allow - in user pref email, RT#30664

[freeside.git] / httemplate / pref / pref.html

<% include('/elements/header.html', 'Preferences for '. $FS::CurrentUser::CurrentUser->username ) %>

<FORM METHOD="POST" NAME="pref_form" ACTION="pref-process.html">

<% include('/elements/error.html') %>

% if ( FS::Auth->auth_class->can('change_password') ) {

    <% mt('Change password (leave blank for no change)') |h %>
    <% ntable("#cccccc",2) %>

      <TR>
        <TH ALIGN="right">Current password: </TH>
        <TD><INPUT TYPE="password" NAME="_password"></TD>
      </TR>

      <TR>
        <TH ALIGN="right">New password: </TH>
        <TD><INPUT TYPE="password" NAME="new_password"></TD>
      </TR>

      <TR>
       <TH ALIGN="right">Re-enter new password: </TH>
       <TD><INPUT TYPE="password" NAME="new_password2"></TD>
      </TR>

    </TABLE>
    <BR>

% }

Interface
<% ntable("#cccccc",2) %>

  <TR>
    <TH ALIGN="right">Locale: </TH>
    <TD COLSPAN=2>
      <SELECT NAME="locale">
%       foreach my $locale ( FS::Locales->locales ) {
%         my %info = FS::Locales->locale_info($locale);
%         my $selected = ($locale eq $curuser->option('locale'))
%                          ? 'SELECTED' : '';
          <OPTION VALUE="<% $locale %>" <%$selected%>><% $info{name} %> (<% $info{country} %>)
%       }
      </SELECT>
    </TD>
  </TR>

  <TR>
    <TH ALIGN="right">Menu location: </TH>
    <TD>
      <INPUT TYPE="radio" NAME="menu_position" VALUE="left" onClick="document.images['menu_example'].src='../images/menu-left-example.png';" <% $menu_position eq 'left' ? ' CHECKED' : ''%>> Left<BR>
      <INPUT TYPE="radio" NAME="menu_position" VALUE="top"onClick="document.images['menu_example'].src='../images/menu-top-example.png';" <% $menu_position eq 'top' ? ' CHECKED' : ''%>> Top <BR>
    </TD>
    <TD><IMG NAME="menu_example" SRC="../images/menu-<% $menu_position %>-example.png"></TD>
  </TR>

  <TR>
    <TH ALIGN="right">Enable mobile-friendly menu: </TH>
    <TD COLSPAN=2>
      <INPUT TYPE="checkbox" NAME="mobile_menu" VALUE="Y"
<% $curuser->option('mobile_menu') ? 'CHECKED' : '' %>>
    </TD>
  </TR>
 
  <TR>
    <TH ALIGN="right">Default customer view: </TH>
    <TD COLSPAN=2>
      <SELECT NAME="default_customer_view">
%       foreach my $view ( keys %customer_views ) {
%         my $selected =
%           $customer_views{$view} eq $curuser->option('default_customer_view')
%             ? 'SELECTED'
%             : '';
          <OPTION VALUE="<%$customer_views{$view}%>" <%$selected%>><%$view%></OPTION>
%       }
      </SELECT>
    </TD>
  </TR>

  <TR>
    <TH ALIGN="right">Hide package changes: </TH>
    <TD COLSPAN=2>
    <& /elements/select.html,
      field   => 'hide_package_changes',
      options => [ '', 'location', 'all' ],
      labels  => { ''         => 'never',
                   'location' => 'location changes',
                   'all'      => 'all package changes',
                 },
      curr_value => ($cgi->param('hide_package_changes') 
                      || $curuser->option('hide_package_changes')),
    &>
    </TD>
  </TR>

% my $history_order = $curuser->option('history_order') || 'oldest';
  <TR>
    <TH ALIGN="right">Customer history sort order: </TH>
    <TD COLSPAN=2>
      <& /elements/select.html,
        field       => 'history_order',
        curr_value  => $history_order,
        options     => [ 'oldest', 'newest' ],
        labels      => { 'oldest' => 'Oldest first',
                         'newest' => 'Newest first',
                       },
      &>
    </TD>
  </TR>
  
  <TR>
    <TH ALIGN="right">Spreadsheet download format: </TH>
    <TD COLSPAN=2>
      <SELECT NAME="spreadsheet_format">
%       my $xls =  $curuser->option('spreadsheet_format') eq 'XLS';
%       my $xlsx = $curuser->option('spreadsheet_format') eq 'XLSX';
        <OPTION VALUE=""></OPTION>
        <OPTION VALUE="XLS"<%  $xls ? 'SELECTED' : '' %>>XLS (Excel 97/2000/XP)
        </OPTION>
        <OPTION VALUE="XLSX"<% $xlsx ? 'SELECTED' : ''%>>XLSX (Excel 2007+)
        </OPTION>
      </SELECT>
    </TD>
  </TR>

% if ( FS::Conf->new->exists('enable_fuzzy_on_exact') ) {

  <INPUT TYPE="hidden" NAME="enable_fuzzy_on_exact" VALUE="<% $curuser->option('enable_fuzzy_on_exact') ? 1 : 0 %>">

% } else {

 <TR>
    <TH ALIGN="right" COLSPAN=1>Enable approximate customer searching <BR>even when an exact match is found: </TH>
    <TD ALIGN="left" COLSPAN=2>
      <INPUT TYPE="checkbox" NAME="enable_fuzzy_on_exact" VALUE="1" <% $curuser->option('enable_fuzzy_on_exact') ? 'CHECKED' : '' %>>
    </TD>
  </TR>

% }

  <TR>
    <TH ALIGN="right" COLSPAN=1>Disable HTML editor for customer notes: </TH>
    <TD ALIGN="left" COLSPAN=2>
      <INPUT TYPE="checkbox" NAME="disable_html_editor" VALUE="1" <% $curuser->option('disable_html_editor') ? 'CHECKED' : '' %>>
    </TD>
  </TR>

  <TR>
    <TH ALIGN="right" COLSPAN=1>Disable submission on [Enter] key - one-time charges: </TH>
    <TD ALIGN="left" COLSPAN=2>
      <INPUT TYPE="checkbox" NAME="disable_enter_submit_onetimecharge" VALUE="1" <% $curuser->option('disable_enter_submit_onetimecharge') ? 'CHECKED' : '' %>>
    </TD>
  </TR>

  <TR>
    <TH ALIGN="right">Don't copy MAC address delimiters to clipboard</TH>
    <TD ALIGN="left" COLSPAN=2>
      <INPUT TYPE="checkbox" NAME="enable_mask_clipboard_hack" VALUE="1" <% $curuser->option('enable_mask_clipboard_hack') ? 'CHECKED' : '' %>>
    </TD>
  </TR>

  <TR>
    <TH ALIGN="right">How many recently-modified customers displayed on dashboard</TH>
    <TD ALIGN="left" COLSPAN=2>
      <INPUT TYPE="text" NAME="dashboard_customers" VALUE="<% $curuser->option('dashboard_customers') %>"></TD>
    </TD>
  </TR>

</TABLE>
<BR>


Email Address
<% ntable("#cccccc",2) %>

  <TR>
    <TH>Email Address(es) (comma separated) </TH>
    <TD>
   <TD><INPUT TYPE="text" NAME="email_address" VALUE="<% $email_address %>">
    </TD>
  </TR>

</TABLE>
<BR>


Development
<% ntable("#cccccc",2) %>

  <TR>
    <TH>Show customer package timestamps: </TH>
    <TD><INPUT TYPE="checkbox" NAME="cust_pkg-display_times" VALUE="1" <% $curuser->option('cust_pkg-display_times') ? 'CHECKED' : '' %>></TD>
  </TR>
  <TR>
    <TH>Show internal package numbers: </TH>
    <TD><INPUT TYPE="checkbox" NAME="show_pkgnum" VALUE="1" <% $curuser->option('show_pkgnum') ? 'CHECKED' : '' %>></TD>
  </TR>
  <TR>
    <TH>Show config item counts: </TH>
    <TD><INPUT TYPE="checkbox" NAME="show_confitem_counts" VALUE="1" <% $curuser->option('show_confitem_counts') ? 'CHECKED' : '' %>></TD>
  </TR>
  <TR>
    <TH>Show export data on service view (when available): </TH>
    <TD><INPUT TYPE="checkbox" NAME="export_getsettings" VALUE="1" <% $curuser->option('export_getsettings') ? 'CHECKED' : '' %>></TD>
  </TR>
  <TR>
    <TH>Show database profiling (when available): </TH>
    <TD><INPUT TYPE="checkbox" NAME="show_db_profile" VALUE="1" <% $curuser->option('show_db_profile') ? 'CHECKED' : '' %>></TD>
  </TR>
  <TR>
    <TH>Save database profiling logs (when available): </TH>
    <TD><INPUT TYPE="checkbox" NAME="save_db_profile" VALUE="1" <% $curuser->option('save_db_profile') ? 'CHECKED' : '' %>></TD>
  </TR>
  <TR>
    <TH>Save temporary invoice typesetting files: </TH>
    <TD><INPUT TYPE="checkbox" NAME="save_tmp_typesetting" VALUE="1" <% $curuser->option('save_tmp_typesetting') ? 'CHECKED' : '' %>></TD>
  </TR>

</TABLE>
<BR>

SNOM integration
<% ntable("#cccccc",2) %>

  <TR>
    <TH ALIGN="right">SNOM IP address</TH>
    <TD><INPUT TYPE="text" NAME="snom-ip" VALUE="<% $curuser->option('snom-ip') %>"></TD>
  </TR>

  <TR>
    <TH ALIGN="right">SNOM HTTP username (if necessary)</TH>
    <TD><INPUT TYPE="text" NAME="snom-username" VALUE="<% $curuser->option('snom-username') %>"></TD>
  </TR>

  <TR>
    <TH ALIGN="right">SNOM HTTP password (if necessary)</TH>
    <TD><INPUT TYPE="password" NAME="snom-password" VALUE="<% $curuser->option('snom-password') %>"></TD>
  </TR>

</TABLE>
<BR>

OR<BR><BR>

Vonage integration (see <a href="https://secure.click2callu.com/">Click2Call</a>)
<% ntable("#cccccc",2) %>

  <TR>
    <TH ALIGN="right">Vonage phone number</TH>
    <TD><INPUT TYPE="text" NAME="vonage-fromnumber" VALUE="<% $curuser->option('vonage-fromnumber') %>"></TD>
  </TR>

  <TR>
    <TH ALIGN="right">Vonage username</TH>
    <TD><INPUT TYPE="text" NAME="vonage-username" VALUE="<% $curuser->option('vonage-username') %>"></TD>
  </TR>

  <TR>
    <TH ALIGN="right">Vonage password</TH>
    <TD><INPUT TYPE="password" NAME="vonage-password" VALUE="<% $curuser->option('vonage-password') %>"></TD>
  </TR>

</TABLE>
<BR>


% foreach my $prop (qw( height width availHeight availWidth colorDepth )) {
  <INPUT TYPE="hidden" NAME="<% $prop %>" VALUE="">
  <SCRIPT TYPE="text/javascript">
  document.pref_form.<% $prop %>.value = screen.<% $prop %>;
  </script>
% }

<INPUT TYPE="submit" VALUE="Update preferences">

<% include('/elements/footer.html') %>
<%init>

my $curuser = $FS::CurrentUser::CurrentUser;

#false laziness w/view/cust_main.cgi and Conf.pm (cust_main-default_view)

tie my %customer_views, 'Tie::IxHash',
  'Basics'          => 'basics',
  'Notes'           => 'notes', #notes and files?
  'Tickets'         => 'tickets',
  'Packages'        => 'packages',
  'Payment History' => 'payment_history',
;
$customer_views{'Change History'} = 'change_history'
  if $curuser->access_right('View customer history');
$customer_views{'Jumbo'} = 'jumbo';

# XSS via your own preferences?  seems unlikely, but nice try anyway...
( $curuser->option('menu_position') || 'top' )
  =~ /^(\w+)$/ or die "illegal menu_position";
my $menu_position = $1;
( $curuser->option('email_address') )
  =~ /^([,\w\@.\-]*)$/ or die "illegal email_address";  #too late
my $email_address = $1;

</%init>