diff options
| author | Mitch Jackson <mitch@freeside.biz> | 2018-08-26 17:07:46 -0400 |
|---|---|---|
| committer | Mitch Jackson <mitch@freeside.biz> | 2018-09-07 17:17:17 -0400 |
| commit | 3b236eac5f7926f18623f6b9dc7c6f0d350ab61c (patch) | |
| tree | c8083bea8b6fbf86df35756102a4e3e4c8b856d0 /httemplate/misc/process/payment.cgi | |
| parent | 6686819fd4feebda67a069e2ba456ea1f53bea64 (diff) | |
RT# 80869 Harden process payment screen against Edge browser bug
Diffstat (limited to 'httemplate/misc/process/payment.cgi')
| -rw-r--r-- | httemplate/misc/process/payment.cgi | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/httemplate/misc/process/payment.cgi b/httemplate/misc/process/payment.cgi index 9458217c1..5f945a71a 100644 --- a/httemplate/misc/process/payment.cgi +++ b/httemplate/misc/process/payment.cgi @@ -42,11 +42,11 @@ if ( $cgi->param('fee') =~ /^\s*(\d*(\.\d\d)?)\s*$/ ) { $amount = sprintf('%.2f', $amount + $fee); } -$cgi->param('year') =~ /^(\d+)$/ +$cgi->param('year') =~ /^(\d{4})/ or errorpage("illegal year ". $cgi->param('year')); my $year = $1; -$cgi->param('month') =~ /^(\d+)$/ +$cgi->param('month') =~ /^(\d{2})/ or errorpage("illegal month ". $cgi->param('month')); my $month = $1; |