RT#8224: allow user to disable HTML editor

[freeside.git] / httemplate / pref / pref.html

<% include('/elements/header.html', 'Preferences for '. getotaker ) %>

<FORM METHOD="POST" NAME="pref_form" ACTION="pref-process.html">

<% include('/elements/error.html') %>


Change password (leave blank for no change)
<% ntable("#cccccc",2) %>

  <TR>
    <TH ALIGN="right">Current password: </TH>
    <TD><INPUT TYPE="password" NAME="_password"></TD>
  </TR>

  <TR>
    <TH ALIGN="right">New password: </TH>
    <TD><INPUT TYPE="password" NAME="new_password"></TD>
  </TR>

  <TR>
   <TH ALIGN="right">Re-enter new password: </TH>
   <TD><INPUT TYPE="password" NAME="new_password2"></TD>
  </TR>

</TABLE>
<BR>


Interface
<% ntable("#cccccc",2) %>

  <TR>
    <TH ALIGN="right">Menu location: </TH>
    <TD>
      <INPUT TYPE="radio" NAME="menu_position" VALUE="left" onClick="document.images['menu_example'].src='../images/menu-left-example.png';" <% $menu_position eq 'left' ? ' CHECKED' : ''%>> Left<BR>
      <INPUT TYPE="radio" NAME="menu_position" VALUE="top"onClick="document.images['menu_example'].src='../images/menu-top-example.png';" <% $menu_position eq 'top' ? ' CHECKED' : ''%>> Top <BR>
    </TD>
    <TD><IMG NAME="menu_example" SRC="../images/menu-<% $menu_position %>-example.png"></TD>
  </TR>

  <TR>
    <TH ALIGN="right">Default customer view: </TH>
    <TD COLSPAN=2>
      <SELECT NAME="default_customer_view">
%       foreach my $view ( keys %customer_views ) {
%         my $selected =
%           $customer_views{$view} eq $curuser->option('default_customer_view')
%             ? 'SELECTED'
%             : '';
          <OPTION VALUE="<%$customer_views{$view}%>" <%$selected%>><%$view%></OPTION>
%       }
      </SELECT>
    </TD>
  </TR>
  
  <TR>
    <TH ALIGN="right" COLSPAN=1>Disable HTML editor for customer notes: </TH>
    <TD ALIGN="left" COLSPAN=2>
      <INPUT TYPE="checkbox" NAME="disable_html_editor" VALUE="1" <% $curuser->option('disable_html_editor') ? 'CHECKED' : '' %>>
    </TD>
  </TR>

</TABLE>
<BR>


Email Address
<% ntable("#cccccc",2) %>

  <TR>
    <TH>Email Address(es) (comma separated) </TH>
    <TD>
   <TD><INPUT TYPE="text" NAME="email_address" VALUE="<% $email_address %>">
    </TD>
  </TR>

</TABLE>
<BR>


Development
<% ntable("#cccccc",2) %>

  <TR>
    <TH>Show internal package numbers: </TH>
    <TD><INPUT TYPE="checkbox" NAME="show_pkgnum" VALUE="1" <% $curuser->option('show_pkgnum') ? 'CHECKED' : '' %>></TD>
  </TR>
  <TR>
    <TH>Show config item counts: </TH>
    <TD><INPUT TYPE="checkbox" NAME="show_confitem_counts" VALUE="1" <% $curuser->option('show_confitem_counts') ? 'CHECKED' : '' %>></TD>
  </TR>
  <TR>
    <TH>Show export data on service view (when available): </TH>
    <TD><INPUT TYPE="checkbox" NAME="export_getsettings" VALUE="1" <% $curuser->option('export_getsettings') ? 'CHECKED' : '' %>></TD>
  </TR>
  <TR>
    <TH>Show database profiling (when available): </TH>
    <TD><INPUT TYPE="checkbox" NAME="show_db_profile" VALUE="1" <% $curuser->option('show_db_profile') ? 'CHECKED' : '' %>></TD>
  </TR>
  <TR>
    <TH>Save database profiling logs (when available): </TH>
    <TD><INPUT TYPE="checkbox" NAME="save_db_profile" VALUE="1" <% $curuser->option('save_db_profile') ? 'CHECKED' : '' %>></TD>
  </TR>

</TABLE>
<BR>

SNOM integration
<% ntable("#cccccc",2) %>

  <TR>
    <TH ALIGN="right">SNOM IP address</TH>
    <TD><INPUT TYPE="text" NAME="snom-ip" VALUE="<% $curuser->option('snom-ip') %>"></TD>
  </TR>

  <TR>
    <TH ALIGN="right">SNOM HTTP username (if necessary)</TH>
    <TD><INPUT TYPE="text" NAME="snom-username" VALUE="<% $curuser->option('snom-username') %>"></TD>
  </TR>

  <TR>
    <TH ALIGN="right">SNOM HTTP password (if necessary)</TH>
    <TD><INPUT TYPE="password" NAME="snom-password" VALUE="<% $curuser->option('snom-password') %>"></TD>
  </TR>

</TABLE>
<BR>

OR<BR><BR>

Vonage integration (see <a href="https://secure.click2callu.com/">Click2Call</a>)
<% ntable("#cccccc",2) %>

  <TR>
    <TH ALIGN="right">Vonage phone number</TH>
    <TD><INPUT TYPE="text" NAME="vonage-fromnumber" VALUE="<% $curuser->option('vonage-fromnumber') %>"></TD>
  </TR>

  <TR>
    <TH ALIGN="right">Vonage username</TH>
    <TD><INPUT TYPE="text" NAME="vonage-username" VALUE="<% $curuser->option('vonage-username') %>"></TD>
  </TR>

  <TR>
    <TH ALIGN="right">Vonage password</TH>
    <TD><INPUT TYPE="password" NAME="vonage-password" VALUE="<% $curuser->option('vonage-password') %>"></TD>
  </TR>

</TABLE>
<BR>


% foreach my $prop (qw( height width availHeight availWidth colorDepth )) {
  <INPUT TYPE="hidden" NAME="<% $prop %>" VALUE="">
  <SCRIPT TYPE="text/javascript">
  document.pref_form.<% $prop %>.value = screen.<% $prop %>;
  </script>
% }

<INPUT TYPE="submit" VALUE="Update preferences">

<% include('/elements/footer.html') %>
<%init>

my $curuser = $FS::CurrentUser::CurrentUser;

#false laziness w/view/cust_main.cgi and Conf.pm (cust_main-default_view)

tie my %customer_views, 'Tie::IxHash',
  'Basics'          => 'basics',
  'Notes'           => 'notes', #notes and files?
  'Tickets'         => 'tickets',
  'Packages'        => 'packages',
  'Payment History' => 'payment_history',
;
$customer_views{'Change History'} = 'change_history'
  if $curuser->access_right('View customer history');
$customer_views{'Jumbo'} = 'jumbo';

# XSS via your own preferences?  seems unlikely, but nice try anyway...
( $curuser->option('menu_position') || 'top' )
  =~ /^(\w+)$/ or die "illegal menu_position";
my $menu_position = $1;
( $curuser->option('email_address') )
  =~ /^([,\w\@.]*)$/ or die "illegal email_address";  #too late
my $email_address = $1;

</%init>