From 8ca45ec1f1ab960ee1e262ee764f05d214728d05 Mon Sep 17 00:00:00 2001 From: Christopher Burger Date: Tue, 4 Sep 2018 08:30:35 -0400 Subject: RT# 75817 - Added password change link to cust main page --- httemplate/misc/process/change-password.html | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'httemplate/misc') diff --git a/httemplate/misc/process/change-password.html b/httemplate/misc/process/change-password.html index a3e060168..37ad6d915 100644 --- a/httemplate/misc/process/change-password.html +++ b/httemplate/misc/process/change-password.html @@ -18,7 +18,7 @@ <% $cgi->redirect($fsurl.'view/svc_acct.cgi?'.$cgi->query_string) %> % } % elsif ($contactnum) { - <% $cgi->redirect($fsurl.'edit/cust_main-contacts.html?'.$cgi->param('custnum')) %> + <% $cgi->redirect($fsurl.'view/cust_main.cgi?'.$cgi->param('custnum')) %> % } % } @@ -34,6 +34,10 @@ my $curuser = $FS::CurrentUser::CurrentUser; $cgi->param('svcnum') =~ /^(\d+)$/ or die "illegal svcnum" if $cgi->param('svcnum'); my $svcnum = $1; +foreach my $prefix (grep /^(.*)(password)$/, $cgi->param) { + $cgi->param('password' => $cgi->param($prefix)); +} + $cgi->param('contactnum') =~ /^(\d+)$/ or die "illegal contactnum" if $cgi->param('contactnum'); my $contactnum = $1; -- cgit v1.2.1 From fe293dc0ca4ea3939de9c2ad28d3aaf7c8980644 Mon Sep 17 00:00:00 2001 From: Mitch Jackson Date: Wed, 12 Sep 2018 23:32:52 -0400 Subject: RT# 80624 Detect and warn for bad MS Edge version --- .../misc/edge_browser_check-fail_notice.html | 25 ++++++++++++++++ httemplate/misc/edge_browser_check-header.html | 32 ++++++++++++++++++++ httemplate/misc/edge_browser_check-iframe.html | 35 ++++++++++++++++++++++ 3 files changed, 92 insertions(+) create mode 100644 httemplate/misc/edge_browser_check-fail_notice.html create mode 100644 httemplate/misc/edge_browser_check-header.html create mode 100644 httemplate/misc/edge_browser_check-iframe.html (limited to 'httemplate/misc') diff --git a/httemplate/misc/edge_browser_check-fail_notice.html b/httemplate/misc/edge_browser_check-fail_notice.html new file mode 100644 index 000000000..fb42ffe8e --- /dev/null +++ b/httemplate/misc/edge_browser_check-fail_notice.html @@ -0,0 +1,25 @@ +<& /elements/header.html, "Edge browser bug" &> + +
+
+ ⚠ +
+

+ Edge Browser Bug +

+

+ Your copy of Microsoft Edge has a data corrupting bug. +

+

+ Microsoft fixed this bug with the July RS4 Windows 10 Update. + Please update your copy of Windows. +

+

+ Alternatively, you may choose to use + Mozilla Firefox + or Google Chrome. They + are not affected by this bug. +

+
+ +<& /elements/footer.html &> \ No newline at end of file diff --git a/httemplate/misc/edge_browser_check-header.html b/httemplate/misc/edge_browser_check-header.html new file mode 100644 index 000000000..e7666aec4 --- /dev/null +++ b/httemplate/misc/edge_browser_check-header.html @@ -0,0 +1,32 @@ +% if ( $force_redirect ) { + +% } elsif ( $do_check ) { + + +% } +<%init> +my $curuser = $FS::CurrentUser::CurrentUser; +my $cgi = FS::UID::cgi(); +my $DEBUG = 0; + +my $do_check = 0; +$do_check = 1 + if $curuser + && !$cgi->param('edge_browser_check') + && $curuser->get_pref('edge_bug_vulnerable') ne 'N'; + +my $force_redirect = $curuser->get_pref('edge_bug_vulnerable') eq 'Y' ? 1 : 0; + \ No newline at end of file diff --git a/httemplate/misc/edge_browser_check-iframe.html b/httemplate/misc/edge_browser_check-iframe.html new file mode 100644 index 000000000..e804fc676 --- /dev/null +++ b/httemplate/misc/edge_browser_check-iframe.html @@ -0,0 +1,35 @@ +
+ + + +
+ + + + +<%init> +my $cgi = FS::UID::cgi(); +my $curuser = $FS::CurrentUser::CurrentUser; + +if ( $curuser ) { + my $canary = $cgi->param('edge_browser_canary'); + $curuser->set_pref( + 'edge_bug_vulnerable', + + $canary eq 'test' ? 'Y' : 'Y', + + # Don't test this user's session for the next 10m + time() + 600, + ); +} + + \ No newline at end of file -- cgit v1.2.1 From 0682747829a56d487155e28675c133cb90f991de Mon Sep 17 00:00:00 2001 From: Mitch Jackson Date: Thu, 13 Sep 2018 00:44:54 -0400 Subject: RT# 80624 Browser check repeats if session changes --- httemplate/misc/edge_browser_check-header.html | 10 +++++++--- httemplate/misc/edge_browser_check-iframe.html | 7 +++---- 2 files changed, 10 insertions(+), 7 deletions(-) (limited to 'httemplate/misc') diff --git a/httemplate/misc/edge_browser_check-header.html b/httemplate/misc/edge_browser_check-header.html index e7666aec4..a88962be9 100644 --- a/httemplate/misc/edge_browser_check-header.html +++ b/httemplate/misc/edge_browser_check-header.html @@ -18,7 +18,10 @@ % } <%init> -my $curuser = $FS::CurrentUser::CurrentUser; +my $curuser = $FS::CurrentUser::CurrentUser; +my $session = $FS::CurrentUser::CurrentSession; +my $sessionkey = $session->sessionkey if $session; + my $cgi = FS::UID::cgi(); my $DEBUG = 0; @@ -26,7 +29,8 @@ my $do_check = 0; $do_check = 1 if $curuser && !$cgi->param('edge_browser_check') - && $curuser->get_pref('edge_bug_vulnerable') ne 'N'; + && $sessionkey + && $curuser->get_pref('edge_bug_vulnerable') ne $sessionkey; my $force_redirect = $curuser->get_pref('edge_bug_vulnerable') eq 'Y' ? 1 : 0; - \ No newline at end of file + diff --git a/httemplate/misc/edge_browser_check-iframe.html b/httemplate/misc/edge_browser_check-iframe.html index e804fc676..61ae9a0bd 100644 --- a/httemplate/misc/edge_browser_check-iframe.html +++ b/httemplate/misc/edge_browser_check-iframe.html @@ -19,16 +19,15 @@ <%init> my $cgi = FS::UID::cgi(); my $curuser = $FS::CurrentUser::CurrentUser; +my $session = $FS::CurrentUser::CurrentSession; +my $sessionkey = $session->sessionkey if $session; if ( $curuser ) { my $canary = $cgi->param('edge_browser_canary'); $curuser->set_pref( 'edge_bug_vulnerable', - $canary eq 'test' ? 'Y' : 'Y', - - # Don't test this user's session for the next 10m - time() + 600, + $canary eq 'test' ? $sessionkey : 'Y', ); } -- cgit v1.2.1