projects
/
freeside.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
RT#29354: Password Security in Email [xmlhttp validation for selfservice]
[freeside.git]
/
fs_selfservice
/
FS-SelfService
/
cgi
/
selfservice.cgi
diff --git
a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
index
4199f70
..
f6f3c21
100755
(executable)
--- a/
fs_selfservice/FS-SelfService/cgi/selfservice.cgi
+++ b/
fs_selfservice/FS-SelfService/cgi/selfservice.cgi
@@
-23,6
+23,7
@@
use FS::SelfService qw(
mason_comp port_graph
start_thirdparty finish_thirdparty
reset_passwd check_reset_passwd process_reset_passwd
mason_comp port_graph
start_thirdparty finish_thirdparty
reset_passwd check_reset_passwd process_reset_passwd
+ validate_passwd
billing_history
);
billing_history
);
@@
-84,6
+85,7
@@
my @actions = ( qw(
customer_suspend_pkg
process_suspend_pkg
history
customer_suspend_pkg
process_suspend_pkg
history
+ validate_password
));
my @nologin_actions = (qw(
));
my @nologin_actions = (qw(
@@
-108,7
+110,6
@@
if ( $cgi->param('action') =~ /^process_forgot_password_session_(\w+)$/ ) {
warn "WARNING: unrecognized action '$1'\n";
}
}
warn "WARNING: unrecognized action '$1'\n";
}
}
-
unless ( $nologin_actions{$action} ) {
my %cookies = CGI::Cookie->fetch;
unless ( $nologin_actions{$action} ) {
my %cookies = CGI::Cookie->fetch;
@@
-1109,6
+1110,14
@@
sub do_process_forgot_password {
);
}
);
}
+sub validate_password {
+ validate_passwd(
+ 'session_id' => $session_id,
+ map { $_ => scalar($cgi->param($_)) }
+ qw( fieldid svcnum check_password )
+ )
+}
+
#--
sub do_template {
#--
sub do_template {