diff options
Diffstat (limited to 'httemplate/pref')
| -rw-r--r-- | httemplate/pref/pref-process.html | 2 | ||||
| -rw-r--r-- | httemplate/pref/pref.html | 24 |
2 files changed, 20 insertions, 6 deletions
diff --git a/httemplate/pref/pref-process.html b/httemplate/pref/pref-process.html index 25f30e9a9..09eb71a7e 100644 --- a/httemplate/pref/pref-process.html +++ b/httemplate/pref/pref-process.html @@ -30,7 +30,7 @@ % my %param = $access_user->options; % % #XXX autogen -% my @paramlist = qw( menu_position +% my @paramlist = qw( menu_position show_pkgnum % email_address % vonage-fromnumber vonage-username vonage-password % height width availHeight availWidth colorDepth diff --git a/httemplate/pref/pref.html b/httemplate/pref/pref.html index de5bd8270..4007bb9f1 100644 --- a/httemplate/pref/pref.html +++ b/httemplate/pref/pref.html @@ -57,22 +57,34 @@ Email Address <BR> +Development +<% ntable("#cccccc",2) %> + + <TR> + <TH>Show internal package numbers: </TH> + <TD><INPUT TYPE="checkbox" NAME="show_pkgnum" VALUE="1" <% $curuser->option('show_pkgnum') ? 'CHECKED' : '' %>></TD> + </TR> + +</TABLE> +<BR> + + Vonage integration (see <a href="https://secure.click2callu.com/">Click2Call</a>) <% ntable("#cccccc",2) %> <TR> <TH ALIGN="right">Vonage phone number</TH> - <TD><INPUT TYPE="text" NAME="vonage-fromnumber" VALUE="<% $FS::CurrentUser::CurrentUser->option('vonage-fromnumber') %>"></TD> + <TD><INPUT TYPE="text" NAME="vonage-fromnumber" VALUE="<% $curuser->option('vonage-fromnumber') %>"></TD> </TR> <TR> <TH ALIGN="right">Vonage username</TH> - <TD><INPUT TYPE="text" NAME="vonage-username" VALUE="<% $FS::CurrentUser::CurrentUser->option('vonage-username') %>"></TD> + <TD><INPUT TYPE="text" NAME="vonage-username" VALUE="<% $curuser->option('vonage-username') %>"></TD> </TR> <TR> <TH ALIGN="right">Vonage password</TH> - <TD><INPUT TYPE="password" NAME="vonage-password" VALUE="<% $FS::CurrentUser::CurrentUser->option('vonage-password') %>"></TD> + <TD><INPUT TYPE="password" NAME="vonage-password" VALUE="<% $curuser->option('vonage-password') %>"></TD> </TR> </TABLE> @@ -91,11 +103,13 @@ Vonage integration (see <a href="https://secure.click2callu.com/">Click2Call</a> <% include('/elements/footer.html') %> <%init> +my $curuser = $FS::CurrentUser::CurrentUser; + # XSS via your own preferences? seems unlikely, but nice try anyway... -( $FS::CurrentUser::CurrentUser->option('menu_position') || 'left' ) +( $curuser->option('menu_position') || 'left' ) =~ /^(\w+)$/ or die "illegal menu_position"; my $menu_position = $1; -( $FS::CurrentUser::CurrentUser->option('email_address') ) +( $curuser->option('email_address') ) =~ /^([,\w\@.]*)$/ or die "illegal email_address"; #too late my $email_address = $1; |