1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
<% header(emt("Package $past_method")) %>
<SCRIPT TYPE="text/javascript">
window.top.location.reload();
</SCRIPT>
</BODY>
</HTML>
<%once>
my %past = ( 'cancel' => 'cancelled',
'expire' => 'expired',
'suspend' => 'suspended',
'adjourn' => 'adjourned',
'resume' => 'scheduled to resume',
);
#i'm sure this is false laziness with somewhere, at least w/misc/cancel_pkg.html
my %right = ( 'cancel' => 'Cancel customer package immediately',
'expire' => 'Cancel customer package later',
'suspend' => 'Suspend customer package',
'adjourn' => 'Suspend customer package later',
'resume' => 'Unsuspend customer package', #later?
);
</%once>
<%init>
#untaint method
my $method = $cgi->param('method');
$method =~ /^(cancel|expire|suspend|adjourn|resume)$/ or die "Illegal method";
$method = $1;
my $past_method = $past{$method};
die "access denied"
unless $FS::CurrentUser::CurrentUser->access_right($right{$method});
#untaint pkgnum
my $pkgnum = $cgi->param('pkgnum');
$pkgnum =~ /^(\d+)$/ or die "Illegal pkgnum";
$pkgnum = $1;
my $date = time;
if ($method eq 'expire' || $method eq 'adjourn' || $method eq 'resume'){
#untaint date
$date = $cgi->param('date'); #huh?
parse_datetime($cgi->param('date')) =~ /^(\d+)$/ or die "Illegal date";
$date = $1;
$method = 'cancel' if $method eq 'expire';
$method = 'suspend' if $method eq 'adjourn';
$method = 'unsuspend' if $method eq 'resume';
}
my $resume_date = '';
my $options = '';
if ( $method eq 'suspend' ) { #or 'adjourn'
$resume_date = parse_datetime($cgi->param('resume_date'))
if $cgi->param('resume_date');
$options = { map scalar($cgi->param($_)),
suspend_bill no_suspend_bill
};
}
my $cust_pkg = qsearchs( 'cust_pkg', {'pkgnum'=>$pkgnum} );
#untaint reasonnum
my $reasonnum = $cgi->param('reasonnum');
if ( $method ne 'unsuspend' ) { #i.e. 'resume'
$reasonnum =~ /^(-?\d+)$/ or die "Illegal reasonnum";
$reasonnum = $1;
if ($reasonnum == -1) {
$reasonnum = {
'typenum' => scalar( $cgi->param('newreasonnumT') ),
'reason' => scalar( $cgi->param('newreasonnum' ) ),
};
}
}
my $error = $cust_pkg->$method( 'reason' => $reasonnum,
'date' => $date,
'resume_date' => $resume_date,
'options' => $options,
);
if ($error) {
$cgi->param('error', $error);
print $cgi->redirect(popurl(2). "cancel_pkg.html?". $cgi->query_string );
}
</%init>
|
