| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
 | <% header(emt("Package $past_method")) %>
  <SCRIPT TYPE="text/javascript">
    window.top.location.reload();
  </SCRIPT>
  </BODY>
</HTML>
<%once>
my %past = ( 'cancel'   => 'cancelled',
             'expire'   => 'expired',
             'suspend'  => 'suspended',
             'adjourn'  => 'adjourned',
             'resume'   => 'scheduled to resume',
             'uncancel' => 'un-cancelled',
           );
#i'm sure this is false laziness with somewhere, at least w/misc/cancel_pkg.html
my %right = ( 'cancel'   => 'Cancel customer package immediately',
              'expire'   => 'Cancel customer package later',
              'suspend'  => 'Suspend customer package',
              'adjourn'  => 'Suspend customer package later',
              'resume'   => 'Unsuspend customer package', #later?
              'uncancel' => 'Un-cancel customer package',
            );
</%once>
<%init>
#untaint method
my $method = $cgi->param('method');
$method =~ /^(cancel|expire|suspend|adjourn|resume|uncancel)$/
  or die "Illegal method";
$method = $1;
my $past_method = $past{$method};
die "access denied"
  unless $FS::CurrentUser::CurrentUser->access_right($right{$method});
#untaint pkgnum
my $pkgnum = $cgi->param('pkgnum');
$pkgnum =~ /^(\d+)$/ or die "Illegal pkgnum";
$pkgnum = $1;
my $date = time;
if ($method eq 'expire' || $method eq 'adjourn' || $method eq 'resume') {
  #untaint date
  $date = $cgi->param('date'); #huh?
  parse_datetime($cgi->param('date')) =~ /^(\d+)$/ or die "Illegal date";
  $date = $1;
  $method = 'cancel'    if $method eq 'expire';
  $method = 'suspend'   if $method eq 'adjourn';
  $method = 'unsuspend' if $method eq 'resume';
}
my $resume_date = '';
my $options = '';
if ( $method eq 'suspend' ) { #or 'adjourn'
  $resume_date = parse_datetime($cgi->param('resume_date'))
    if $cgi->param('resume_date');
  $options = { map { $_ => scalar($cgi->param($_)) }
                 qw( suspend_bill no_suspend_bill )
             };
}
my $cust_pkg = qsearchs( 'cust_pkg', {'pkgnum'=>$pkgnum} );
#untaint reasonnum
my $reasonnum = $cgi->param('reasonnum');
if ( $method !~ /^(unsuspend|uncancel)$/ ) {
  $reasonnum =~ /^(-?\d+)$/ or die "Illegal reasonnum";
  $reasonnum = $1;
  if ($reasonnum == -1) {
    $reasonnum = {
      'typenum' => scalar( $cgi->param('newreasonnumT') ),
      'reason'  => scalar( $cgi->param('newreasonnum' ) ),
    };
  }
}
#for uncancel
my $last_bill =
  $cgi->param('last_bill') ? parse_datetime($cgi->param('last_bill')) : '';
my $bill =
  $cgi->param('bill')      ? parse_datetime($cgi->param('bill'))      : '';
my $svc_fatal = ( $cgi->param('svc_not_fatal') ne 'Y' );
my $error = $cust_pkg->$method( 'reason'      => $reasonnum,
                                'date'        => $date,
                                'resume_date' => $resume_date,
                                'last_bill'   => $last_bill,
                                'bill'        => $bill,
                                'svc_fatal'   => $svc_fatal,
                                'options'     => $options,
                              );
if ($error) {
  $cgi->param('error', $error);
  print $cgi->redirect(popurl(2). "cancel_pkg.html?". $cgi->query_string );
}
</%init>
 |