From d4cdc4db87f1b6a373398b7ab33e791bd0527dda Mon Sep 17 00:00:00 2001
From: Ivan Kohler <ivan@freeside.biz>
Date: Sun, 17 Nov 2013 17:10:06 -0800
Subject: [PATCH] don't redirect to a GET with sensitive data, RT#26099

---
 FS/FS/Record.pm                              |  4 ++--
 FS/bin/freeside-queued                       |  3 +++
 httemplate/edit/cust_main.cgi                |  1 +
 httemplate/edit/process/cust_main.cgi        |  4 ++--
 httemplate/elements/create_uri_query         | 21 +++++++++++++++++++--
 httemplate/elements/searchbar-cust_main.html |  2 +-
 6 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/FS/FS/Record.pm b/FS/FS/Record.pm
index 05deaef1e..493734729 100644
--- a/FS/FS/Record.pm
+++ b/FS/FS/Record.pm
@@ -1251,7 +1251,7 @@ sub insert {
   }
 
   my $h_sth;
-  if ( defined dbdef->table('h_'. $table) ) {
+  if ( defined( dbdef->table('h_'. $table) ) && ! $no_history ) {
     my $h_statement = $self->_h_statement('insert');
     warn "[debug]$me $h_statement\n" if $DEBUG > 2;
     $h_sth = dbh->prepare($h_statement) or do {
@@ -3004,7 +3004,7 @@ You should generally not have to worry about calling this, as the system handles
 
 sub encrypt {
   my ($self, $value) = @_;
-  my $encrypted;
+  my $encrypted = $value;
 
   if ($conf->exists('encryption')) {
     if ($self->is_encrypted($value)) {
diff --git a/FS/bin/freeside-queued b/FS/bin/freeside-queued
index 5eac06b24..f1a87cac9 100644
--- a/FS/bin/freeside-queued
+++ b/FS/bin/freeside-queued
@@ -12,6 +12,7 @@ use FS::Record qw(qsearch);
 use FS::queue;
 use FS::queue_depend;
 use FS::Log;
+use FS::Cron::expire_user_pref qw( expire_user_pref );
 
 # no autoloading for non-FS classes...
 use Net::SSH 0.07;
@@ -66,6 +67,7 @@ while (1) {
   if ( $kids >= $max_kids ) {
     warn "WARNING: maximum $kids children reached\n" unless $warnkids++;
     &reap_kids;
+    expire_user_pref() unless $warnkids % 10;
     sleep 1; #waiting for signals is cheap
     next;
   }
@@ -131,6 +133,7 @@ while (1) {
       undef $FS::UID::dbh;
       next;
     };
+    expire_user_pref();
     sleep $sleep_time;
     next;
   }
diff --git a/httemplate/edit/cust_main.cgi b/httemplate/edit/cust_main.cgi
index 8a3d6f918..480047cae 100755
--- a/httemplate/edit/cust_main.cgi
+++ b/httemplate/edit/cust_main.cgi
@@ -203,6 +203,7 @@ my $prospectnum = '';
 my $locationnum = '';
 my $same = '';
 
+$m->comp('/elements/handle_uri_query', 'secure'=>1);
 
 if ( $cgi->param('error') ) {
 
diff --git a/httemplate/edit/process/cust_main.cgi b/httemplate/edit/process/cust_main.cgi
index ff8be1a71..4fb8f622d 100755
--- a/httemplate/edit/process/cust_main.cgi
+++ b/httemplate/edit/process/cust_main.cgi
@@ -1,7 +1,7 @@
 % if ( $error ) {
 %   $cgi->param('error', $error);
-%
-<% $cgi->redirect(popurl(2). "cust_main.cgi?". $cgi->query_string ) %>
+%   my $query = $m->scomp('/elements/create_uri_query', 'secure'=>1);
+<% $cgi->redirect(popurl(2). "cust_main.cgi?$query" ) %>
 %
 % } else { 
 %
diff --git a/httemplate/elements/create_uri_query b/httemplate/elements/create_uri_query
index 32d8e2f87..ce6249e0e 100644
--- a/httemplate/elements/create_uri_query
+++ b/httemplate/elements/create_uri_query
@@ -1,17 +1,34 @@
 <% $query %>\
 <%init>
 
+my %opt = @_;
+
+if ( $opt{secure} ) {
+
+  foreach my $param (grep /pay(info\d?|cvv)$/, $cgi->param) {
+    my $value = $cgi->param($param);
+    next unless length($value);
+    my $encrypted = FS::Record->encrypt( $value );
+    $cgi->param($param, $encrypted);
+  }
+
+}
+
 my $query = $cgi->query_string;
 
-if ( length($query) > 1920 ) { #stupid IE 2083 URL limit
+if ( length($query) > 1920 || $opt{secure} ) { #stupid IE 2083 URL limit
 
   my $session = int(rand(4294967296)); #XXX
   my $pref = new FS::access_user_pref({
     'usernum'    => $FS::CurrentUser::CurrentUser->usernum,
     'prefname'   => "redirect$session",
     'prefvalue'  => $query,
-    'expiration' => time + 3600, #1h?  1m?
+    'expiration' => time + ( $opt{secure} ? 120  #2m?
+                                          : 3600 #1h?
+                           ),
   });
+  local($FS::Record::no_history) = 1;
+
   my $pref_error = $pref->insert;
   if ( $pref_error ) {
     die "FATAL: couldn't even set redirect cookie: $pref_error".
diff --git a/httemplate/elements/searchbar-cust_main.html b/httemplate/elements/searchbar-cust_main.html
index 9a98417c8..5bfef484a 100644
--- a/httemplate/elements/searchbar-cust_main.html
+++ b/httemplate/elements/searchbar-cust_main.html
@@ -1,6 +1,6 @@
 % if ( $curuser->access_right('List customers') ) {
 
-  <FORM ACTION="<%$fsurl%>search/cust_main.cgi" METHOD="GET" STYLE="margin:0">
+  <FORM ACTION="<%$fsurl%>search/cust_main.cgi" METHOD="POST" STYLE="margin:0">
     <INPUT NAME="search_cust" TYPE="text" VALUE="<% $cust_label |n %>" STYLE="width:<%$width%>" onFocus="clearhint_search_cust(this);" onClick="clearhint_search_cust(this);" CLASS="fstext"><BR>
     <A HREF="<%$fsurl%>search/report_cust_main.html" CLASS="fslink" STYLE="font-size: 11px"><% mt('Advanced') |h %></A>
     <INPUT TYPE="submit" VALUE="<% mt('Search customers') |h %>" CLASS="fsblackbutton" onMouseOver="this.className='fsblackbuttonselected'; return true;" onMouseOut="this.className='fsblackbutton'; return true;" STYLE="font-size:11px">
-- 
2.11.0