diff options
| author | ivan <ivan> | 2007-01-22 02:42:08 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2007-01-22 02:42:08 +0000 |
| commit | 25f6e4198b75ba4299753eceaa96f35739581ed9 (patch) | |
| tree | 4f8487cf5add9a309765869ba74a7391a3ec279b /fs_selfservice/FS-SelfService | |
| parent | 05686487551e26418c9b2d6b92ea0d89bb100082 (diff) | |
accept CVV2 on self-service manual payment screen
Diffstat (limited to 'fs_selfservice/FS-SelfService')
| -rw-r--r-- | fs_selfservice/FS-SelfService/cgi/make_payment.html | 18 | ||||
| -rw-r--r-- | fs_selfservice/FS-SelfService/cgi/selfservice.cgi | 8 |
2 files changed, 25 insertions, 1 deletions
diff --git a/fs_selfservice/FS-SelfService/cgi/make_payment.html b/fs_selfservice/FS-SelfService/cgi/make_payment.html index 1bbbe90b2..64b1e00b5 100644 --- a/fs_selfservice/FS-SelfService/cgi/make_payment.html +++ b/fs_selfservice/FS-SelfService/cgi/make_payment.html @@ -1,5 +1,18 @@ <HTML><HEAD><TITLE>MyAccount</TITLE></HEAD> -<BODY BGCOLOR="#eeeeee"><FONT SIZE=5>MyAccount</FONT><BR><BR> +<BODY BGCOLOR="#eeeeee"> +<script language="JavaScript"><!-- + var mywindow = -1; + function myopen(filename,windowname,properties) { + myclose(); + mywindow = window.open(filename,windowname,properties); + } + function myclose() { + if ( mywindow != -1 ) + mywindow.close(); + mywindow = -1 + } +//--></script> +<FONT SIZE=5>MyAccount</FONT><BR><BR> <%= $url = "$selfurl?session=$session_id;action="; ''; %> <%= include('myaccount_menu') %> <TD VALIGN="top"> @@ -60,6 +73,9 @@ </TABLE> </TD> </TR><TR> + <TD ALIGN="right">CVV2 (<A HREF="javascript:myopen('cvv2.html','cvv2','toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,resizable=yes,copyhistory=no,width=480,height=288')">help</A>)</TD> + <TD><INPUT TYPE="text" NAME="paycvv" VALUE="" SIZE=4 MAXLENGTH=4></TD></TR> +</TR><TR> <TD ALIGN="right">Exact name on card</TD> <TD><INPUT TYPE="text" SIZE=32 MAXLENGTH=80 NAME="payname" VALUE="<%=$payname%>"></TD> </TR><TR> diff --git a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi index 1fc2e5f8b..975203dc8 100644 --- a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi +++ b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi @@ -238,6 +238,10 @@ sub payment_results { use Business::CreditCard; + #we should only do basic checking here for DoS attacks and things + #that couldn't be constructed by the web form... let process_payment() do + #the rest, it gives better error messages + $cgi->param('amount') =~ /^\s*(\d+(\.\d{2})?)\s*$/ or die "illegal amount"; #!!! my $amount = $1; @@ -258,6 +262,9 @@ sub payment_results { or die "not a ". $cgi->param('card_type'); } + $cgi->param('paycvv') =~ /^\s*(.{0,4})\s*$/ or die "illegal CVV2"; + my $paycvv = $1; + $cgi->param('month') =~ /^(\d{2})$/ or die "illegal month"; my $month = $1; $cgi->param('year') =~ /^(\d{4})$/ or die "illegal year"; @@ -294,6 +301,7 @@ sub payment_results { 'session_id' => $session_id, 'amount' => $amount, 'payinfo' => $payinfo, + 'paycvv' => $paycvv, 'month' => $month, 'year' => $year, 'payname' => $payname, |