use unique tokens to prevent double-submission of payments in the web UI

(closes: Bug#320)
author: ivan <ivan> 2002-02-10 18:56:49 +0000
committer: ivan <ivan> 2002-02-10 18:56:49 +0000
commit: ddb53fcc9fc80561354b97e4e7803004990138d0 (patch)
tree: 350d10f3dd5f824cb14455172fab8e8ffe3584b5 /httemplate/edit/cust_pay.cgi
parent: b05f4d252a27eab0a6fa8212abf920c0fa24a509 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/httemplate/edit/cust_pay.cgi b/httemplate/edit/cust_pay.cgi
index 27d36eb54..f6ae7b299 100755
--- a/httemplate/edit/cust_pay.cgi
+++ b/httemplate/edit/cust_pay.cgi
@@ -32,6 +32,8 @@ if ( $cgi->param('error') ) {
 }
 my $_date = time;
 
+my $paybatch = "webui-$_date-$$-". rand() * 2**32;
+
 my $p1 = popurl(1);
 print header("Post payment", '');
 
@@ -111,11 +113,12 @@ print qq!<TR><TD ALIGN="right">Check #</TD><TD BGCOLOR="#ffffff"><INPUT TYPE="te
 
 print qq!<TR><TD ALIGN="right">Auto-apply<BR>to invoices</TD><TD><SELECT NAME="apply"><OPTION VALUE="yes" SELECTED>yes<OPTION>no</SELECT></TD>!;
 
+print "</TABLE>";
+
 #paybatch
-print qq!<INPUT TYPE="hidden" NAME="paybatch" VALUE="">!;
+print qq!<INPUT TYPE="hidden" NAME="paybatch" VALUE="$paybatch">!;
 
 print <<END;
-</TABLE>
 <BR>
 <INPUT TYPE="submit" VALUE="Post payment">
     </FORM>
author	ivan <ivan>	2002-02-10 18:56:49 +0000
committer	ivan <ivan>	2002-02-10 18:56:49 +0000
commit	ddb53fcc9fc80561354b97e4e7803004990138d0 (patch)
tree	350d10f3dd5f824cb14455172fab8e8ffe3584b5 /httemplate/edit/cust_pay.cgi
parent	b05f4d252a27eab0a6fa8212abf920c0fa24a509 (diff)