blob: 57e22b3459c3b9b51b4d09a4edb046c7ed4f2a9e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
<% include('/elements/header.html', 'Preferences for '. getotaker ) %>
<FORM METHOD="POST" NAME="pref_form" ACTION="pref-process.html">
<% include('/elements/error.html') %>
Change password (leave blank for no change)
<% ntable("#cccccc",2) %>
<TR>
<TH ALIGN="right">Current password: </TH>
<TD><INPUT TYPE="password" NAME="_password"></TD>
</TR>
<TR>
<TH ALIGN="right">New password: </TH>
<TD><INPUT TYPE="password" NAME="new_password"></TD>
</TR>
<TR>
<TH ALIGN="right">Re-enter new password: </TH>
<TD><INPUT TYPE="password" NAME="new_password2"></TD>
</TR>
</TABLE>
<BR>
Interface
<% ntable("#cccccc",2) %>
<TR>
<TH>Menu location: </TH>
<TD>
<INPUT TYPE="radio" NAME="menu_position" VALUE="left" onClick="document.images['menu_example'].src='../images/menu-left-example.png';" <% $menu_position eq 'left' ? ' CHECKED' : ''%>> Left<BR>
<INPUT TYPE="radio" NAME="menu_position" VALUE="top"onClick="document.images['menu_example'].src='../images/menu-top-example.png';" <% $menu_position eq 'top' ? ' CHECKED' : ''%>> Top <BR>
</TD>
<TD><IMG NAME="menu_example" SRC="../images/menu-<% $menu_position %>-example.png"></TD>
</TR>
</TABLE>
<BR>
Email Address
<% ntable("#cccccc",2) %>
<TR>
<TH>Email Address(es) (comma separated) </TH>
<TD>
<TD><INPUT TYPE="text" NAME="email_address" VALUE="<% $email_address %>">
</TD>
</TR>
</TABLE>
<BR>
Development
<% ntable("#cccccc",2) %>
<TR>
<TH>Show internal package numbers: </TH>
<TD><INPUT TYPE="checkbox" NAME="show_pkgnum" VALUE="1" <% $curuser->option('show_pkgnum') ? 'CHECKED' : '' %>></TD>
</TR>
<TR>
<TH>Show database profiling (when available): </TH>
<TD><INPUT TYPE="checkbox" NAME="show_db_profile" VALUE="1" <% $curuser->option('show_db_profile') ? 'CHECKED' : '' %>></TD>
</TR>
<TR>
<TH>Save database profiling logs (when available): </TH>
<TD><INPUT TYPE="checkbox" NAME="save_db_profile" VALUE="1" <% $curuser->option('save_db_profile') ? 'CHECKED' : '' %>></TD>
</TR>
</TABLE>
<BR>
Vonage integration (see <a href="https://secure.click2callu.com/">Click2Call</a>)
<% ntable("#cccccc",2) %>
<TR>
<TH ALIGN="right">Vonage phone number</TH>
<TD><INPUT TYPE="text" NAME="vonage-fromnumber" VALUE="<% $curuser->option('vonage-fromnumber') %>"></TD>
</TR>
<TR>
<TH ALIGN="right">Vonage username</TH>
<TD><INPUT TYPE="text" NAME="vonage-username" VALUE="<% $curuser->option('vonage-username') %>"></TD>
</TR>
<TR>
<TH ALIGN="right">Vonage password</TH>
<TD><INPUT TYPE="password" NAME="vonage-password" VALUE="<% $curuser->option('vonage-password') %>"></TD>
</TR>
</TABLE>
<BR>
% foreach my $prop (qw( height width availHeight availWidth colorDepth )) {
<INPUT TYPE="hidden" NAME="<% $prop %>" VALUE="">
<SCRIPT TYPE="text/javascript">
document.pref_form.<% $prop %>.value = screen.<% $prop %>;
</script>
% }
<INPUT TYPE="submit" VALUE="Update preferences">
<% include('/elements/footer.html') %>
<%init>
my $curuser = $FS::CurrentUser::CurrentUser;
# XSS via your own preferences? seems unlikely, but nice try anyway...
( $curuser->option('menu_position') || 'left' )
=~ /^(\w+)$/ or die "illegal menu_position";
my $menu_position = $1;
( $curuser->option('email_address') )
=~ /^([,\w\@.]*)$/ or die "illegal email_address"; #too late
my $email_address = $1;
</%init>
|