From c9c3fc4368ee9d37a45c48167d25d5cee511898b Mon Sep 17 00:00:00 2001 From: Colin Campbell Date: Fri, 26 Oct 2018 10:42:13 +0100 Subject: [PATCH] Bug 21605: Ensure EDI acct fields set to boolean val Validate the input to the fields indicating account functionality. The only valid values are 1 and 0 non-integer (or integers other than 0/1) are invalid Signed-off-by: Marcel de Rooy Signed-off-by: Martin Renvoize Signed-off-by: Nick Clemens --- admin/edi_accounts.pl | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/admin/edi_accounts.pl b/admin/edi_accounts.pl index e6f8676ee6..3eccb5320b 100755 --- a/admin/edi_accounts.pl +++ b/admin/edi_accounts.pl @@ -81,14 +81,17 @@ else { download_directory => scalar $input->param('download_directory'), san => scalar $input->param('san'), transport => scalar $input->param('transport'), - quotes_enabled => defined $input->param('quotes_enabled'), - invoices_enabled => defined $input->param('invoices_enabled'), - orders_enabled => defined $input->param('orders_enabled'), - responses_enabled => defined $input->param('responses_enabled'), - auto_orders => defined $input->param('auto_orders'), id_code_qualifier => scalar $input->param('id_code_qualifier'), plugin => scalar $input->param('plugin'), }; + # ensure all capability fields set to binary 0 or 1 + foreach my $capability + (qw( quotes_enabled invoices_enabled orders_enabled responses_enabled auto_orders)) { + $fields->{$capability} = defined $input->param($capability); + if ($fields->{$capability} != 1) { + $fields->{$capability} = 0; + } + } if ($id) { $schema->resultset('VendorEdiAccount')->search( -- 2.39.5