X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fconfig%2Fconfig-process.cgi;h=3e49b4f992458fdee80368bdd6e68034a5988834;hb=fbfffdabe931d704aae420984058e61dc4196b01;hp=50f0d34ff095eff97ef9a3b999638d3a82903d8a;hpb=a4c96748eb6eab29a70f3a944c6520283a635c78;p=freeside.git

diff --git a/httemplate/config/config-process.cgi b/httemplate/config/config-process.cgi
index 50f0d34ff..3e49b4f99 100644
--- a/httemplate/config/config-process.cgi
+++ b/httemplate/config/config-process.cgi
@@ -1,45 +1,70 @@
-<%
-  my $conf = new FS::Conf;
-  $FS::Conf::DEBUG = 1;
-  my @config_items = $conf->config_items;
+<%init>
+die "access denied\n"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
 
-  foreach my $i ( @config_items ) {
-    my @touch = ();
-    my @delete = ();
-    my $n = 0;
-    foreach my $type ( ref($i->type) ? @{$i->type} : $i->type ) {
-      if ( $type eq '' ) {
-      } elsif ( $type eq 'textarea' ) {
-        if ( $cgi->param($i->key. $n) ne '' ) {
-          my $value = $cgi->param($i->key. $n);
-          $value =~ s/\r\n/\n/g; #browsers?
-          $conf->set($i->key, $value);
-        } else {
-          $conf->delete($i->key);
+# errant GET/POST protection
+my $Vars = scalar($cgi->Vars);
+my $num_Vars = scalar(keys %$Vars);
+die "only received $num_Vars params; errant or truncated GET/POST?".
+    "  aborting - not updating config\n"
+  unless $num_Vars > 100;
+
+my $conf = new FS::Conf;
+$FS::Conf::DEBUG = 1;
+my @config_items = $conf->config_items;
+
+foreach my $i ( @config_items ) {
+  my @touch = ();
+  my @delete = ();
+  my $n = 0;
+  foreach my $type ( ref($i->type) ? @{$i->type} : $i->type ) {
+    if ( $type eq '' ) {
+    } elsif ( $type eq 'textarea' ) {
+      if ( $cgi->param($i->key. $n) ne '' ) {
+        my $value = $cgi->param($i->key. $n);
+        $value =~ s/\r\n/\n/g; #browsers?
+        $conf->set($i->key, $value);
+      } else {
+        $conf->delete($i->key);
+      }
+    } elsif ( $type eq 'binary' ) {
+      if ( defined($cgi->param($i->key. $n)) && $cgi->param($i->key. $n) ) {
+        my $fh = $cgi->upload($i->key. $n);
+        if (defined($fh)) {
+          local $/;
+          $conf->set_binary($i->key, <$fh>);
         }
-      } elsif ( $type eq 'checkbox' ) {
+      }else{
+        warn "Condition failed for " . $i->key;
+      }
+    } elsif ( $type eq 'checkbox' ) {
 #        if ( defined($cgi->param($i->key. $n)) && $cgi->param($i->key. $n) ) {
-        if ( defined $cgi->param($i->key. $n) ) {
-          #$conf->touch($i->key);
-          push @touch, $i->key;
-        } else {
-          #$conf->delete($i->key);
-          push @delete, $i->key;
-        }
-      } elsif ( $type eq 'text' )  {
-        if ( $cgi->param($i->key. $n) ne '' ) {
-          $conf->set($i->key, $cgi->param($i->key. $n));
-        } else {
-          $conf->delete($i->key);
-        }
+      if ( defined $cgi->param($i->key. $n) ) {
+        #$conf->touch($i->key);
+        push @touch, $i->key;
+      } else {
+        #$conf->delete($i->key);
+        push @delete, $i->key;
+      }
+    } elsif ( $type eq 'text' || $type eq 'select' || $type eq 'select-sub' )  {
+      if ( $cgi->param($i->key. $n) ne '' ) {
+        $conf->set($i->key, $cgi->param($i->key. $n));
       } else {
+        $conf->delete($i->key);
       }
-      $n++;
+    } elsif ( $type eq 'editlist' || $type eq 'selectmultiple' )  {
+      if ( scalar(@{[ $cgi->param($i->key. $n) ]}) ) {
+        $conf->set($i->key, join("\n", @{[ $cgi->param($i->key. $n) ]} ));
+      } else {
+        $conf->delete($i->key);
+      }
+    } else {
     }
-   # warn @touch;
-    $conf->touch($_) foreach @touch;
-    $conf->delete($_) foreach @delete;
+    $n++;
   }
-
-%>
-<%= $cgi->redirect("config-view.cgi") %>
+ # warn @touch;
+  $conf->touch($_) foreach @touch;
+  $conf->delete($_) foreach @delete;
+}
+</%init>
+<% $cgi->redirect("config-view.cgi") %>