httemplate/elements/create_uri_query


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

<%doc>

Instead of:

  my $link = $self_url. '?'. $cgi->query_string;

which will fail when the query string exceeds ~2k (browser-dependent)


Usage:

  my $query = $m->scomp('/elements/create_uri_query');
  my $link = $self_url. '?'. $query;

You can also pass an optional 'secure'=>1 parameter to force handling as
session data, even for short query strings.


See also handle_uri_query which needs to be used by the target page.

</%doc>
<% $query %>\
<%init>

my %opt = @_;

if ( $opt{secure} ) {

  foreach my $param (grep /pay(info\d?|cvv)$/, $cgi->param) {
    my $value = $cgi->param($param);
    next unless length($value);
    my $encrypted = FS::Record->encrypt( $value );
    $cgi->param($param, $encrypted);
  }

}

my $query = $opt{query} || $cgi->query_string;

if ( length($query) > 1920 || $opt{secure} ) { #stupid IE 2083 URL limit

  my $session = int(rand(4294967296)); #XXX
  my $pref = new FS::access_user_pref({
    'usernum'    => $FS::CurrentUser::CurrentUser->usernum,
    'prefname'   => "redirect$session",
    'prefvalue'  => $query,
    'expiration' => time + ( $opt{secure} ? 120  #2m?
                                          : 3600 #1h?
                           ),
  });
  local($FS::Record::no_history) = 1;

  my $pref_error = $pref->insert;
  if ( $pref_error ) {
    die "FATAL: couldn't even set redirect cookie: $pref_error".
        " attempting to set redirect$session to $query\n";
  }

  $query = "redirect=$session";

}

</%init>