fix backend recharge w/prepaid card, RT#13478

2 files changed, 10 insertions, 6 deletions

diff --git a/httemplate/misc/process/recharge_svc.html b/httemplate/misc/process/recharge_svc.html
index b56f8a282..2d49f6b06 100755
--- a/httemplate/misc/process/recharge_svc.html
+++ b/httemplate/misc/process/recharge_svc.html
@@ -22,6 +22,7 @@ $svcnum = $1;
 
 #untaint prepaid
 my $prepaid = $cgi->param('prepaid');
+$prepaid =~ s/\W//g;
 $prepaid =~ /^(\w*)$/;
 $prepaid = $1;
 
diff --git a/httemplate/misc/recharge_svc.html b/httemplate/misc/recharge_svc.html
index d8a8faad4..a1732fca5 100755
--- a/httemplate/misc/recharge_svc.html
+++ b/httemplate/misc/recharge_svc.html
@@ -18,14 +18,17 @@
     }
   }
 </SCRIPT>
-<TR>
-  <TD><INPUT TYPE="radio" NAME="payby" onchange="toggle_prep(this)" VALUE="PREP" <% $payby eq "PREP" ? 'checked' : '' %> <% $recharge_label ? '' : 'disabled' %>></TD>
-  <TD>Prepaid Card</TD>
 % if ($recharge_label) {
-  <TD><INPUT TYPE="radio" NAME="payby" onchange="toggle_prep(this)" VALUE="<% $cust_svc->cust_pkg->cust_main->payby %>" <% $payby eq "PREP" ? '' : 'checked' %>></TD>
-  <TD><% $recharge_label %></TD>
+    <TR>
+      <TD><INPUT TYPE="radio" NAME="payby" onchange="toggle_prep(this)" VALUE="PREP" <% $payby eq "PREP" ? 'checked' : '' %>></TD>
+      <TD>Prepaid Card</TD>
+      <TD><INPUT TYPE="radio" NAME="payby" onchange="toggle_prep(this)" VALUE="<% $cust_svc->cust_pkg->cust_main->payby %>" <% $payby eq "PREP" ? '' : 'checked' %>></TD>
+      <TD><% $recharge_label %></TD>
+    </TR>
+% } else {
+%   $payby = 'PREP';
+    <INPUT TYPE="hidden" NAME="payby" VALUE="PREP">
 % }
-</TR>
 <TR>
   <TD>Enter prepaid card: </TD>
   <TD><INPUT TYPE="text" NAME="prepaid" VALUE="<% $prepaid |h %>" <% $payby eq "PREP" ? '' : 'disabled' %>></TD>