use CGI;
use CGI::Ajax;
use Cwd;
+use Encode;
use IO::File;
use SL::Auth;
use SL::Auth::DB;
use Template;
use URI;
use List::Util qw(first max min sum);
-use List::MoreUtils qw(any);
+use List::MoreUtils qw(any apply);
use strict;
$self->{action} = lc $self->{action};
$self->{action} =~ s/( |-|,|\#)/_/g;
- $self->{version} = "2.6.1";
+ #$self->{version} = "2.6.1"; # Old hardcoded but secure style
+ open VERSION_FILE, "VERSION"; # New but flexible code reads version from VERSION-file
+ $self->{version} = <VERSION_FILE>;
+ close VERSION_FILE;
+ $self->{version} =~ s/[^0-9A-Za-z\.\_\-]//g; # only allow numbers, letters, points, underscores and dashes. Prevents injecting of malicious code.
$main::lxdebug->leave_sub();
my ($self, $str) = @_;
+ $str = Encode::encode('utf-8-strict', $str) if $::locale->is_utf8;
$str =~ s/([^a-zA-Z0-9_.-])/sprintf("%%%02x", ord($1))/ge;
$main::lxdebug->leave_sub(2);
if (!$self->{header}) {
$self->header;
- print qq|
- <body>|;
+ print qq|<body>|;
}
print qq|
+ <p class="message_ok"><b>$msg</b></p>
- <p><b>$msg</b>
+ <script type="text/javascript">
+ <!--
+ // If JavaScript is enabled, the whole thing will be reloaded.
+ // The reason is: When one changes his menu setup (HTML / XUL / CSS ...)
+ // it now loads the correct code into the browser instead of do nothing.
+ setTimeout("top.frames.location.href='login.pl'",500);
+ //-->
+ </script>
+
+</body>
|;
} else {
</script>
| if $self->{"fokus"};
+ # if there is a title, we put some JavaScript in to the page, wich writes a
+ # meaningful title-tag for our frameset.
+ my $title_hack;
+ if ($self->{"title"}){
+ $title_hack = qq|
+ <script type="text/javascript">
+ <!--
+ // Write a meaningful title-tag for our frameset.
+ top.document.title="| . $self->{"title"} . qq| - | . $self->{"login"} . qq| - | . $::myconfig{dbname} . qq| - V| . $self->{"version"} . qq|";
+ //-->
+ </script>
+ |;
+ }
+
#Set Calendar
my $jsscript = "";
if ($self->{jsscript} == 1) {
$favicon
$jsscript
$ajax
-
$fokus
+ $title_hack
<link rel="stylesheet" href="css/jquery.autocomplete.css" type="text/css" />
<meta name="robots" content="noindex,nofollow" />
- <script type="text/javascript" src="js/highlight_input.js"></script>
<link rel="stylesheet" type="text/css" href="css/tabcontent.css" />
<script type="text/javascript" src="js/tabcontent.js">
}
if (%main::myconfig) {
- map({ $additional_params->{"myconfig_${_}"} = $main::myconfig{$_}; } keys(%main::myconfig));
- my $jsc_dateformat = $main::myconfig{"dateformat"};
- $jsc_dateformat =~ s/d+/\%d/gi;
- $jsc_dateformat =~ s/m+/\%m/gi;
- $jsc_dateformat =~ s/y+/\%Y/gi;
- $additional_params->{"myconfig_jsc_dateformat"} = $jsc_dateformat;
+ $::myconfig{jsc_dateformat} = apply {
+ s/d+/\%d/gi;
+ s/m+/\%m/gi;
+ s/y+/\%Y/gi;
+ } $::myconfig{"dateformat"};
$additional_params->{"myconfig"} ||= \%::myconfig;
+ map { $additional_params->{"myconfig_${_}"} = $main::myconfig{$_}; } keys %::myconfig;
}
$additional_params->{"conf_dbcharset"} = $main::dbcharset;
# Database routines used throughout
+sub _dbconnect_options {
+ my $self = shift;
+ my $options = { pg_enable_utf8 => $::locale->is_utf8,
+ @_ };
+
+ return $options;
+}
+
sub dbconnect {
$main::lxdebug->enter_sub(2);
my ($self, $myconfig) = @_;
# connect to database
- my $dbh =
- DBI->connect($myconfig->{dbconnect},
- $myconfig->{dbuser}, $myconfig->{dbpasswd})
+ my $dbh = DBI->connect($myconfig->{dbconnect}, $myconfig->{dbuser}, $myconfig->{dbpasswd}, $self->_dbconnect_options)
or $self->dberror;
# set db options
my ($self, $myconfig) = @_;
# connect to database
- my $dbh =
- DBI->connect($myconfig->{dbconnect}, $myconfig->{dbuser},
- $myconfig->{dbpasswd}, { AutoCommit => 0 })
+ my $dbh = DBI->connect($myconfig->{dbconnect}, $myconfig->{dbuser}, $myconfig->{dbpasswd}, $self->_dbconnect_options(AutoCommit => 0))
or $self->dberror;
# set db options
my @values;
foreach my $item (qw(name department_1 department_2 street zipcode city country
- contact phone fax email)) {
+ contact cp_gender phone fax email)) {
if ($self->{"shipto$item"}) {
$shipto = 1 if ($self->{$item} ne $self->{"shipto$item"});
}
shiptocity = ?,
shiptocountry = ?,
shiptocontact = ?,
+ shiptocp_gender = ?,
shiptophone = ?,
shiptofax = ?,
shiptoemail = ?
shiptocity = ? AND
shiptocountry = ? AND
shiptocontact = ? AND
+ shiptocp_gender = ? AND
shiptophone = ? AND
shiptofax = ? AND
shiptoemail = ? AND
$query =
qq|INSERT INTO shipto (trans_id, shiptoname, shiptodepartment_1, shiptodepartment_2,
shiptostreet, shiptozipcode, shiptocity, shiptocountry,
- shiptocontact, shiptophone, shiptofax, shiptoemail, module)
- VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)|;
+ shiptocontact, shiptocp_gender, shiptophone, shiptofax, shiptoemail, module)
+ VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)|;
do_query($self, $dbh, $query, $id, @values, $module);
}
}