diff options
Diffstat (limited to 'httemplate/pref')
| -rw-r--r-- | httemplate/pref/pref-process.html | 3 | ||||
| -rw-r--r-- | httemplate/pref/pref.html | 22 |
2 files changed, 20 insertions, 5 deletions
diff --git a/httemplate/pref/pref-process.html b/httemplate/pref/pref-process.html index 704286568..93d73e00a 100644 --- a/httemplate/pref/pref-process.html +++ b/httemplate/pref/pref-process.html @@ -28,7 +28,8 @@ % } % % #XXX autogen -% my @paramlist = qw( menu_position email_address +% my @paramlist = qw( menu_position show_pkgnum +% email_address % height width availHeight availWidth colorDepth % ); % diff --git a/httemplate/pref/pref.html b/httemplate/pref/pref.html index ec8aefd80..77f8cec68 100644 --- a/httemplate/pref/pref.html +++ b/httemplate/pref/pref.html @@ -53,8 +53,20 @@ Email Address </TABLE> <BR> - - + + +Development +<% ntable("#cccccc",2) %> + + <TR> + <TH>Show internal package numbers: </TH> + <TD><INPUT TYPE="checkbox" NAME="show_pkgnum" VALUE="1" <% $curuser->option('show_pkgnum') ? 'CHECKED' : '' %>></TD> + </TR> + +</TABLE> +<BR> + + % foreach my $prop (qw( height width availHeight availWidth colorDepth )) { <INPUT TYPE="hidden" NAME="<% $prop %>" VALUE=""> <SCRIPT TYPE="text/javascript"> @@ -67,11 +79,13 @@ Email Address <% include('/elements/footer.html') %> <%init> +my $curuser = $FS::CurrentUser::CurrentUser; + # XSS via your own preferences? seems unlikely, but nice try anyway... -( $FS::CurrentUser::CurrentUser->option('menu_position') || 'left' ) +( $curuser->option('menu_position') || 'left' ) =~ /^(\w+)$/ or die "illegal menu_position"; my $menu_position = $1; -( $FS::CurrentUser::CurrentUser->option('email_address') ) +( $curuser->option('email_address') ) =~ /^([,\w\@.]*)$/ or die "illegal email_address"; #too late my $email_address = $1; |