city county state zip + country daytime night fax ) + ) # if any address fields differ + { + my $error = + $self->ut_name('ship_last') + || $self->ut_name('ship_first') + || $self->ut_textn('ship_company') + || $self->ut_text('ship_address1') + || $self->ut_textn('ship_address2') + || $self->ut_text('ship_city') + || $self->ut_textn('ship_county') + || $self->ut_textn('ship_state') + ; + return $error if $error; + + #false laziness with above + $self->ship_country =~ /^(\w\w)$/ + or return "Illegal ship_country: ". $self->ship_country; + $self->ship_country($1); + unless ( qsearchs('cust_main_county', { + 'country' => $self->ship_country, + 'state' => '', + } ) ) { + return "Unknown ship_state/ship_county/ship_country: ". + $self->ship_state. "/". $self->ship_county. "/". $self->ship_country + unless qsearchs('cust_main_county',{ + 'state' => $self->ship_state, + 'county' => $self->ship_county, + 'country' => $self->ship_country, + } ); + } + #eofalse + + $error = + $self->ut_phonen('ship_daytime', $self->ship_country) + || $self->ut_phonen('ship_night', $self->ship_country) + || $self->ut_phonen('ship_fax', $self->ship_country) + || $self->ut_zip('ship_zip', $self->ship_country) + ; + return $error if $error; + + } else { # ship_ info eq billing info, so don't store dup info in database + $self->setfield("ship_$_", '') + foreach qw( last first company address1 address2 city county state zip + country daytime night fax ); + } + } $self->payby =~ /^(CARD|BILL|COMP|PREPAY)$/ or return "Illegal payby: ". $self->payby; @@ -1125,7 +1193,7 @@ sub check_invoicing_list { =head1 VERSION -$Id: cust_main.pm,v 1.14 2001-06-03 10:51:54 ivan Exp $ +$Id: cust_main.pm,v 1.15 2001-07-30 10:41:44 ivan Exp $ =head1 BUGS |