X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=httemplate%2Felements%2Fcreate_uri_query;h=4d360b25541665863304ad6933a03d366ef1063b;hp=32d8e2f87b913d76caa848f8ecbff00d4739aa25;hb=8f47a838311c8bdc7823bdb9bbf0859e59d4a8c6;hpb=02a6bfc2dba1a1f9c1efcd7d7da258b33be76d30 diff --git a/httemplate/elements/create_uri_query b/httemplate/elements/create_uri_query index 32d8e2f87..4d360b255 100644 --- a/httemplate/elements/create_uri_query +++ b/httemplate/elements/create_uri_query @@ -1,17 +1,55 @@ +<%doc> + +Instead of: + + my $link = $self_url. '?'. $cgi->query_string; + +which will fail when the query string exceeds ~2k (browser-dependent) + + +Usage: + + my $query = $m->scomp('/elements/create_uri_query'); + my $link = $self_url. '?'. $query; + +You can also pass an optional 'secure'=>1 parameter to force handling as +session data, even for short query strings. + + +See also handle_uri_query which needs to be used by the target page. + + <% $query %>\ <%init> -my $query = $cgi->query_string; +my %opt = @_; + +if ( $opt{secure} ) { + + foreach my $param (grep /pay(info\d?|cvv)$/, $cgi->param) { + my $value = $cgi->param($param); + next unless length($value); + my $encrypted = FS::Record->encrypt( $value ); + $cgi->param($param, $encrypted); + } + +} + +my $query = $opt{query} || $cgi->query_string; -if ( length($query) > 1920 ) { #stupid IE 2083 URL limit +if ( length($query) > 1920 || $opt{secure} ) { #stupid IE 2083 URL limit my $session = int(rand(4294967296)); #XXX my $pref = new FS::access_user_pref({ 'usernum' => $FS::CurrentUser::CurrentUser->usernum, 'prefname' => "redirect$session", 'prefvalue' => $query, - 'expiration' => time + 3600, #1h? 1m? + 'expiration' => time + ( $opt{secure} ? 120 #2m? + : 3600 #1h? + ), }); + local($FS::Record::no_history) = 1; + my $pref_error = $pref->insert; if ( $pref_error ) { die "FATAL: couldn't even set redirect cookie: $pref_error".