projects
/
freeside.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
f402899
)
untaint template source
author
ivan
<ivan>
Thu, 24 Aug 2000 07:26:50 +0000
(07:26 +0000)
committer
ivan
<ivan>
Thu, 24 Aug 2000 07:26:50 +0000
(07:26 +0000)
TODO
patch
|
blob
|
history
fs_signup/FS-SignupClient/cgi/signup.cgi
patch
|
blob
|
history
diff --git
a/TODO
b/TODO
index
f95014b
..
7241c49
100644
(file)
--- a/
TODO
+++ b/
TODO
@@
-1,4
+1,4
@@
-$Id: TODO,v 1.
49 2000-08-09 11:30:4
0 ivan Exp $
+$Id: TODO,v 1.
50 2000-08-24 07:26:5
0 ivan Exp $
If you are interested in helping with any of these, please join the
*development* mailing list (send a blank message to
If you are interested in helping with any of these, please join the
*development* mailing list (send a blank message to
@@
-6,6
+6,9
@@
ivan-freeside-devel-subscribe@sisd.com) to avoid duplication of effort.
---
---
+"first package" and email invoice (?) not sticky on errors in new/edit customer
+screen.
+
http://www.ipmeter.com/ integration would be useful
http://tangram.sourceforge.net/
http://www.ipmeter.com/ integration would be useful
http://tangram.sourceforge.net/
diff --git
a/fs_signup/FS-SignupClient/cgi/signup.cgi
b/fs_signup/FS-SignupClient/cgi/signup.cgi
index
839ad33
..
7576b8b
100755
(executable)
--- a/
fs_signup/FS-SignupClient/cgi/signup.cgi
+++ b/
fs_signup/FS-SignupClient/cgi/signup.cgi
@@
-1,6
+1,6
@@
#!/usr/bin/perl -Tw
#
#!/usr/bin/perl -Tw
#
-# $Id: signup.cgi,v 1.
7 2000-05-10 23:57:57
ivan Exp $
+# $Id: signup.cgi,v 1.
8 2000-08-24 07:26:50
ivan Exp $
use strict;
use vars qw( @payby $cgi $locales $packages $pops $r $error
use strict;
use vars qw( @payby $cgi $locales $packages $pops $r $error
@@
-29,14
+29,22
@@
$ieak_file = '/usr/local/freeside/ieak.template';
$cck_file = '/usr/local/freeside/cck.template';
if ( -e $ieak_file ) {
$cck_file = '/usr/local/freeside/cck.template';
if ( -e $ieak_file ) {
- $ieak_template = new Text::Template ( TYPE => 'FILE', SOURCE => $ieak_file )
- or die "Couldn't construct template: $Text::Template::ERROR";
+ my $ieak_txt = Text::Template::_load_text($ieak_file)
+ or die $Text::Template::ERROR;
+ $ieak_txt =~ /^(.*)$/s; #untaint the template source - it's trusted
+ $ieak_txt = $1;
+ $ieak_template = new Text::Template ( TYPE => 'STRING', SOURCE => $ieak_txt )
+ or die $Text::Template::ERROR;
} else {
$ieak_template = '';
}
if ( -e $cck_file ) {
} else {
$ieak_template = '';
}
if ( -e $cck_file ) {
- $cck_template = new Text::Template ( TYPE => 'FILE', SOURCE => $cck_file )
- or die "Couldn't construct template: $Text::Template::ERROR";
+ my $cck_txt = Text::Template::_load_text($cck_file)
+ or die $Text::Template::ERROR;
+ $cck_txt =~ /^(.*)$/s; #untaint the template source - it's trusted
+ $cck_txt = $1;
+ $cck_template = new Text::Template ( TYPE => 'STRING', SOURCE => $cck_txt )
+ or die $Text::Template::ERROR;
} else {
$cck_template = '';
}
} else {
$cck_template = '';
}