From f4b93f8790be61c976cb3a9236753a65d97f661e Mon Sep 17 00:00:00 2001 From: ivan Date: Sun, 10 Oct 2010 20:52:38 +0000 Subject: [PATCH] simple protection against selecting and using package add-ons that point to the same package. (still need to detect and break more complex self-referential loops) --- FS/FS/part_pkg.pm | 2 ++ httemplate/edit/elements/edit.html | 6 +++++- httemplate/edit/part_pkg.cgi | 14 ++++++++++++++ 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/FS/FS/part_pkg.pm b/FS/FS/part_pkg.pm index ec88e1b2d..130bd8647 100644 --- a/FS/FS/part_pkg.pm +++ b/FS/FS/part_pkg.pm @@ -907,6 +907,8 @@ sub _part_pkg_link { qsearch({ table => 'part_pkg_link', hashref => { 'src_pkgpart' => $self->pkgpart, 'link_type' => $type, + #protection against infinite recursive links + 'dst_pkgpart' => { op=>'!=', $self->pkgpart }, }, order_by => "ORDER BY hidden", }); diff --git a/httemplate/edit/elements/edit.html b/httemplate/edit/elements/edit.html index f44dc949b..8d9f9e98b 100644 --- a/httemplate/edit/elements/edit.html +++ b/httemplate/edit/elements/edit.html @@ -290,7 +290,11 @@ Example: % % #select-table % $include_common{$_} = $f->{$_} -% foreach grep exists($f->{$_}), qw( value_col extra_sql ); +% foreach grep exists($f->{$_}), qw( value_col ); +% $include_common{$_} = ref( $f->{$_} ) eq 'CODE' +% ? &{ $f->{$_} }( $cgi, $object ) #, $f ) +% : $f->{$_} +% foreach grep exists($f->{$_}), qw( extra_sql ); % % #select-table, checkboxes-table % $include_common{$_} = $f->{$_} diff --git a/httemplate/edit/part_pkg.cgi b/httemplate/edit/part_pkg.cgi index 52f70c5cb..883630f0a 100755 --- a/httemplate/edit/part_pkg.cgi +++ b/httemplate/edit/part_pkg.cgi @@ -194,6 +194,10 @@ }, { 'field' => 'bill_dst_pkgpart', 'type' => 'select-part_pkg', + 'extra_sql' => sub { $pkgpart + ? "AND pkgpart != $pkgpart" + : '' + }, 'm2_label' => 'Include line item(s) from package', 'm2m_method' => 'bill_part_pkg_link', 'm2m_dstcol' => 'dst_pkgpart', @@ -216,6 +220,10 @@ { 'field' => 'svc_dst_pkgpart', 'label' => 'Also include services from package: ', 'type' => 'select-part_pkg', + 'extra_sql' => sub { $pkgpart + ? "AND pkgpart != $pkgpart" + : '' + }, 'm2_label' => 'Include services of package: ', 'm2m_method' => 'svc_part_pkg_link', 'm2m_dstcol' => 'dst_pkgpart', @@ -292,6 +300,8 @@ my @taxproductnums = ( qw( setup recur ), sort (keys %taxproductnums) ); my %options = (); my $recur_disabled = 1; +my $pkgpart = ''; + my $error_callback = sub { my($cgi, $object, $fields, $opt ) = @_; @@ -325,6 +335,8 @@ my $error_callback = sub { $object->set($_ => scalar($cgi->param($_)) ) foreach (qw( setup_fee recur_fee )); + $pkgpart = $object->pkgpart; + }; my $new_hashref_callback = sub { { 'plan' => 'flat' }; }; @@ -374,6 +386,8 @@ my $edit_callback = sub { $object->set($_ => $object->option($_)) foreach (qw( setup_fee recur_fee )); + $pkgpart = $object->pkgpart; + }; my $new_callback = sub { -- 2.11.0