diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2014-09-06 14:35:53 -0700 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2014-09-06 14:35:53 -0700 |
| commit | c51bb6288f574d5b71424880c2bae262564de8a5 (patch) | |
| tree | 5aee3cb900b3e1f00d48c6adb07466dea4a829fd /fs_selfservice/FS-SelfService | |
| parent | 54c7d50f5c0da30367315ec3a169c03a5d6eedc1 (diff) | |
double process / back button protection for self-service payments, RT#29168
Diffstat (limited to 'fs_selfservice/FS-SelfService')
| -rw-r--r-- | fs_selfservice/FS-SelfService/cgi/make_payment.html | 2 | ||||
| -rwxr-xr-x | fs_selfservice/FS-SelfService/cgi/selfservice.cgi | 6 |
2 files changed, 6 insertions, 2 deletions
diff --git a/fs_selfservice/FS-SelfService/cgi/make_payment.html b/fs_selfservice/FS-SelfService/cgi/make_payment.html index 915714cc3..5f5bc1c8e 100644 --- a/fs_selfservice/FS-SelfService/cgi/make_payment.html +++ b/fs_selfservice/FS-SelfService/cgi/make_payment.html @@ -41,7 +41,7 @@ </TR> </TABLE> <BR> -<INPUT TYPE="hidden" NAME="paybatch" VALUE="<%=$paybatch%>"> +<INPUT TYPE="hidden" NAME="payunique" VALUE="<%=$payunique%>"> <INPUT TYPE="submit" NAME="process" VALUE="Process payment"> <!-- onClick="this.disabled=true"> --> </FORM> diff --git a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi index 71af4eb11..2b4bb4302 100755 --- a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi +++ b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi @@ -627,7 +627,10 @@ sub payment_results { my $auto = 0; $auto = 1 if $cgi->param('auto'); - $cgi->param('paybatch') =~ /^([\w\-\.]+)$/ or die "illegal paybatch"; + $cgi->param('payunique') =~ /^([\w\-\.]*)$/ or die "illegal payunique"; + my $payunique = $1; + + $cgi->param('paybatch') =~ /^([\w\-\.]*)$/ or die "illegal paybatch"; my $paybatch = $1; $cgi->param('discount_term') =~ /^(\d*)$/ or die "illegal discount_term"; @@ -651,6 +654,7 @@ sub payment_results { 'country' => $country, 'save' => $save, 'auto' => $auto, + 'payunique' => $payunique, 'paybatch' => $paybatch, 'discount_term' => $discount_term, ); |