diff options
Diffstat (limited to 'httemplate/misc')
| -rw-r--r-- | httemplate/misc/edge_browser_check-fail_notice.html | 25 | ||||
| -rw-r--r-- | httemplate/misc/edge_browser_check-header.html | 36 | ||||
| -rw-r--r-- | httemplate/misc/edge_browser_check-iframe.html | 34 | ||||
| -rw-r--r-- | httemplate/misc/process/change-password.html | 6 |
4 files changed, 100 insertions, 1 deletions
diff --git a/httemplate/misc/edge_browser_check-fail_notice.html b/httemplate/misc/edge_browser_check-fail_notice.html new file mode 100644 index 000000000..fb42ffe8e --- /dev/null +++ b/httemplate/misc/edge_browser_check-fail_notice.html @@ -0,0 +1,25 @@ +<& /elements/header.html, "Edge browser bug" &> + +<div id="edgebug" style="border: solid 1px #888; border-radius: 4px; margin: 5em; max-width: 400px; text-align: left; padding: 0 1em; background-color: #ffe; box-shadow: 2px 2px 4px"> + <div style="text-align: center; font-size: 3em; color: #933; text-shadow: 1px 1px 2px black;"> + ⚠ + </div> + <h4 style="border-bottom: solid 1px #888; margin: 1em 0; text-align: center;"> + Edge Browser Bug + </h4> + <p> + Your copy of Microsoft Edge has a data corrupting bug. + </p> + <p> + Microsoft fixed this bug with the <b>July RS4 Windows 10 Update</b>. + Please update your copy of Windows. + </p> + <p> + Alternatively, you may choose to use + <a href="https://mozilla.org/en-US/firefox/new/">Mozilla Firefox</a> + or <a href="https://chrome.google.com">Google Chrome</a>. They + are not affected by this bug. + </p> +</div> + +<& /elements/footer.html &>
\ No newline at end of file diff --git a/httemplate/misc/edge_browser_check-header.html b/httemplate/misc/edge_browser_check-header.html new file mode 100644 index 000000000..a88962be9 --- /dev/null +++ b/httemplate/misc/edge_browser_check-header.html @@ -0,0 +1,36 @@ +% if ( $force_redirect ) { + <script type="text/javascript"> + if ( <% $DEBUG %> || /Edge\/17\.17134/.test( navigator.userAgent )) { + if ( window.location.href.indexOf("fail_notice") == -1 ) { + window.location.href = "<% $fsurl %>misc/edge_browser_check-fail_notice.html"; + } + } + </script> +% } elsif ( $do_check ) { + <iframe id="edge_browser_check_iframe" style="display:none;"></iframe> + <script type="text/javascript"> + if ( <% $DEBUG %> || /Edge\/17\.17134/.test( navigator.userAgent )) { + $("#edge_browser_check_iframe").attr( + 'src', + '<% $fsurl %>misc/edge_browser_check-iframe.html?edge_browser_check=1' + ); + } + </script> +% } +<%init> +my $curuser = $FS::CurrentUser::CurrentUser; +my $session = $FS::CurrentUser::CurrentSession; +my $sessionkey = $session->sessionkey if $session; + +my $cgi = FS::UID::cgi(); +my $DEBUG = 0; + +my $do_check = 0; +$do_check = 1 + if $curuser + && !$cgi->param('edge_browser_check') + && $sessionkey + && $curuser->get_pref('edge_bug_vulnerable') ne $sessionkey; + +my $force_redirect = $curuser->get_pref('edge_bug_vulnerable') eq 'Y' ? 1 : 0; +</%init> diff --git a/httemplate/misc/edge_browser_check-iframe.html b/httemplate/misc/edge_browser_check-iframe.html new file mode 100644 index 000000000..61ae9a0bd --- /dev/null +++ b/httemplate/misc/edge_browser_check-iframe.html @@ -0,0 +1,34 @@ +<form id="canary-form" action="<% $fsurl %>misc/edge_browser_check-iframe.html" method="POST"> +<input type="text" id="canary-result" value="<% scalar $cgi->param('edge_browser_canary') %>"> +<select name="edge_browser_canary"> + <option>test + <option>test +</select> +<input id="canary-submit" type="submit"> +</form> + +<script type="text/javascript" src="<% $fsurl %>elements/jquery.js"></script> +<script type="text/javascript"> + $( function() { + if ( ! $("#canary-result").val() ) { + $("#canary-form").submit(); + } + }); +</script> + +<%init> +my $cgi = FS::UID::cgi(); +my $curuser = $FS::CurrentUser::CurrentUser; +my $session = $FS::CurrentUser::CurrentSession; +my $sessionkey = $session->sessionkey if $session; + +if ( $curuser ) { + my $canary = $cgi->param('edge_browser_canary'); + $curuser->set_pref( + 'edge_bug_vulnerable', + + $canary eq 'test' ? $sessionkey : 'Y', + ); +} + +</%init>
\ No newline at end of file diff --git a/httemplate/misc/process/change-password.html b/httemplate/misc/process/change-password.html index a3e060168..37ad6d915 100644 --- a/httemplate/misc/process/change-password.html +++ b/httemplate/misc/process/change-password.html @@ -18,7 +18,7 @@ <% $cgi->redirect($fsurl.'view/svc_acct.cgi?'.$cgi->query_string) %> % } % elsif ($contactnum) { - <% $cgi->redirect($fsurl.'edit/cust_main-contacts.html?'.$cgi->param('custnum')) %> + <% $cgi->redirect($fsurl.'view/cust_main.cgi?'.$cgi->param('custnum')) %> % } % } @@ -34,6 +34,10 @@ my $curuser = $FS::CurrentUser::CurrentUser; $cgi->param('svcnum') =~ /^(\d+)$/ or die "illegal svcnum" if $cgi->param('svcnum'); my $svcnum = $1; +foreach my $prefix (grep /^(.*)(password)$/, $cgi->param) { + $cgi->param('password' => $cgi->param($prefix)); +} + $cgi->param('contactnum') =~ /^(\d+)$/ or die "illegal contactnum" if $cgi->param('contactnum'); my $contactnum = $1; |